Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/nautilus-3.38.1/data/lineup-parameters.c
Examining data/nautilus-3.38.1/eel/check-program.c
Examining data/nautilus-3.38.1/eel/eel-art-extensions.c
Examining data/nautilus-3.38.1/eel/eel-art-extensions.h
Examining data/nautilus-3.38.1/eel/eel-canvas.c
Examining data/nautilus-3.38.1/eel/eel-canvas.h
Examining data/nautilus-3.38.1/eel/eel-debug.c
Examining data/nautilus-3.38.1/eel/eel-debug.h
Examining data/nautilus-3.38.1/eel/eel-glib-extensions.h
Examining data/nautilus-3.38.1/eel/eel-graphic-effects.c
Examining data/nautilus-3.38.1/eel/eel-graphic-effects.h
Examining data/nautilus-3.38.1/eel/eel-gtk-extensions.c
Examining data/nautilus-3.38.1/eel/eel-gtk-extensions.h
Examining data/nautilus-3.38.1/eel/eel-lib-self-check-functions.c
Examining data/nautilus-3.38.1/eel/eel-lib-self-check-functions.h
Examining data/nautilus-3.38.1/eel/eel-self-checks.c
Examining data/nautilus-3.38.1/eel/eel-self-checks.h
Examining data/nautilus-3.38.1/eel/eel-stock-dialogs.c
Examining data/nautilus-3.38.1/eel/eel-stock-dialogs.h
Examining data/nautilus-3.38.1/eel/eel-string.c
Examining data/nautilus-3.38.1/eel/eel-string.h
Examining data/nautilus-3.38.1/eel/eel-vfs-extensions.c
Examining data/nautilus-3.38.1/eel/eel-vfs-extensions.h
Examining data/nautilus-3.38.1/eel/eel.h
Examining data/nautilus-3.38.1/extensions/audio-video-properties/bacon-video-widget-properties.c
Examining data/nautilus-3.38.1/extensions/audio-video-properties/bacon-video-widget-properties.h
Examining data/nautilus-3.38.1/extensions/audio-video-properties/test-properties-page.c
Examining data/nautilus-3.38.1/extensions/audio-video-properties/totem-gst-helpers.c
Examining data/nautilus-3.38.1/extensions/audio-video-properties/totem-gst-helpers.h
Examining data/nautilus-3.38.1/extensions/audio-video-properties/totem-mime-types.h
Examining data/nautilus-3.38.1/extensions/audio-video-properties/totem-properties-main.c
Examining data/nautilus-3.38.1/extensions/audio-video-properties/totem-properties-view.c
Examining data/nautilus-3.38.1/extensions/audio-video-properties/totem-properties-view.h
Examining data/nautilus-3.38.1/extensions/image-properties/nautilus-image-properties-module.c
Examining data/nautilus-3.38.1/extensions/image-properties/nautilus-image-properties-page-provider.c
Examining data/nautilus-3.38.1/extensions/image-properties/nautilus-image-properties-page-provider.h
Examining data/nautilus-3.38.1/extensions/image-properties/nautilus-image-properties-page.c
Examining data/nautilus-3.38.1/extensions/image-properties/nautilus-image-properties-page.h
Examining data/nautilus-3.38.1/extensions/sendto/nautilus-nste.c
Examining data/nautilus-3.38.1/extensions/sendto/nautilus-nste.h
Examining data/nautilus-3.38.1/extensions/sendto/nautilus-sendto-module.c
Examining data/nautilus-3.38.1/libnautilus-extension/nautilus-column-provider.c
Examining data/nautilus-3.38.1/libnautilus-extension/nautilus-column-provider.h
Examining data/nautilus-3.38.1/libnautilus-extension/nautilus-column.c
Examining data/nautilus-3.38.1/libnautilus-extension/nautilus-column.h
Examining data/nautilus-3.38.1/libnautilus-extension/nautilus-extension-private.h
Examining data/nautilus-3.38.1/libnautilus-extension/nautilus-extension-types.h
Examining data/nautilus-3.38.1/libnautilus-extension/nautilus-extension.h
Examining data/nautilus-3.38.1/libnautilus-extension/nautilus-file-info.c
Examining data/nautilus-3.38.1/libnautilus-extension/nautilus-file-info.h
Examining data/nautilus-3.38.1/libnautilus-extension/nautilus-info-provider.c
Examining data/nautilus-3.38.1/libnautilus-extension/nautilus-info-provider.h
Examining data/nautilus-3.38.1/libnautilus-extension/nautilus-location-widget-provider.c
Examining data/nautilus-3.38.1/libnautilus-extension/nautilus-location-widget-provider.h
Examining data/nautilus-3.38.1/libnautilus-extension/nautilus-menu-item.c
Examining data/nautilus-3.38.1/libnautilus-extension/nautilus-menu-item.h
Examining data/nautilus-3.38.1/libnautilus-extension/nautilus-menu-provider.c
Examining data/nautilus-3.38.1/libnautilus-extension/nautilus-menu-provider.h
Examining data/nautilus-3.38.1/libnautilus-extension/nautilus-menu.c
Examining data/nautilus-3.38.1/libnautilus-extension/nautilus-menu.h
Examining data/nautilus-3.38.1/libnautilus-extension/nautilus-property-page-provider.c
Examining data/nautilus-3.38.1/libnautilus-extension/nautilus-property-page-provider.h
Examining data/nautilus-3.38.1/libnautilus-extension/nautilus-property-page.c
Examining data/nautilus-3.38.1/libnautilus-extension/nautilus-property-page.h
Examining data/nautilus-3.38.1/src/animation/egg-animation.c
Examining data/nautilus-3.38.1/src/animation/egg-animation.h
Examining data/nautilus-3.38.1/src/animation/egg-frame-source.c
Examining data/nautilus-3.38.1/src/animation/egg-frame-source.h
Examining data/nautilus-3.38.1/src/animation/ide-box-theatric.c
Examining data/nautilus-3.38.1/src/animation/ide-box-theatric.h
Examining data/nautilus-3.38.1/src/animation/ide-cairo.c
Examining data/nautilus-3.38.1/src/animation/ide-cairo.h
Examining data/nautilus-3.38.1/src/gtk/nautilusgtkplacesview.c
Examining data/nautilus-3.38.1/src/gtk/nautilusgtkplacesviewprivate.h
Examining data/nautilus-3.38.1/src/gtk/nautilusgtkplacesviewrow.c
Examining data/nautilus-3.38.1/src/gtk/nautilusgtkplacesviewrowprivate.h
Examining data/nautilus-3.38.1/src/nautilus-application.h
Examining data/nautilus-3.38.1/src/nautilus-autorun-software.c
Examining data/nautilus-3.38.1/src/nautilus-batch-rename-dialog.c
Examining data/nautilus-3.38.1/src/nautilus-batch-rename-dialog.h
Examining data/nautilus-3.38.1/src/nautilus-batch-rename-utilities.h
Examining data/nautilus-3.38.1/src/nautilus-bookmark-list.c
Examining data/nautilus-3.38.1/src/nautilus-bookmark-list.h
