Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/lablgtk3-3.1.1+official/src/ml_gtkassistant.c
Examining data/lablgtk3-3.1.1+official/src/ml_pango.c
Examining data/lablgtk3-3.1.1+official/src/ml_gtkaction.c
Examining data/lablgtk3-3.1.1+official/src/ml_gtktree.c
Examining data/lablgtk3-3.1.1+official/src/ml_glib.c
Examining data/lablgtk3-3.1.1+official/src/ml_gtkmisc.c
Examining data/lablgtk3-3.1.1+official/src/ml_gtkfile.c
Examining data/lablgtk3-3.1.1+official/src/ml_gobject.c
Examining data/lablgtk3-3.1.1+official/src/ml_gdk.h
Examining data/lablgtk3-3.1.1+official/src/gdkprivate-win32.h
Examining data/lablgtk3-3.1.1+official/src/wrappers.h
Examining data/lablgtk3-3.1.1+official/src/ml_gtk.h
Examining data/lablgtk3-3.1.1+official/src/ml_gtkstock.c
Examining data/lablgtk3-3.1.1+official/src/ml_gtk.c
Examining data/lablgtk3-3.1.1+official/src/ml_gdkpixbuf.c
Examining data/lablgtk3-3.1.1+official/src/ml_gtkmenu.c
Examining data/lablgtk3-3.1.1+official/src/ml_gpointer.c
Examining data/lablgtk3-3.1.1+official/src/wrappers.c
Examining data/lablgtk3-3.1.1+official/src/ml_gtkbutton.c
Examining data/lablgtk3-3.1.1+official/src/ml_gtktext.c
Examining data/lablgtk3-3.1.1+official/src/ml_gobject.h
Examining data/lablgtk3-3.1.1+official/src/win32.h
Examining data/lablgtk3-3.1.1+official/src/ml_glib.h
Examining data/lablgtk3-3.1.1+official/src/ml_gtktree.h
Examining data/lablgtk3-3.1.1+official/src/ml_gpointer.h
Examining data/lablgtk3-3.1.1+official/src/ml_pango.h
Examining data/lablgtk3-3.1.1+official/src/ml_gvaluecaml.c
Examining data/lablgtk3-3.1.1+official/src/ml_gtkpack.c
Examining data/lablgtk3-3.1.1+official/src/ml_gvaluecaml.h
Examining data/lablgtk3-3.1.1+official/src/ml_gtkedit.c
Examining data/lablgtk3-3.1.1+official/src/cairo_pango_stubs.c
Examining data/lablgtk3-3.1.1+official/src/ml_gdkpixbuf.h
Examining data/lablgtk3-3.1.1+official/src/ml_gdk.c
Examining data/lablgtk3-3.1.1+official/src/ml_gtkbuilder.c
Examining data/lablgtk3-3.1.1+official/src/ml_gtkbin.c
Examining data/lablgtk3-3.1.1+official/src/ml_gtkrange.c
Examining data/lablgtk3-3.1.1+official/src/ml_gtktext.h
Examining data/lablgtk3-3.1.1+official/src-gtkspell3/ml_gtkspell.c
Examining data/lablgtk3-3.1.1+official/tools/introspection/stubs/ml_stubs_Gdk.c
Examining data/lablgtk3-3.1.1+official/tools/introspection/stubs/ml_stubs_Pango.c
Examining data/lablgtk3-3.1.1+official/tools/introspection/stubs/ml_stubs_Gio.c
Examining data/lablgtk3-3.1.1+official/tools/introspection/stubs/ml_stubs_GdkPixbuf.c
Examining data/lablgtk3-3.1.1+official/tools/introspection/stubs/ml_stubs_GObject.c
Examining data/lablgtk3-3.1.1+official/tools/introspection/stubs/ml_stubs_GModule.c
Examining data/lablgtk3-3.1.1+official/tools/introspection/stubs/ml_stubs_cairo.c
Examining data/lablgtk3-3.1.1+official/tools/introspection/stubs/ml_stubs_Atk.c
Examining data/lablgtk3-3.1.1+official/tools/introspection/stubs/ml_stubs_GLib.c
Examining data/lablgtk3-3.1.1+official/tools/introspection/stubs/ml_stubs_Gtk.c
Examining data/lablgtk3-3.1.1+official/tools/introspection/wrappers.h
Examining data/lablgtk3-3.1.1+official/tools/introspection/ml_gobject.h
Examining data/lablgtk3-3.1.1+official/src-unsupported/ml_gtkbroken.c
Examining data/lablgtk3-3.1.1+official/src-unsupported/ml_gtklist.c
Examining data/lablgtk3-3.1.1+official/src-unsupported/ml_rsvg.c
Examining data/lablgtk3-3.1.1+official/src-unsupported/ml_gtknew.c
Examining data/lablgtk3-3.1.1+official/src-unsupported/ml_panel.c
Examining data/lablgtk3-3.1.1+official/src-unsupported/ml_gnomedruid.c
Examining data/lablgtk3-3.1.1+official/src-unsupported/ml_gtkxmhtml.c
