Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/openbox-3.6.1/obrender/color.h
Examining data/openbox-3.6.1/obrender/font.h
Examining data/openbox-3.6.1/obrender/geom.h
Examining data/openbox-3.6.1/obrender/gradient.h
Examining data/openbox-3.6.1/obrender/image.h
Examining data/openbox-3.6.1/obrender/instance.h
Examining data/openbox-3.6.1/obrender/mask.h
Examining data/openbox-3.6.1/obrender/render.h
Examining data/openbox-3.6.1/obrender/theme.h
Examining data/openbox-3.6.1/obrender/version.h
Examining data/openbox-3.6.1/obrender/button.c
Examining data/openbox-3.6.1/obrender/color.c
Examining data/openbox-3.6.1/obrender/font.c
Examining data/openbox-3.6.1/obrender/gradient.c
Examining data/openbox-3.6.1/obrender/icon.h
Examining data/openbox-3.6.1/obrender/image.c
Examining data/openbox-3.6.1/obrender/imagecache.h
Examining data/openbox-3.6.1/obrender/imagecache.c
Examining data/openbox-3.6.1/obrender/instance.c
Examining data/openbox-3.6.1/obrender/mask.c
Examining data/openbox-3.6.1/obrender/render.c
Examining data/openbox-3.6.1/obrender/test.c
Examining data/openbox-3.6.1/obrender/theme.c
Examining data/openbox-3.6.1/obt/link.h
Examining data/openbox-3.6.1/obt/display.h
Examining data/openbox-3.6.1/obt/keyboard.h
Examining data/openbox-3.6.1/obt/xml.h
Examining data/openbox-3.6.1/obt/paths.h
Examining data/openbox-3.6.1/obt/prop.h
Examining data/openbox-3.6.1/obt/signal.h
Examining data/openbox-3.6.1/obt/util.h
Examining data/openbox-3.6.1/obt/version.h
Examining data/openbox-3.6.1/obt/xqueue.h
Examining data/openbox-3.6.1/obt/bsearch.h
Examining data/openbox-3.6.1/obt/display.c
Examining data/openbox-3.6.1/obt/internal.h
Examining data/openbox-3.6.1/obt/keyboard.c
Examining data/openbox-3.6.1/obt/ddparse.h
Examining data/openbox-3.6.1/obt/ddparse.c
Examining data/openbox-3.6.1/obt/link.c
Examining data/openbox-3.6.1/obt/prop.c
Examining data/openbox-3.6.1/obt/signal.c
Examining data/openbox-3.6.1/obt/xqueue.c
Examining data/openbox-3.6.1/obt/unittest_base.h
Examining data/openbox-3.6.1/obt/unittest_base.c
Examining data/openbox-3.6.1/obt/bsearch_unittest.c
Examining data/openbox-3.6.1/obt/xml.c
Examining data/openbox-3.6.1/obt/paths.c
Examining data/openbox-3.6.1/openbox/actions/all.c
Examining data/openbox-3.6.1/openbox/actions/all.h
Examining data/openbox-3.6.1/openbox/actions/addremovedesktop.c
Examining data/openbox-3.6.1/openbox/actions/breakchroot.c
Examining data/openbox-3.6.1/openbox/actions/close.c
Examining data/openbox-3.6.1/openbox/actions/cyclewindows.c
Examining data/openbox-3.6.1/openbox/actions/debug.c
Examining data/openbox-3.6.1/openbox/actions/decorations.c
Examining data/openbox-3.6.1/openbox/actions/desktop.c
Examining data/openbox-3.6.1/openbox/actions/dock.c
Examining data/openbox-3.6.1/openbox/actions/dockautohide.c
Examining data/openbox-3.6.1/openbox/actions/directionalwindows.c
Examining data/openbox-3.6.1/openbox/actions/execute.c
Examining data/openbox-3.6.1/openbox/actions/exit.c
Examining data/openbox-3.6.1/openbox/actions/focus.c
Examining data/openbox-3.6.1/openbox/actions/focustobottom.c
Examining data/openbox-3.6.1/openbox/actions/fullscreen.c
Examining data/openbox-3.6.1/openbox/actions/growtoedge.c
Examining data/openbox-3.6.1/openbox/actions/iconify.c
Examining data/openbox-3.6.1/openbox/actions/kill.c
Examining data/openbox-3.6.1/openbox/actions/layer.c
Examining data/openbox-3.6.1/openbox/actions/lower.c
Examining data/openbox-3.6.1/openbox/actions/maximize.c
Examining data/openbox-3.6.1/openbox/actions/move.c
Examining data/openbox-3.6.1/openbox/actions/moverelative.c
Examining data/openbox-3.6.1/openbox/actions/moveresizeto.c
Examining data/openbox-3.6.1/openbox/actions/movetoedge.c
Examining data/openbox-3.6.1/openbox/actions/omnipresent.c
Examining data/openbox-3.6.1/openbox/actions/raise.c
Examining data/openbox-3.6.1/openbox/actions/raiselower.c
Examining data/openbox-3.6.1/openbox/actions/reconfigure.c
Examining data/openbox-3.6.1/openbox/actions/resize.c
Examining data/openbox-3.6.1/openbox/actions/resizerelative.c
Examining data/openbox-3.6.1/openbox/actions/restart.c
Examining data/openbox-3.6.1/openbox/actions/shade.c
Examining data/openbox-3.6.1/openbox/actions/shadelowerraise.c
Examining data/openbox-3.6.1/openbox/actions/showdesktop.c
Examining data/openbox-3.6.1/openbox/actions/showmenu.c