Examining data/nautilus-3.38.1/src/nautilus-bookmark.c
Examining data/nautilus-3.38.1/src/nautilus-bookmark.h
Examining data/nautilus-3.38.1/src/nautilus-canvas-container.c
Examining data/nautilus-3.38.1/src/nautilus-canvas-container.h
Examining data/nautilus-3.38.1/src/nautilus-canvas-dnd.c
Examining data/nautilus-3.38.1/src/nautilus-canvas-dnd.h
Examining data/nautilus-3.38.1/src/nautilus-canvas-item.c
Examining data/nautilus-3.38.1/src/nautilus-canvas-item.h
Examining data/nautilus-3.38.1/src/nautilus-canvas-private.h
Examining data/nautilus-3.38.1/src/nautilus-canvas-view-container.c
Examining data/nautilus-3.38.1/src/nautilus-canvas-view-container.h
Examining data/nautilus-3.38.1/src/nautilus-canvas-view.c
Examining data/nautilus-3.38.1/src/nautilus-canvas-view.h
Examining data/nautilus-3.38.1/src/nautilus-clipboard.c
Examining data/nautilus-3.38.1/src/nautilus-clipboard.h
Examining data/nautilus-3.38.1/src/nautilus-column-chooser.c
Examining data/nautilus-3.38.1/src/nautilus-column-chooser.h
Examining data/nautilus-3.38.1/src/nautilus-column-utilities.c
Examining data/nautilus-3.38.1/src/nautilus-column-utilities.h
Examining data/nautilus-3.38.1/src/nautilus-compress-dialog-controller.c
Examining data/nautilus-3.38.1/src/nautilus-compress-dialog-controller.h
Examining data/nautilus-3.38.1/src/nautilus-container-max-width.c
Examining data/nautilus-3.38.1/src/nautilus-container-max-width.h
Examining data/nautilus-3.38.1/src/nautilus-dbus-manager.c
Examining data/nautilus-3.38.1/src/nautilus-dbus-manager.h
Examining data/nautilus-3.38.1/src/nautilus-debug.c
Examining data/nautilus-3.38.1/src/nautilus-debug.h
Examining data/nautilus-3.38.1/src/nautilus-directory-async.c
Examining data/nautilus-3.38.1/src/nautilus-directory-notify.h
Examining data/nautilus-3.38.1/src/nautilus-directory-private.h
Examining data/nautilus-3.38.1/src/nautilus-directory.c
Examining data/nautilus-3.38.1/src/nautilus-directory.h
Examining data/nautilus-3.38.1/src/nautilus-dnd.c
Examining data/nautilus-3.38.1/src/nautilus-dnd.h
Examining data/nautilus-3.38.1/src/nautilus-enums.h
Examining data/nautilus-3.38.1/src/nautilus-error-reporting.c
Examining data/nautilus-3.38.1/src/nautilus-error-reporting.h
Examining data/nautilus-3.38.1/src/nautilus-file-changes-queue.h
Examining data/nautilus-3.38.1/src/nautilus-file-conflict-dialog.c
Examining data/nautilus-3.38.1/src/nautilus-file-conflict-dialog.h
Examining data/nautilus-3.38.1/src/nautilus-file-name-widget-controller.c
Examining data/nautilus-3.38.1/src/nautilus-file-name-widget-controller.h
Examining data/nautilus-3.38.1/src/nautilus-file-operations-dbus-data.c
Examining data/nautilus-3.38.1/src/nautilus-file-operations-dbus-data.h
Examining data/nautilus-3.38.1/src/nautilus-file-operations.c
Examining data/nautilus-3.38.1/src/nautilus-file-operations.h
Examining data/nautilus-3.38.1/src/nautilus-file-private.h
Examining data/nautilus-3.38.1/src/nautilus-file-queue.c
Examining data/nautilus-3.38.1/src/nautilus-file-queue.h
Examining data/nautilus-3.38.1/src/nautilus-file-undo-manager.c
Examining data/nautilus-3.38.1/src/nautilus-file-undo-manager.h
Examining data/nautilus-3.38.1/src/nautilus-file-undo-operations.c
Examining data/nautilus-3.38.1/src/nautilus-file-undo-operations.h
Examining data/nautilus-3.38.1/src/nautilus-file-utilities.c
Examining data/nautilus-3.38.1/src/nautilus-file-utilities.h
Examining data/nautilus-3.38.1/src/nautilus-file.h
Examining data/nautilus-3.38.1/src/nautilus-files-view-dnd.c
Examining data/nautilus-3.38.1/src/nautilus-files-view-dnd.h
Examining data/nautilus-3.38.1/src/nautilus-files-view.h
Examining data/nautilus-3.38.1/src/nautilus-floating-bar.c
Examining data/nautilus-3.38.1/src/nautilus-floating-bar.h
Examining data/nautilus-3.38.1/src/nautilus-freedesktop-dbus.c
Examining data/nautilus-3.38.1/src/nautilus-freedesktop-dbus.h
Examining data/nautilus-3.38.1/src/nautilus-global-preferences.h
Examining data/nautilus-3.38.1/src/nautilus-icon-info.c
Examining data/nautilus-3.38.1/src/nautilus-icon-info.h
Examining data/nautilus-3.38.1/src/nautilus-icon-names.h
Examining data/nautilus-3.38.1/src/nautilus-keyfile-metadata.c
Examining data/nautilus-3.38.1/src/nautilus-keyfile-metadata.h
Examining data/nautilus-3.38.1/src/nautilus-lib-self-check-functions.c
Examining data/nautilus-3.38.1/src/nautilus-lib-self-check-functions.h
Examining data/nautilus-3.38.1/src/nautilus-list-model.c
Examining data/nautilus-3.38.1/src/nautilus-list-model.h
Examining data/nautilus-3.38.1/src/nautilus-list-view-dnd.c
Examining data/nautilus-3.38.1/src/nautilus-list-view-dnd.h
Examining data/nautilus-3.38.1/src/nautilus-list-view-private.h
Examining data/nautilus-3.38.1/src/nautilus-list-view.h
Examining data/nautilus-3.38.1/src/nautilus-location-entry.c
Examining data/nautilus-3.38.1/src/nautilus-location-entry.h
Examining data/nautilus-3.38.1/src/nautilus-main.c
Examining data/nautilus-3.38.1/src/nautilus-metadata.c
Examining data/nautilus-3.38.1/src/nautilus-metadata.h
Examining data/nautilus-3.38.1/src/nautilus-mime-actions.c
Examining data/nautilus-3.38.1/src/nautilus-mime-actions.h
Examining data/nautilus-3.38.1/src/nautilus-module.h
Examining data/nautilus-3.38.1/src/nautilus-monitor.c
Examining data/nautilus-3.38.1/src/nautilus-monitor.h
Examining data/nautilus-3.38.1/src/nautilus-new-folder-dialog-controller.c
Examining data/nautilus-3.38.1/src/nautilus-new-folder-dialog-controller.h
Examining data/nautilus-3.38.1/src/nautilus-notebook.c
Examining data/nautilus-3.38.1/src/nautilus-notebook.h
Examining data/nautilus-3.38.1/src/nautilus-operations-ui-manager.c
Examining data/nautilus-3.38.1/src/nautilus-operations-ui-manager.h
Examining data/nautilus-3.38.1/src/nautilus-other-locations-window-slot.c