Examining data/lablgtk3-3.1.1+official/src-unsupported/ml_gtkgl.c
Examining data/lablgtk3-3.1.1+official/src-unsupported/ml_domain.h
Examining data/lablgtk3-3.1.1+official/src-unsupported/ml_gnomecanvas.c
Examining data/lablgtk3-3.1.1+official/src-sourceview3/ml_gtksourceview3.c
FINAL RESULTS:
data/lablgtk3-3.1.1+official/src/ml_gtktree.c:955:82: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define PATH_STRING(path) (buf1 = (path) ? gtk_tree_path_to_string(path) : "[]", strcpy(buf2,buf1), (path) ? g_free(buf1) : 0, buf2)
data/lablgtk3-3.1.1+official/src/ml_gtktree.c:956:21: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define debug_print printf
data/lablgtk3-3.1.1+official/src-sourceview3/ml_gtksourceview3.c:809:59: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
n = g_strdup_printf ("%s_%u_%u", name, d, g_random_int());
data/lablgtk3-3.1.1+official/src/ml_glib.c:610:19: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
const char *s = g_get_home_dir();
data/lablgtk3-3.1.1+official/src/ml_glib.c:613:7: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
ML_0 (g_get_tmp_dir, copy_string)
data/lablgtk3-3.1.1+official/src/ml_gtktree.c:1111:29: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
custom_model->stamp = g_random_int ();
data/lablgtk3-3.1.1+official/tools/introspection/stubs/ml_stubs_GLib.c:1917:6: [3] (random) g_rand_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ML_3(g_rand_int_range,GRand_val, Int32_val, Int32_val, Val_int32)
data/lablgtk3-3.1.1+official/tools/introspection/stubs/ml_stubs_GLib.c:1918:6: [3] (random) g_rand_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ML_1(g_rand_int,GRand_val, Val_int32)
data/lablgtk3-3.1.1+official/tools/introspection/stubs/ml_stubs_GLib.c:1920:6: [3] (random) g_rand_double_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ML_3(g_rand_double_range,GRand_val, Double_val, Double_val, Val_double)
data/lablgtk3-3.1.1+official/tools/introspection/stubs/ml_stubs_GLib.c:1921:6: [3] (random) g_rand_double:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ML_1(g_rand_double,GRand_val, Val_double)
data/lablgtk3-3.1.1+official/tools/introspection/stubs/ml_stubs_GLib.c:2407:6: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ML_2(g_random_int_range,Int32_val, Int32_val, Val_int32)
data/lablgtk3-3.1.1+official/tools/introspection/stubs/ml_stubs_GLib.c:2408:6: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ML_0(g_random_int,Val_int32)
data/lablgtk3-3.1.1+official/tools/introspection/stubs/ml_stubs_GLib.c:2409:6: [3] (random) g_random_double_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ML_2(g_random_double_range,Double_val, Double_val, Val_double)
data/lablgtk3-3.1.1+official/tools/introspection/stubs/ml_stubs_GLib.c:2410:6: [3] (random) g_random_double:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ML_0(g_random_double,Val_double)
data/lablgtk3-3.1.1+official/tools/introspection/stubs/ml_stubs_GLib.c:2502:6: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
ML_0(g_get_tmp_dir,Val_string)
data/lablgtk3-3.1.1+official/tools/introspection/stubs/ml_stubs_GLib.c:2508:6: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
ML_0(g_get_home_dir,Val_string)
data/lablgtk3-3.1.1+official/src-unsupported/ml_gnomecanvas.c:153:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Bp_val(v), coords, sizeof coords);
data/lablgtk3-3.1.1+official/src-unsupported/ml_gnomecanvas.c:230:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Bp_val(arr), item->xform, len * sizeof (double));
data/lablgtk3-3.1.1+official/src-unsupported/ml_gnomecanvas.c:264:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(coords, Bp_val(a), sizeof coords);