Examining data/openbox-3.6.1/openbox/actions/unfocus.c
Examining data/openbox-3.6.1/openbox/actions/if.c
Examining data/openbox-3.6.1/openbox/actions.c
Examining data/openbox-3.6.1/openbox/actions.h
Examining data/openbox-3.6.1/openbox/client.h
Examining data/openbox-3.6.1/openbox/client_list_menu.c
Examining data/openbox-3.6.1/openbox/client_list_menu.h
Examining data/openbox-3.6.1/openbox/client_list_combined_menu.c
Examining data/openbox-3.6.1/openbox/client_list_combined_menu.h
Examining data/openbox-3.6.1/openbox/client_menu.c
Examining data/openbox-3.6.1/openbox/client_menu.h
Examining data/openbox-3.6.1/openbox/debug.c
Examining data/openbox-3.6.1/openbox/debug.h
Examining data/openbox-3.6.1/openbox/dock.c
Examining data/openbox-3.6.1/openbox/dock.h
Examining data/openbox-3.6.1/openbox/event.c
Examining data/openbox-3.6.1/openbox/event.h
Examining data/openbox-3.6.1/openbox/focus.c
Examining data/openbox-3.6.1/openbox/focus.h
Examining data/openbox-3.6.1/openbox/focus_cycle.c
Examining data/openbox-3.6.1/openbox/focus_cycle.h
Examining data/openbox-3.6.1/openbox/focus_cycle_indicator.c
Examining data/openbox-3.6.1/openbox/focus_cycle_indicator.h
Examining data/openbox-3.6.1/openbox/focus_cycle_popup.c
Examining data/openbox-3.6.1/openbox/focus_cycle_popup.h
Examining data/openbox-3.6.1/openbox/framerender.h
Examining data/openbox-3.6.1/openbox/geom.h
Examining data/openbox-3.6.1/openbox/grab.c
Examining data/openbox-3.6.1/openbox/grab.h
Examining data/openbox-3.6.1/openbox/group.c
Examining data/openbox-3.6.1/openbox/group.h
Examining data/openbox-3.6.1/openbox/keyboard.c
Examining data/openbox-3.6.1/openbox/keyboard.h
Examining data/openbox-3.6.1/openbox/keytree.c
Examining data/openbox-3.6.1/openbox/keytree.h
Examining data/openbox-3.6.1/openbox/menuframe.c
Examining data/openbox-3.6.1/openbox/menuframe.h
Examining data/openbox-3.6.1/openbox/menu.c
Examining data/openbox-3.6.1/openbox/menu.h
Examining data/openbox-3.6.1/openbox/misc.h
Examining data/openbox-3.6.1/openbox/mouse.c
Examining data/openbox-3.6.1/openbox/mouse.h
Examining data/openbox-3.6.1/openbox/moveresize.h
Examining data/openbox-3.6.1/openbox/mwm.h
Examining data/openbox-3.6.1/openbox/openbox.h
Examining data/openbox-3.6.1/openbox/ping.c
Examining data/openbox-3.6.1/openbox/ping.h
Examining data/openbox-3.6.1/openbox/place.c
Examining data/openbox-3.6.1/openbox/place.h
Examining data/openbox-3.6.1/openbox/place_overlap.c
Examining data/openbox-3.6.1/openbox/place_overlap.h
Examining data/openbox-3.6.1/openbox/prompt.c
Examining data/openbox-3.6.1/openbox/prompt.h
Examining data/openbox-3.6.1/openbox/popup.c
Examining data/openbox-3.6.1/openbox/popup.h
Examining data/openbox-3.6.1/openbox/resist.c
Examining data/openbox-3.6.1/openbox/resist.h
Examining data/openbox-3.6.1/openbox/screen.h
Examining data/openbox-3.6.1/openbox/session.h
Examining data/openbox-3.6.1/openbox/stacking.c
Examining data/openbox-3.6.1/openbox/stacking.h
Examining data/openbox-3.6.1/openbox/startupnotify.c
Examining data/openbox-3.6.1/openbox/startupnotify.h
Examining data/openbox-3.6.1/openbox/translate.c
Examining data/openbox-3.6.1/openbox/translate.h
Examining data/openbox-3.6.1/openbox/window.c
Examining data/openbox-3.6.1/openbox/window.h
Examining data/openbox-3.6.1/openbox/screen.c
Examining data/openbox-3.6.1/openbox/openbox.c
Examining data/openbox-3.6.1/openbox/session.c
Examining data/openbox-3.6.1/openbox/config.c
Examining data/openbox-3.6.1/openbox/config.h
Examining data/openbox-3.6.1/openbox/frame.h
Examining data/openbox-3.6.1/openbox/framerender.c
Examining data/openbox-3.6.1/openbox/moveresize.c
Examining data/openbox-3.6.1/openbox/client.c
Examining data/openbox-3.6.1/openbox/frame.c
Examining data/openbox-3.6.1/tests/aspect.c
Examining data/openbox-3.6.1/tests/fullscreen.c
Examining data/openbox-3.6.1/tests/grav.c
Examining data/openbox-3.6.1/tests/grouptran.c
Examining data/openbox-3.6.1/tests/icons.c
Examining data/openbox-3.6.1/tests/modal2.c
Examining data/openbox-3.6.1/tests/modal3.c
Examining data/openbox-3.6.1/tests/modal.c
Examining data/openbox-3.6.1/tests/noresize.c
Examining data/openbox-3.6.1/tests/override.c
Examining data/openbox-3.6.1/tests/positioned.c
Examining data/openbox-3.6.1/tests/strut.c
Examining data/openbox-3.6.1/tests/title.c