Examining data/nautilus-3.38.1/src/nautilus-other-locations-window-slot.h
Examining data/nautilus-3.38.1/src/nautilus-pathbar.c
Examining data/nautilus-3.38.1/src/nautilus-pathbar.h
Examining data/nautilus-3.38.1/src/nautilus-places-view.c
Examining data/nautilus-3.38.1/src/nautilus-places-view.h
Examining data/nautilus-3.38.1/src/nautilus-preferences-window.c
Examining data/nautilus-3.38.1/src/nautilus-preferences-window.h
Examining data/nautilus-3.38.1/src/nautilus-previewer.c
Examining data/nautilus-3.38.1/src/nautilus-previewer.h
Examining data/nautilus-3.38.1/src/nautilus-profile.c
Examining data/nautilus-3.38.1/src/nautilus-profile.h
Examining data/nautilus-3.38.1/src/nautilus-program-choosing.c
Examining data/nautilus-3.38.1/src/nautilus-program-choosing.h
Examining data/nautilus-3.38.1/src/nautilus-progress-info-manager.c
Examining data/nautilus-3.38.1/src/nautilus-progress-info-manager.h
Examining data/nautilus-3.38.1/src/nautilus-progress-info-widget.c
Examining data/nautilus-3.38.1/src/nautilus-progress-info-widget.h
Examining data/nautilus-3.38.1/src/nautilus-progress-info.c
Examining data/nautilus-3.38.1/src/nautilus-progress-info.h
Examining data/nautilus-3.38.1/src/nautilus-progress-persistence-handler.c
Examining data/nautilus-3.38.1/src/nautilus-progress-persistence-handler.h
Examining data/nautilus-3.38.1/src/nautilus-properties-window.c
Examining data/nautilus-3.38.1/src/nautilus-properties-window.h
Examining data/nautilus-3.38.1/src/nautilus-query-editor.c
Examining data/nautilus-3.38.1/src/nautilus-query-editor.h
Examining data/nautilus-3.38.1/src/nautilus-query.c
Examining data/nautilus-3.38.1/src/nautilus-query.h
Examining data/nautilus-3.38.1/src/nautilus-rename-file-popover-controller.c
Examining data/nautilus-3.38.1/src/nautilus-rename-file-popover-controller.h
Examining data/nautilus-3.38.1/src/nautilus-search-directory-file.c
Examining data/nautilus-3.38.1/src/nautilus-search-directory-file.h
Examining data/nautilus-3.38.1/src/nautilus-search-directory.c
Examining data/nautilus-3.38.1/src/nautilus-search-directory.h
Examining data/nautilus-3.38.1/src/nautilus-search-engine-model.c
Examining data/nautilus-3.38.1/src/nautilus-search-engine-model.h
Examining data/nautilus-3.38.1/src/nautilus-search-engine-private.h
Examining data/nautilus-3.38.1/src/nautilus-search-engine-recent.c
Examining data/nautilus-3.38.1/src/nautilus-search-engine-recent.h
Examining data/nautilus-3.38.1/src/nautilus-search-engine-simple.c
Examining data/nautilus-3.38.1/src/nautilus-search-engine-simple.h
Examining data/nautilus-3.38.1/src/nautilus-search-engine-tracker.h
Examining data/nautilus-3.38.1/src/nautilus-search-engine.c
Examining data/nautilus-3.38.1/src/nautilus-search-engine.h
Examining data/nautilus-3.38.1/src/nautilus-search-hit.c
Examining data/nautilus-3.38.1/src/nautilus-search-hit.h
Examining data/nautilus-3.38.1/src/nautilus-search-popover.c
Examining data/nautilus-3.38.1/src/nautilus-search-popover.h
Examining data/nautilus-3.38.1/src/nautilus-search-provider.c
Examining data/nautilus-3.38.1/src/nautilus-search-provider.h
Examining data/nautilus-3.38.1/src/nautilus-selection-canvas-item.c
Examining data/nautilus-3.38.1/src/nautilus-selection-canvas-item.h
Examining data/nautilus-3.38.1/src/nautilus-self-check-functions.c
Examining data/nautilus-3.38.1/src/nautilus-self-check-functions.h
Examining data/nautilus-3.38.1/src/nautilus-shell-search-provider.c
Examining data/nautilus-3.38.1/src/nautilus-shell-search-provider.h
Examining data/nautilus-3.38.1/src/nautilus-signaller.c
Examining data/nautilus-3.38.1/src/nautilus-signaller.h
Examining data/nautilus-3.38.1/src/nautilus-special-location-bar.c
Examining data/nautilus-3.38.1/src/nautilus-special-location-bar.h
Examining data/nautilus-3.38.1/src/nautilus-starred-directory.h
Examining data/nautilus-3.38.1/src/nautilus-thumbnails.c
Examining data/nautilus-3.38.1/src/nautilus-thumbnails.h
Examining data/nautilus-3.38.1/src/nautilus-toolbar-menu-sections.h
Examining data/nautilus-3.38.1/src/nautilus-toolbar.c
Examining data/nautilus-3.38.1/src/nautilus-toolbar.h
Examining data/nautilus-3.38.1/src/nautilus-trash-bar.c
Examining data/nautilus-3.38.1/src/nautilus-trash-bar.h
Examining data/nautilus-3.38.1/src/nautilus-trash-monitor.c
Examining data/nautilus-3.38.1/src/nautilus-trash-monitor.h
Examining data/nautilus-3.38.1/src/nautilus-tree-view-drag-dest.c
Examining data/nautilus-3.38.1/src/nautilus-tree-view-drag-dest.h
Examining data/nautilus-3.38.1/src/nautilus-types.h
Examining data/nautilus-3.38.1/src/nautilus-ui-utilities.c
Examining data/nautilus-3.38.1/src/nautilus-ui-utilities.h
Examining data/nautilus-3.38.1/src/nautilus-undo-private.h
Examining data/nautilus-3.38.1/src/nautilus-vfs-directory.c
Examining data/nautilus-3.38.1/src/nautilus-vfs-directory.h
Examining data/nautilus-3.38.1/src/nautilus-vfs-file.c
Examining data/nautilus-3.38.1/src/nautilus-vfs-file.h
Examining data/nautilus-3.38.1/src/nautilus-video-mime-types.h
Examining data/nautilus-3.38.1/src/nautilus-view-icon-controller.c
Examining data/nautilus-3.38.1/src/nautilus-view-icon-controller.h
Examining data/nautilus-3.38.1/src/nautilus-view-icon-item-ui.c
Examining data/nautilus-3.38.1/src/nautilus-view-icon-item-ui.h
Examining data/nautilus-3.38.1/src/nautilus-view-icon-ui.c
Examining data/nautilus-3.38.1/src/nautilus-view-icon-ui.h
Examining data/nautilus-3.38.1/src/nautilus-view-item-model.c
Examining data/nautilus-3.38.1/src/nautilus-view-item-model.h
Examining data/nautilus-3.38.1/src/nautilus-view-model.c
Examining data/nautilus-3.38.1/src/nautilus-view-model.h
Examining data/nautilus-3.38.1/src/nautilus-view.c
Examining data/nautilus-3.38.1/src/nautilus-view.h
Examining data/nautilus-3.38.1/src/nautilus-window-slot-dnd.c
Examining data/nautilus-3.38.1/src/nautilus-window-slot-dnd.h