data/lablgtk3-3.1.1+official/src-unsupported/ml_gnomecanvas.c:275:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(coords, Bp_val(a), sizeof coords);
data/lablgtk3-3.1.1+official/src-unsupported/ml_gnomecanvas.c:339:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Bp_val(v), coords, sizeof coords);
data/lablgtk3-3.1.1+official/src-unsupported/ml_gnomecanvas.c:349:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Bp_val(v), coords, sizeof coords);
data/lablgtk3-3.1.1+official/src-unsupported/ml_gnomecanvas.c:383:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->coords, Bp_val(arr), Bosize_val(arr));
data/lablgtk3-3.1.1+official/src-unsupported/ml_gnomecanvas.c:390:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Bp_val(ret), p->coords, p->num_points * 2 * sizeof(double));
data/lablgtk3-3.1.1+official/src-unsupported/ml_gnomecanvas.c:404:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->dash, Bp_val(dash), Bosize_val(dash));
data/lablgtk3-3.1.1+official/src-unsupported/ml_gnomecanvas.c:413:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Bp_val(dashes), d->dash, d->n_dash * sizeof (double));
data/lablgtk3-3.1.1+official/src-unsupported/ml_panel.c:186:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prog_name, *argv[ argc ];
data/lablgtk3-3.1.1+official/src/ml_gdk.c:395:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (Bytes_val(data), xdata, sizeof(char) * nitems);
data/lablgtk3-3.1.1+official/src/ml_gdkpixbuf.c:306:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (Bytes_val(s), buf, count);
data/lablgtk3-3.1.1+official/src/ml_glib.c:466:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (Bytes_val(v), str, len);
data/lablgtk3-3.1.1+official/src/ml_gpointer.c:54:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((char*)ret, start, length);
data/lablgtk3-3.1.1+official/src/ml_gpointer.c:109:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (base2, base1, RegLength_val(region1));
data/lablgtk3-3.1.1+official/src/ml_gtk.c:508:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (length) memcpy ((void*)ret, data, length);
data/lablgtk3-3.1.1+official/src/ml_gtktree.c:949:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[1000];
data/lablgtk3-3.1.1+official/src/wrappers.c:42:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((value *) ret + 2, src, size);
data/lablgtk3-3.1.1+official/src/ml_glib.c:369:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gsize read;
data/lablgtk3-3.1.1+official/src/ml_glib.c:373:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
&read)) {
data/lablgtk3-3.1.1+official/src/ml_glib.c:375:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return Val_int( read );
data/lablgtk3-3.1.1+official/src/ml_glib.c:389:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gsize read;
data/lablgtk3-3.1.1+official/src/ml_glib.c:395:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
&read,
data/lablgtk3-3.1.1+official/src/ml_glib.c:400:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return Val_int( read );
data/lablgtk3-3.1.1+official/src/ml_gpointer.c:52:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = Option_val(len, Int_val, strlen(start));
ANALYSIS SUMMARY:
Hits = 42
Lines analyzed = 35649 in approximately 2.04 seconds (17438 lines/second)
Physical Source Lines of Code (SLOC) = 21927
Hits@level = [0] 3 [1] 7 [2] 19 [3] 14 [4] 2 [5] 0
Hits@level+ = [0+] 45 [1+] 42 [2+] 35 [3+] 16 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 2.05226 [1+] 1.91545 [2+] 1.59621 [3+] 0.729694 [4+] 0.0912117 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.