Examining data/openbox-3.6.1/tests/urgent.c
Examining data/openbox-3.6.1/tools/gdm-control/gdm-control.c
Examining data/openbox-3.6.1/tools/gnome-panel-control/gnome-panel-control.c
Examining data/openbox-3.6.1/tools/obxprop/obxprop.c
Examining data/openbox-3.6.1/gettext.h
FINAL RESULTS:
data/openbox-3.6.1/openbox/openbox.c:438:17: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argvp[0], argvp);
data/openbox-3.6.1/openbox/openbox.c:475:9: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argv[0], argv); /* try how we were run */
data/openbox-3.6.1/openbox/openbox.c:476:9: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(argv[0], program_name, (gchar*)NULL); /* last resort */
data/openbox-3.6.1/tools/gdm-control/gdm-control.c:179:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(addr.sun_path, GDM_PROTOCOL_SOCKET_PATH1);
data/openbox-3.6.1/tools/gdm-control/gdm-control.c:181:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(addr.sun_path, GDM_PROTOCOL_SOCKET_PATH2);
data/openbox-3.6.1/obrender/theme.c:1132:30: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
s = g_build_filename(g_get_home_dir(), ".themes", name,
data/openbox-3.6.1/obt/paths.c:157:43: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
p->config_home = g_build_filename(g_get_home_dir(), ".config", NULL);
data/openbox-3.6.1/obt/paths.c:163:41: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
p->data_home = g_build_filename(g_get_home_dir(), ".local",
data/openbox-3.6.1/obt/paths.c:170:42: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
p->cache_home = g_build_filename(g_get_home_dir(), ".cache", NULL);
data/openbox-3.6.1/obt/paths.c:265:52: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
ret = g_regex_replace_literal(regex, f, -1, 0, g_get_home_dir(), 0, NULL);
data/openbox-3.6.1/obt/xml.c:261:34: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
(paths, g_build_filename(g_get_home_dir(), ".themes", theme, NULL));
data/openbox-3.6.1/openbox/keyboard.c:114:16: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (p->chroot) {
data/openbox-3.6.1/openbox/keyboard.c:259:27: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
} else if (p->chroot) /* an empty chroot */
data/openbox-3.6.1/openbox/keyboard.c:290:19: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (node->chroot)
data/openbox-3.6.1/openbox/keyboard.c:302:19: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (node->chroot)
data/openbox-3.6.1/openbox/keytree.h:29:14: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
gboolean chroot;
data/openbox-3.6.1/openbox/openbox.c:136:15: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
if (chdir(g_get_home_dir()) == -1)
data/openbox-3.6.1/openbox/openbox.c:138:19: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_get_home_dir(), g_strerror(errno));
data/openbox-3.6.1/openbox/session.c:126:36: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
g_random_int());
data/openbox-3.6.1/obrender/gradient.c:258:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cdest, start, lenbytes);
data/openbox-3.6.1/obrender/gradient.c:315:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, source, partial_w * sizeof(RrPixel32));
data/openbox-3.6.1/obrender/gradient.c:586:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(datac, data, cpbytes);
data/openbox-3.6.1/obrender/gradient.c:633:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(datac, data, cpbytes);
data/openbox-3.6.1/obrender/gradient.c:834:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, ldata, w * sizeof(RrPixel32));
data/openbox-3.6.1/obt/ddparse.c:190:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(o, i, s);
data/openbox-3.6.1/obt/ddparse.c:774:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(path, "r"))) {
data/openbox-3.6.1/obt/link.c:46:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ObtLinkAppOpen open;
data/openbox-3.6.1/obt/xml.c:406:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = c ? atoi((gchar*)c) : 0;
data/openbox-3.6.1/obt/xml.c:476:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*value = atoi((gchar*)c);
data/openbox-3.6.1/openbox/actions/desktop.c:134:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
o->u.abs.desktop = atoi(s) - 1;
data/openbox-3.6.1/openbox/actions/execute.c:116:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(o->data, data, sizeof(ObActionsData));