Examining data/nautilus-3.38.1/src/nautilus-window-slot.c
Examining data/nautilus-3.38.1/src/nautilus-window-slot.h
Examining data/nautilus-3.38.1/src/nautilus-window.c
Examining data/nautilus-3.38.1/src/nautilus-window.h
Examining data/nautilus-3.38.1/src/nautilus-x-content-bar.c
Examining data/nautilus-3.38.1/src/nautilus-x-content-bar.h
Examining data/nautilus-3.38.1/src/nautilus-module.c
Examining data/nautilus-3.38.1/src/nautilus-application.c
Examining data/nautilus-3.38.1/src/nautilus-batch-rename-utilities.c
Examining data/nautilus-3.38.1/src/nautilus-file-changes-queue.c
Examining data/nautilus-3.38.1/src/nautilus-file.c
Examining data/nautilus-3.38.1/src/nautilus-files-view.c
Examining data/nautilus-3.38.1/src/nautilus-global-preferences.c
Examining data/nautilus-3.38.1/src/nautilus-list-view.c
Examining data/nautilus-3.38.1/src/nautilus-search-engine-tracker.c
Examining data/nautilus-3.38.1/src/nautilus-starred-directory.c
Examining data/nautilus-3.38.1/src/nautilus-tag-manager.c
Examining data/nautilus-3.38.1/src/nautilus-tag-manager.h
Examining data/nautilus-3.38.1/src/nautilus-tracker-utilities.c
Examining data/nautilus-3.38.1/src/nautilus-tracker-utilities.h
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-icon-utils.c
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-icon-utils.h
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-main-box-child.c
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-main-box-child.h
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-main-box-generic.c
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-main-box-generic.h
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-main-box-item.c
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-main-box-item.h
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-main-box.c
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-main-box.h
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-main-icon-box-child.c
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-main-icon-box-child.h
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-main-icon-box-icon.c
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-main-icon-box-icon.h
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-main-icon-box.c
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-main-icon-box.h
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-main-icon-view.c
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-main-icon-view.h
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-main-list-view.c
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-main-list-view.h
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-main-view-generic.c
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-main-view-generic.h
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-main-view.c
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-main-view.h
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-margin-container.c
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-margin-container.h
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-notification.c
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-notification.h
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-styled-text-renderer.c
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-styled-text-renderer.h
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-tagged-entry.c
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-tagged-entry.h
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-toggle-pixbuf-renderer.c
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-toggle-pixbuf-renderer.h
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-two-lines-renderer.c
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-two-lines-renderer.h
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-types-catalog.c
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd-types-catalog.h
Examining data/nautilus-3.38.1/subprojects/libgd/libgd/gd.h
Examining data/nautilus-3.38.1/subprojects/libgd/test-tagged-entry-2.c
Examining data/nautilus-3.38.1/subprojects/libgd/test-tagged-entry.c
Examining data/nautilus-3.38.1/test/automated/display/test-nautilus-directory-async.c
Examining data/nautilus-3.38.1/test/automated/display/test-nautilus-mime-actions-set.c
Examining data/nautilus-3.38.1/test/automated/display/test-nautilus-mime-actions.c
Examining data/nautilus-3.38.1/test/automated/displayless/test-eel-string-get-common-prefix.c
Examining data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c
Examining data/nautilus-3.38.1/test/automated/displayless/test-file-operations-dir-has-files.c
Examining data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c
Examining data/nautilus-3.38.1/test/automated/displayless/test-file-operations-trash-or-delete.c
Examining data/nautilus-3.38.1/test/automated/displayless/test-file-utilities-get-common-filename-prefix.c
Examining data/nautilus-3.38.1/test/automated/displayless/test-file-utilities.c
Examining data/nautilus-3.38.1/test/automated/displayless/test-utilities.c
Examining data/nautilus-3.38.1/test/automated/displayless/test-utilities.h
Examining data/nautilus-3.38.1/test/automated/displayless/test-nautilus-search-engine-model.c
Examining data/nautilus-3.38.1/test/automated/displayless/test-nautilus-search-engine-simple.c
Examining data/nautilus-3.38.1/test/automated/displayless/test-nautilus-search-engine-tracker.c
Examining data/nautilus-3.38.1/test/automated/displayless/test-nautilus-search-engine.c
Examining data/nautilus-3.38.1/test/interactive/test-copy.c
Examining data/nautilus-3.38.1/test/interactive/test.c
Examining data/nautilus-3.38.1/test/interactive/test.h
FINAL RESULTS:
data/nautilus-3.38.1/src/nautilus-autorun-software.c:142:13: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl (path_to_spawn, path_to_spawn, program_parameter, NULL);
