Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libxfce4ui-4.14.1/glade/libxfce4ui-glade.c
Examining data/libxfce4ui-4.14.1/xfce4-about/contributors.h
Examining data/libxfce4ui-4.14.1/xfce4-about/about-dialog-ui.h
Examining data/libxfce4ui-4.14.1/xfce4-about/main.c
Examining data/libxfce4ui-4.14.1/xfce4-about/translators.h
Examining data/libxfce4ui-4.14.1/libxfce4ui/xfce-spawn.h
Examining data/libxfce4ui-4.14.1/libxfce4ui/libxfce4ui-marshal.h
Examining data/libxfce4ui-4.14.1/libxfce4ui/xfce-spawn.c
Examining data/libxfce4ui-4.14.1/libxfce4ui/libxfce4ui-aliasdef.c
Examining data/libxfce4ui-4.14.1/libxfce4ui/xfce-dialogs.c
Examining data/libxfce4ui-4.14.1/libxfce4ui/xfce-sm-client.h
Examining data/libxfce4ui-4.14.1/libxfce4ui/xfce-heading.c
Examining data/libxfce4ui-4.14.1/libxfce4ui/libxfce4ui-resources.h
Examining data/libxfce4ui-4.14.1/libxfce4ui/xfce-gtk-extensions.c
Examining data/libxfce4ui-4.14.1/libxfce4ui/xfce-titled-dialog.h
Examining data/libxfce4ui-4.14.1/libxfce4ui/xfce-titled-dialog.c
Examining data/libxfce4ui-4.14.1/libxfce4ui/xfce-gdk-extensions.c
Examining data/libxfce4ui-4.14.1/libxfce4ui/xfce-dialogs.h
Examining data/libxfce4ui-4.14.1/libxfce4ui/libxfce4ui-alias.h
Examining data/libxfce4ui-4.14.1/libxfce4ui/xfce-heading.h
Examining data/libxfce4ui-4.14.1/libxfce4ui/xfce-gdk-extensions.h
Examining data/libxfce4ui-4.14.1/libxfce4ui/xfce-sm-client.c
Examining data/libxfce4ui-4.14.1/libxfce4ui/libxfce4ui-enum-types.h
Examining data/libxfce4ui-4.14.1/libxfce4ui/libxfce4ui-enum-types.c
Examining data/libxfce4ui-4.14.1/libxfce4ui/libxfce4ui-config.c
Examining data/libxfce4ui-4.14.1/libxfce4ui/libxfce4ui-marshal.c
Examining data/libxfce4ui-4.14.1/libxfce4ui/libxfce4ui.h
Examining data/libxfce4ui-4.14.1/libxfce4ui/xfce-gtk-extensions.h
Examining data/libxfce4ui-4.14.1/libxfce4ui/libxfce4ui-config.h
Examining data/libxfce4ui-4.14.1/libxfce4ui/libxfce4ui-resources.c
Examining data/libxfce4ui-4.14.1/libxfce4ui/libxfce4ui-private.h
Examining data/libxfce4ui-4.14.1/tests/test-ui.c
Examining data/libxfce4ui-4.14.1/libxfce4kbd-private/xfce-shortcuts-grabber.c
Examining data/libxfce4ui-4.14.1/libxfce4kbd-private/xfce-shortcut-dialog.c
Examining data/libxfce4ui-4.14.1/libxfce4kbd-private/xfce-shortcuts-xfwm4.h
Examining data/libxfce4ui-4.14.1/libxfce4kbd-private/xfce-shortcuts-provider.c
Examining data/libxfce4ui-4.14.1/libxfce4kbd-private/xfce-shortcuts.h
Examining data/libxfce4ui-4.14.1/libxfce4kbd-private/xfce-shortcuts-grabber.h
Examining data/libxfce4ui-4.14.1/libxfce4kbd-private/xfce-shortcut-dialog.h
Examining data/libxfce4ui-4.14.1/libxfce4kbd-private/xfce-shortcuts-xfwm4.c
Examining data/libxfce4ui-4.14.1/libxfce4kbd-private/xfce-shortcuts-marshal.c
Examining data/libxfce4ui-4.14.1/libxfce4kbd-private/xfce-shortcuts-provider.h
Examining data/libxfce4ui-4.14.1/libxfce4kbd-private/xfce-shortcuts.c
Examining data/libxfce4ui-4.14.1/libxfce4kbd-private/xfce-shortcuts-marshal.h
FINAL RESULTS:
data/libxfce4ui-4.14.1/libxfce4ui/xfce-sm-client.c:1563:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256] = "";
data/libxfce4ui-4.14.1/libxfce4ui/xfce-sm-client.c:1569:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pid[32];
data/libxfce4ui-4.14.1/libxfce4kbd-private/xfce-shortcuts-provider.c:305:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shortcut = property + strlen (provider->priv->custom_base_property) + strlen ("/");
data/libxfce4ui-4.14.1/libxfce4kbd-private/xfce-shortcuts-provider.c:305:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shortcut = property + strlen (provider->priv->custom_base_property) + strlen ("/");
data/libxfce4ui-4.14.1/libxfce4kbd-private/xfce-shortcuts-provider.c:415:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shortcut = property + strlen (provider->priv->default_base_property) + strlen ("/");
data/libxfce4ui-4.14.1/libxfce4kbd-private/xfce-shortcuts-provider.c:415:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shortcut = property + strlen (provider->priv->default_base_property) + strlen ("/");
data/libxfce4ui-4.14.1/libxfce4kbd-private/xfce-shortcuts-provider.c:481:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shortcut = property + strlen (context->provider->priv->custom_base_property) + strlen ("/");
data/libxfce4ui-4.14.1/libxfce4kbd-private/xfce-shortcuts-provider.c:481:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shortcut = property + strlen (context->provider->priv->custom_base_property) + strlen ("/");