data/openbox-3.6.1/openbox/actions/if.c:201:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
q->desktop_number = atoi(s);
data/openbox-3.6.1/openbox/config.c:174:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*denom = atoi(s+1);
data/openbox-3.6.1/openbox/debug.c:64:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log_file = fopen(name, "w");
data/openbox-3.6.1/openbox/screen.c:355:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(e.xclient.data.b, "wm started");
data/openbox-3.6.1/openbox/session.c:473:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(ob_sm_save_file, "w");
data/openbox-3.6.1/openbox/translate.c:94:62: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (!g_ascii_strncasecmp("Button", l, 6)) *button = atoi(l+6);
data/openbox-3.6.1/tools/gdm-control/gdm-control.c:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/openbox-3.6.1/tools/gdm-control/gdm-control.c:120:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f = fopen(xau_path, "r")))
data/openbox-3.6.1/tools/gdm-control/gdm-control.c:127:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[40]; /* 2*16 == 32, so 40 is enough */
data/openbox-3.6.1/tools/obxprop/obxprop.c:293:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
userid = atoi(argv[i]);
data/openbox-3.6.1/obrender/theme.c:635:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = parse_inline_number(p + strlen("shadowoffset="));
data/openbox-3.6.1/obrender/theme.c:642:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = parse_inline_number(p + strlen("shadowtint="));
data/openbox-3.6.1/obrender/theme.c:670:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = parse_inline_number(p + strlen("shadowoffset="));
data/openbox-3.6.1/obrender/theme.c:677:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = parse_inline_number(p + strlen("shadowtint="));
data/openbox-3.6.1/obrender/theme.c:752:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = parse_inline_number(p + strlen("shadowoffset="));
data/openbox-3.6.1/obrender/theme.c:759:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = parse_inline_number(p + strlen("shadowtint="));
data/openbox-3.6.1/obrender/theme.c:789:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = parse_inline_number(p + strlen("shadowoffset="));
data/openbox-3.6.1/obrender/theme.c:796:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = parse_inline_number(p + strlen("shadowtint="));
data/openbox-3.6.1/obrender/theme.c:837:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = parse_inline_number(p + strlen("shadowoffset="));
data/openbox-3.6.1/obrender/theme.c:844:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = parse_inline_number(p + strlen("shadowtint="));
data/openbox-3.6.1/obrender/theme.c:889:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = parse_inline_number(p + strlen("shadowoffset="));
data/openbox-3.6.1/obrender/theme.c:910:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = parse_inline_number(p + strlen("shadowtint="));
data/openbox-3.6.1/obt/ddparse.c:322:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gulong *size, gulong *read,
data/openbox-3.6.1/obt/ddparse.c:338:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (i = 0; i < *read; ++i) {
data/openbox-3.6.1/obt/ddparse.c:348:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (i = 0; i < *read; ++i)
data/openbox-3.6.1/obt/ddparse.c:360:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
newread = *buf + *read;
data/openbox-3.6.1/obt/ddparse.c:361:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = fread(newread, sizeof(char), *size-*read, f);
data/openbox-3.6.1/obt/ddparse.c:362:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (ret < *size - *read && !feof(f)) {
data/openbox-3.6.1/obt/ddparse.c:371:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (i = newread-*buf; i < *read; ++i) {
data/openbox-3.6.1/obt/ddparse.c:376:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
--(*read);
data/openbox-3.6.1/obt/ddparse.c:389:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if (feof(f) && *read < *size) {
data/openbox-3.6.1/obt/ddparse.c:391:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (*read > 0) {
data/openbox-3.6.1/obt/ddparse.c:393:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(*buf)[(*read)++] = '\0';