data/nautilus-3.38.1/src/nautilus-canvas-container.c:4117:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf (*p, str, limit))
data/nautilus-3.38.1/src/nautilus-file.c:91:26: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DEBUG_REF_PRINTF printf
data/nautilus-3.38.1/src/nautilus-application.c:477:37: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
home = g_file_new_for_path (g_get_home_dir ());
data/nautilus-3.38.1/src/nautilus-application.c:690:33: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
home = g_file_new_for_path (g_get_home_dir ());
data/nautilus-3.38.1/src/nautilus-application.c:715:41: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
location = g_file_new_for_path (g_get_home_dir ());
data/nautilus-3.38.1/src/nautilus-application.c:927:37: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
files[0] = g_file_new_for_path (g_get_home_dir ());
data/nautilus-3.38.1/src/nautilus-application.c:983:37: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
file = g_file_new_for_path (g_get_home_dir ());
data/nautilus-3.38.1/src/nautilus-bookmark-list.c:93:34: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
filename = g_build_filename (g_get_home_dir (),
data/nautilus-3.38.1/src/nautilus-file-utilities.c:397:31: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
return g_filename_to_uri (g_get_home_dir (), NULL, NULL);
data/nautilus-3.38.1/src/nautilus-file-utilities.c:408:35: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
res = dir && (g_strcmp0 (dir, g_get_home_dir ()) != 0);
data/nautilus-3.38.1/src/nautilus-file-utilities.c:439:39: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
dirname = g_path_get_dirname (g_get_home_dir ());
data/nautilus-3.38.1/src/nautilus-file-utilities.c:442:50: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
home_dir_filename = g_path_get_basename (g_get_home_dir ());
data/nautilus-3.38.1/src/nautilus-file-utilities.c:456:41: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
home_dir = g_file_new_for_path (g_get_home_dir ());
data/nautilus-3.38.1/src/nautilus-files-view.c:2890:56: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
old_scripts_directory_path = g_build_filename (g_get_home_dir (),
data/nautilus-3.38.1/src/nautilus-list-model.c:1710:19: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
priv->stamp = g_random_int ();
data/nautilus-3.38.1/src/nautilus-list-view.c:1862:42: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
home_location = g_file_new_for_path (g_get_home_dir ());
data/nautilus-3.38.1/src/nautilus-progress-persistence-handler.c:73:33: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
home = g_file_new_for_path (g_get_home_dir ());
data/nautilus-3.38.1/src/nautilus-query.c:340:44: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
query->location = g_file_new_for_path (g_get_home_dir ());
data/nautilus-3.38.1/src/nautilus-shell-search-provider.c:437:33: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
home = g_file_new_for_path (g_get_home_dir ());
data/nautilus-3.38.1/src/nautilus-tracker-utilities.c:34:33: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
home = g_file_new_for_path (g_get_home_dir ());
data/nautilus-3.38.1/src/nautilus-window-slot.c:1563:51: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
go_to_file = g_file_new_for_path (g_get_home_dir ());
data/nautilus-3.38.1/src/nautilus-window-slot.c:1589:33: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
home = g_file_new_for_path (g_get_home_dir ());
data/nautilus-3.38.1/src/nautilus-window.c:223:33: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
home = g_file_new_for_path (g_get_home_dir ());
data/nautilus-3.38.1/src/nautilus-window.c:794:45: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
location = g_file_new_for_path (g_get_home_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:15:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:50:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:87:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:121:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:157:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:201:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:247:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:291:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:336:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:378:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:424:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:468:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:514:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:558:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:604:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:648:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:698:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:738:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:786:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:835:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:891:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:938:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:995:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:1065:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:1142:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-copy-files.c:1199:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-dir-has-files.c:18:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-dir-has-files.c:32:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-dir-has-files.c:51:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:15:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:51:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:89:