data/libxfce4ui-4.14.1/libxfce4kbd-private/xfce-shortcuts-provider.c:609:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
replaced = g_string_sized_new (strlen (shortcut));
data/libxfce4ui-4.14.1/libxfce4ui/libxfce4ui-resources.c:531:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/libxfce4ui-4.14.1/libxfce4ui/libxfce4ui-resources.c:539:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/libxfce4ui-4.14.1/libxfce4ui/libxfce4ui-resources.c:551:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/libxfce4ui-4.14.1/libxfce4ui/libxfce4ui-resources.c:558:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/libxfce4ui-4.14.1/libxfce4ui/xfce-gtk-extensions.c:79:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (stock_id != NULL && strlen(stock_id) > 0)
data/libxfce4ui-4.14.1/libxfce4ui/xfce-heading.c:452:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
title_length = strlen (heading->title);
data/libxfce4ui-4.14.1/libxfce4ui/xfce-sm-client.c:689:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strncmp(argv[i], SM_ID_ARG, strlen(SM_ID_ARG))) {
data/libxfce4ui-4.14.1/libxfce4ui/xfce-sm-client.c:690:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(argv[i][strlen(SM_ID_ARG)] == '=')
data/libxfce4ui-4.14.1/libxfce4ui/xfce-sm-client.c:691:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
client_id = &(argv[i][strlen(SM_ID_ARG)+1]);
data/libxfce4ui-4.14.1/libxfce4ui/xfce-sm-client.c:694:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if(!strncmp(argv[i], DPY_ARG, strlen(DPY_ARG))) {
data/libxfce4ui-4.14.1/libxfce4ui/xfce-sm-client.c:696:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(argv[i][strlen(DPY_ARG)] != '=')
data/libxfce4ui-4.14.1/libxfce4ui/xfce-sm-client.c:1269:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& !strncmp(command[argc], SM_ID_ARG, strlen(SM_ID_ARG)))
data/libxfce4ui-4.14.1/libxfce4ui/xfce-sm-client.c:1275:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(command[argc][strlen(SM_ID_ARG)] == '=')
data/libxfce4ui-4.14.1/libxfce4ui/xfce-sm-client.c:1276:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur_client_id = &(command[argc][strlen(SM_ID_ARG)+1]);
data/libxfce4ui-4.14.1/libxfce4ui/xfce-sm-client.c:1305:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& !strncmp(*command, SM_ID_ARG, strlen(SM_ID_ARG)))
data/libxfce4ui-4.14.1/libxfce4ui/xfce-sm-client.c:1307:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((*command)[strlen(SM_ID_ARG)] != '=' && *(command+1)) {
data/libxfce4ui-4.14.1/libxfce4ui/xfce-sm-client.c:1312:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vals[i].length = strlen(*command);
data/libxfce4ui-4.14.1/libxfce4ui/xfce-sm-client.c:1319:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vals[i].length = strlen(SM_ID_ARG);
data/libxfce4ui-4.14.1/libxfce4ui/xfce-sm-client.c:1321:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vals[i].length = strlen(sm_client->client_id);
data/libxfce4ui-4.14.1/libxfce4ui/xfce-sm-client.c:1644:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prop1val.length = strlen(prop1val.value);
data/libxfce4ui-4.14.1/libxfce4ui/xfce-sm-client.c:1652:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prop2val.length = strlen(prop2val.value);
data/libxfce4ui-4.14.1/libxfce4ui/xfce-sm-client.c:1669:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prop4val.length = strlen(prop4val.value);
data/libxfce4ui-4.14.1/libxfce4ui/xfce-sm-client.c:1677:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prop5val.length = strlen(prop5val.value);
data/libxfce4ui-4.14.1/libxfce4ui/xfce-sm-client.c:1694:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prop7val.length = strlen(sm_client->desktop_file);
data/libxfce4ui-4.14.1/libxfce4ui/xfce-sm-client.c:1899:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
propval.length = strlen(sm_client->desktop_file);
data/libxfce4ui-4.14.1/libxfce4ui/xfce-sm-client.c:2059:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
propval.length = strlen(propval.value);
ANALYSIS SUMMARY:
Hits = 35
Lines analyzed = 12603 in approximately 0.44 seconds (28535 lines/second)
Physical Source Lines of Code (SLOC) = 8450
Hits@level = [0] 0 [1] 33 [2] 2 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 35 [1+] 35 [2+] 2 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 4.14201 [1+] 4.14201 [2+] 0.236686 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.