data/openbox-3.6.1/obt/ddparse.c:403:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return *read > 0;
data/openbox-3.6.1/obt/ddparse.c:520:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!error && parse_file_line(f, &buf, &bytes, &read, parse, &error)) {
data/openbox-3.6.1/obt/ddparse.c:521:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gulong len = strlen(buf);
data/openbox-3.6.1/obt/prop.c:382:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p) + 1; /* next string */
data/openbox-3.6.1/obt/prop.c:394:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p) + 1; /* next string */
data/openbox-3.6.1/obt/prop.c:539:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PropModeReplace, (const guchar*)val, strlen(val));
data/openbox-3.6.1/openbox/client.c:925:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!g_pattern_match(app->name, strlen(self->name), self->name, NULL))
data/openbox-3.6.1/openbox/client.c:929:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(self->group_name), self->group_name, NULL))
data/openbox-3.6.1/openbox/client.c:933:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(self->class), self->class, NULL))
data/openbox-3.6.1/openbox/client.c:937:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(self->group_class), self->group_class,
data/openbox-3.6.1/openbox/client.c:942:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(self->role), self->role, NULL))
data/openbox-3.6.1/openbox/client.c:946:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(self->title), self->title, NULL))
data/openbox-3.6.1/openbox/frame.c:1889:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lc = config_title_layout + strlen(config_title_layout)-1;
data/openbox-3.6.1/openbox/menu.c:174:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (obt_xml_load_mem(menu_parse_inst, output, strlen(output),
data/openbox-3.6.1/openbox/session.c:207:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
.length = strlen(sm_argv[0]) + 1
data/openbox-3.6.1/openbox/session.c:228:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
.length = strlen(user) + 1
data/openbox-3.6.1/openbox/session.c:271:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
.length = strlen(pid) + 1
data/openbox-3.6.1/openbox/session.c:325:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vals[i].length = strlen(sm_argv[i]) + 1;
data/openbox-3.6.1/openbox/session.c:351:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vals[i].length = strlen(sm_argv[i]) + 1;
data/openbox-3.6.1/openbox/session.c:356:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vals[i].length = strlen("--sm-client-id") + 1;
data/openbox-3.6.1/openbox/session.c:358:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vals[i+1].length = strlen(ob_sm_id) + 1;
data/openbox-3.6.1/openbox/session.c:363:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vals[i+2].length = strlen("--sm-save-file") + 1;
data/openbox-3.6.1/openbox/session.c:365:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vals[i+3].length = strlen(ob_sm_save_file) + 1;
data/openbox-3.6.1/tests/icons.c:247:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/openbox-3.6.1/tests/title.c:60:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PropModeAppend, argv[1], strlen(argv[1]));
data/openbox-3.6.1/tools/gdm-control/gdm-control.c:81:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write (fd, p, strlen(p)) < 0) {
data/openbox-3.6.1/tools/gdm-control/gdm-control.c:92:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((len = read(fd, buf, sizeof(buf) - 1)) > 0) {
data/openbox-3.6.1/tools/gdm-control/gdm-control.c:193:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!response || strncmp(response, "GDM ", strlen("GDM ") != 0)) {
data/openbox-3.6.1/tools/obxprop/obxprop.c:138:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p) + 1; /* next string */
ANALYSIS SUMMARY:
Hits = 93
Lines analyzed = 50440 in approximately 1.33 seconds (38023 lines/second)
Physical Source Lines of Code (SLOC) = 36914
Hits@level = [0] 120 [1] 52 [2] 22 [3] 14 [4] 5 [5] 0
Hits@level+ = [0+] 213 [1+] 93 [2+] 41 [3+] 19 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 5.77017 [1+] 2.51937 [2+] 1.11069 [3+] 0.51471 [4+] 0.13545 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.