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:127:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:162:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:199:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:235:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:277:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:323:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:367:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:409:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:454:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:498:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:543:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:586:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:630:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:672:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:717:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:761:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:803:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:848:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:892:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:934:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:979:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:1029:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:1069:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:1110:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:1158:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:1207:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:1258:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:1314:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:1365:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:1417:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:1480:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:1547:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:1616:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:1694:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:1749:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-move-files.c:1806:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-trash-or-delete.c:13:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-trash-or-delete.c:39:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-trash-or-delete.c:84:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-trash-or-delete.c:110:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-trash-or-delete.c:155:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-trash-or-delete.c:183:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-trash-or-delete.c:229:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-trash-or-delete.c:256:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-trash-or-delete.c:307:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-trash-or-delete.c:341:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-trash-or-delete.c:379:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-trash-or-delete.c:428:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-trash-or-delete.c:462:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-file-operations-trash-or-delete.c:500:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-nautilus-search-engine-model.c:58:37: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
location = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-nautilus-search-engine-simple.c:57:37: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
location = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-nautilus-search-engine-tracker.c:70:37: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
location = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-nautilus-search-engine.c:58:37: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
location = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-utilities.c:44:37: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
location = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-utilities.c:93:37: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
location = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-utilities.c:218:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-utilities.c:254:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-utilities.c:288:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-utilities.c:321:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-utilities.c:352:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-utilities.c:393:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-utilities.c:434:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-utilities.c:491:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/test/automated/displayless/test-utilities.c:536:33: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root = g_file_new_for_path (g_get_tmp_dir ());
data/nautilus-3.38.1/eel/eel-string.c:245:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (result_position, p, remaining_length);
data/nautilus-3.38.1/eel/eel-string.c:249:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (result_position, p, substring_position - p);
data/nautilus-3.38.1/eel/eel-string.c:251:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (result_position, replacement, replacement_length);
data/nautilus-3.38.1/extensions/image-properties/nautilus-image-properties-page.c:38:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[LOAD_BUFFER_SIZE];
data/nautilus-3.38.1/src/animation/egg-animation.c:847:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
slow_down_factor = MAX (1, atoi (slow_down_factor_env));
data/nautilus-3.38.1/src/nautilus-batch-rename-utilities.c:453:67: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_string_append_printf (new_name, "%02d", atoi (metadata));
