Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/mate-netbook-1.24.0/mate-window-picker-applet/applet.c Examining data/mate-netbook-1.24.0/mate-window-picker-applet/task-item.c Examining data/mate-netbook-1.24.0/mate-window-picker-applet/task-item.h Examining data/mate-netbook-1.24.0/mate-window-picker-applet/task-list.c Examining data/mate-netbook-1.24.0/mate-window-picker-applet/task-list.h Examining data/mate-netbook-1.24.0/mate-window-picker-applet/task-title.c Examining data/mate-netbook-1.24.0/mate-window-picker-applet/task-title.h Examining data/mate-netbook-1.24.0/maximus/eggaccelerators.c Examining data/mate-netbook-1.24.0/maximus/eggaccelerators.h Examining data/mate-netbook-1.24.0/maximus/main.c Examining data/mate-netbook-1.24.0/maximus/maximus-app.c Examining data/mate-netbook-1.24.0/maximus/maximus-app.h Examining data/mate-netbook-1.24.0/maximus/maximus-bind.c Examining data/mate-netbook-1.24.0/maximus/maximus-bind.h Examining data/mate-netbook-1.24.0/maximus/tomboykeybinder.c Examining data/mate-netbook-1.24.0/maximus/tomboykeybinder.h Examining data/mate-netbook-1.24.0/maximus/xutils.c Examining data/mate-netbook-1.24.0/maximus/xutils.h FINAL RESULTS: data/mate-netbook-1.24.0/maximus/eggaccelerators.c:403:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (accelerator + l, text_release); data/mate-netbook-1.24.0/maximus/eggaccelerators.c:408:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (accelerator + l, text_shift); data/mate-netbook-1.24.0/maximus/eggaccelerators.c:413:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (accelerator + l, text_control); data/mate-netbook-1.24.0/maximus/eggaccelerators.c:418:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (accelerator + l, text_mod1); data/mate-netbook-1.24.0/maximus/eggaccelerators.c:423:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (accelerator + l, text_mod2); data/mate-netbook-1.24.0/maximus/eggaccelerators.c:428:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (accelerator + l, text_mod3); data/mate-netbook-1.24.0/maximus/eggaccelerators.c:433:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (accelerator + l, text_mod4); data/mate-netbook-1.24.0/maximus/eggaccelerators.c:438:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (accelerator + l, text_mod5); data/mate-netbook-1.24.0/maximus/eggaccelerators.c:443:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (accelerator + l, text_meta); data/mate-netbook-1.24.0/maximus/eggaccelerators.c:448:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (accelerator + l, text_hyper); data/mate-netbook-1.24.0/maximus/eggaccelerators.c:453:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (accelerator + l, text_super); data/mate-netbook-1.24.0/maximus/eggaccelerators.c:457:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (accelerator + l, keyval_name); data/mate-netbook-1.24.0/maximus/eggaccelerators.c:223:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (accelerator); data/mate-netbook-1.24.0/maximus/eggaccelerators.c:395:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l += strlen (keyval_name); data/mate-netbook-1.24.0/maximus/maximus-bind.c:311:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!binding || strlen (binding) < 1 || strcmp (binding, "disabled") == 0) ANALYSIS SUMMARY: Hits = 15 Lines analyzed = 4829 in approximately 0.12 seconds (40822 lines/second) Physical Source Lines of Code (SLOC) = 3485 Hits@level = [0] 0 [1] 3 [2] 0 [3] 0 [4] 12 [5] 0 Hits@level+ = [0+] 15 [1+] 15 [2+] 12 [3+] 12 [4+] 12 [5+] 0 Hits/KSLOC@level+ = [0+] 4.30416 [1+] 4.30416 [2+] 3.44333 [3+] 3.44333 [4+] 3.44333 [5+] 0 Dot directories skipped = 3 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.