data/nautilus-3.38.1/src/nautilus-batch-rename-utilities.c:978:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
date_time = g_date_time_new_local (atoi (year),
data/nautilus-3.38.1/src/nautilus-batch-rename-utilities.c:979:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi (month),
data/nautilus-3.38.1/src/nautilus-batch-rename-utilities.c:980:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi (day),
data/nautilus-3.38.1/src/nautilus-batch-rename-utilities.c:981:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi (hours),
data/nautilus-3.38.1/src/nautilus-batch-rename-utilities.c:982:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi (minutes),
data/nautilus-3.38.1/src/nautilus-batch-rename-utilities.c:983:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi (seconds));
data/nautilus-3.38.1/src/nautilus-canvas-container.c:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *action_descriptions[LAST_ACTION];
data/nautilus-3.38.1/src/nautilus-canvas-item.c:1938:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *action_descriptions[LAST_ACTION];
data/nautilus-3.38.1/src/nautilus-canvas-view-container.c:235:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *text_array[4];
data/nautilus-3.38.1/src/nautilus-directory-async.c:3602:27: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
thumb_mtime = atol (thumb_mtime_str);
data/nautilus-3.38.1/src/nautilus-dnd.c:222:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (item->uri, oldp, len);
data/nautilus-3.38.1/src/nautilus-file-operations.c:408:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret, base, p - base);
data/nautilus-3.38.1/src/nautilus-file-operations.c:4306:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
count += atoi (end + 1);
data/nautilus-3.38.1/src/nautilus-file.c:4231:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char default_as_string[32];
data/nautilus-3.38.1/src/nautilus-file.c:4310:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_str[21];
data/nautilus-3.38.1/src/nautilus-file.c:4350:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value_as_string[32];
data/nautilus-3.38.1/src/nautilus-file.c:4351:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char default_as_string[32];
data/nautilus-3.38.1/src/nautilus-file.c:4831:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *exclude[4];
data/nautilus-3.38.1/src/nautilus-file.c:4921:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *icon_names[2];
data/nautilus-3.38.1/src/nautilus-files-view-dnd.c:199:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trimmed[MAX_LEN_FILENAME];
data/nautilus-3.38.1/src/nautilus-files-view-dnd.c:242:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basename[MAX_LEN_FILENAME];
data/nautilus-3.38.1/src/nautilus-mime-actions.c:94:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *mimetypes[20];
data/nautilus-3.38.1/data/lineup-parameters.c:182:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*info)->nb_stars = strlen (stars);
data/nautilus-3.38.1/data/lineup-parameters.c:276:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
guint type_length = strlen (info->type);
data/nautilus-3.38.1/data/lineup-parameters.c:298:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
type_length = strlen (info->type);
data/nautilus-3.38.1/data/lineup-parameters.c:337:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nb_spaces_to_parenthesis = strlen (function_name) + 2;
data/nautilus-3.38.1/eel/eel-string.c:72:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escaped = g_new (char, strlen (string) + underscores + 1);
data/nautilus-3.38.1/eel/eel-string.c:222:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
substring_length = substring ? strlen (substring) : 0;
data/nautilus-3.38.1/eel/eel-string.c:223:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
replacement_length = replacement ? strlen (replacement) : 0;
data/nautilus-3.38.1/eel/eel-string.c:225:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result_length = strlen (string);
data/nautilus-3.38.1/eel/eel-string.c:244:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
remaining_length = strlen (p);
data/nautilus-3.38.1/extensions/image-properties/nautilus-image-properties-page.c:188:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (tag_value) > 0)
data/nautilus-3.38.1/src/nautilus-batch-rename-dialog.c:202:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (tag_text_representation),
data/nautilus-3.38.1/src/nautilus-bookmark-list.c:488:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
contents, strlen (contents),
data/nautilus-3.38.1/src/nautilus-canvas-dnd.c:497:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (uri));
data/nautilus-3.38.1/src/nautilus-compress-dialog-controller.c:55:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (name) == 0)
data/nautilus-3.38.1/src/nautilus-directory.c:662:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (hostname == NULL || (strlen (hostname) == 0))
data/nautilus-3.38.1/src/nautilus-file-name-widget-controller.c:85:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_length = strlen (name);
data/nautilus-3.38.1/src/nautilus-file-name-widget-controller.c:136:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (name) == 0)
data/nautilus-3.38.1/src/nautilus-file-operations.c:377:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (base);
data/nautilus-3.38.1/src/nautilus-file-operations.c:527:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (max_length > 0 && (unshortened_length = strlen (result)) > max_length)
data/nautilus-3.38.1/src/nautilus-file-operations.c:545:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert (strlen (result) <= max_length);
data/nautilus-3.38.1/src/nautilus-file-operations.c:635:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert ((int) strlen (original) >= until_substring - original);
data/nautilus-3.38.1/src/nautilus-file-operations.c:639:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (result, original, until_substring - original);
data/nautilus-3.38.1/src/nautilus-file-operations.c:894:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (max_length > 0 && (unshortened_length = strlen (result)) > max_length)
data/nautilus-3.38.1/src/nautilus-file-operations.c:912:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert (strlen (result) <= max_length);
data/nautilus-3.38.1/src/nautilus-file-operations.c:1232:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
handle = parent_handle + strlen (prefix);
data/nautilus-3.38.1/src/nautilus-file-operations.c:1253:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
handle = parent_handle + strlen (prefix);
data/nautilus-3.38.1/src/nautilus-file-operations.c:4231:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
old_len = strlen (filename);
data/nautilus-3.38.1/src/nautilus-file-operations.c:4237:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret |= (old_len != strlen (filename));
data/nautilus-3.38.1/src/nautilus-file-operations.c:7635:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = strlen (filename_base);
data/nautilus-3.38.1/src/nautilus-file-operations.c:7641:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (max_length > 0 && strlen (filename2) > max_length)
data/nautilus-3.38.1/src/nautilus-file-operations.c:7643:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_filename = shorten_utf8_string (filename2, strlen (filename2) - max_length);
data/nautilus-3.38.1/src/nautilus-file-operations.c:7690:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = strlen (filename_base);
data/nautilus-3.38.1/src/nautilus-file-operations.c:7695:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (max_length > 0 && strlen (filename2) > max_length)
data/nautilus-3.38.1/src/nautilus-file-operations.c:7699:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_filename = shorten_utf8_string (filename2, strlen (filename2) - max_length);
data/nautilus-3.38.1/src/nautilus-file-utilities.c:1356:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_child_name_length = MAX ((path_max - 1) - strlen (path), 0);
data/nautilus-3.38.1/src/nautilus-file-utilities.c:1366:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_child_name_length = CLAMP ((path_max - 1) - strlen (path),
data/nautilus-3.38.1/src/nautilus-file.c:435:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id = nautilus_metadata_get_id (attrs[i] + strlen ("metadata::"));
data/nautilus-3.38.1/src/nautilus-files-view-dnd.c:290:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (text);
data/nautilus-3.38.1/src/nautilus-files-view.c:2940:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
message, strlen (message),
data/nautilus-3.38.1/src/nautilus-files-view.c:2964:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scripts_directory_uri_length = strlen (scripts_directory_uri);
data/nautilus-3.38.1/src/nautilus-files-view.c:5705:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen (templates_directory_uri); uri[i] != '\0'; i++)
data/nautilus-3.38.1/src/nautilus-floating-bar.c:167:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (self->primary_label) > 0);
data/nautilus-3.38.1/src/nautilus-floating-bar.c:169:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (self->details_label) > 0);
data/nautilus-3.38.1/src/nautilus-location-entry.c:344:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (uri));
data/nautilus-3.38.1/src/nautilus-location-entry.c:662:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
position = strlen (gtk_entry_get_text (GTK_ENTRY (editable)));
data/nautilus-3.38.1/src/nautilus-new-folder-dialog-controller.c:48:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (name) == 0)
data/nautilus-3.38.1/src/nautilus-properties-window.c:820:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (new_name) == 0)
data/nautilus-3.38.1/src/nautilus-properties-window.c:4101:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask = umask (0));
data/nautilus-3.38.1/src/nautilus-properties-window.c:4101:19: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask = umask (0));
data/nautilus-3.38.1/src/nautilus-query.c:395:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nonexact_malus += strlen (ptr) - strlen (query->prepared_words[idx]);
data/nautilus-3.38.1/src/nautilus-query.c:395:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nonexact_malus += strlen (ptr) - strlen (query->prepared_words[idx]);
data/nautilus-3.38.1/src/nautilus-rename-file-popover-controller.c:97:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (name) == 0)
data/nautilus-3.38.1/src/nautilus-tree-view-drag-dest.c:1113:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (uri));
data/nautilus-3.38.1/src/nautilus-window-slot.c:3397:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (priv->title) > 0)
data/nautilus-3.38.1/subprojects/libgd/libgd/gd-main-view.c:329:12: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
gboolean equal;
data/nautilus-3.38.1/subprojects/libgd/libgd/gd-main-view.c:355:11: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal)
data/nautilus-3.38.1/test/automated/display/test-nautilus-mime-actions.c:40:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (*string) > 0)
ANALYSIS SUMMARY:
Hits = 207
Lines analyzed = 160867 in approximately 2.88 seconds (55876 lines/second)
Physical Source Lines of Code (SLOC) = 118373
Hits@level = [0] 23 [1] 57 [2] 28 [3] 119 [4] 3 [5] 0
Hits@level+ = [0+] 230 [1+] 207 [2+] 150 [3+] 122 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 1.94301 [1+] 1.74871 [2+] 1.26718 [3+] 1.03064 [4+] 0.0253436 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.