Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pasystray-0.7.1/src/avahi.c
Examining data/pasystray-0.7.1/src/avahi.h
Examining data/pasystray-0.7.1/src/menu_info.c
Examining data/pasystray-0.7.1/src/menu_info.h
Examining data/pasystray-0.7.1/src/notify.c
Examining data/pasystray-0.7.1/src/notify.h
Examining data/pasystray-0.7.1/src/options.c
Examining data/pasystray-0.7.1/src/options.h
Examining data/pasystray-0.7.1/src/pasystray.h
Examining data/pasystray-0.7.1/src/pulseaudio.c
Examining data/pasystray-0.7.1/src/pulseaudio.h
Examining data/pasystray-0.7.1/src/pulseaudio_action.c
Examining data/pasystray-0.7.1/src/pulseaudio_action.h
Examining data/pasystray-0.7.1/src/pulseaudio_info.c
Examining data/pasystray-0.7.1/src/pulseaudio_info.h
Examining data/pasystray-0.7.1/src/systray.c
Examining data/pasystray-0.7.1/src/systray.h
Examining data/pasystray-0.7.1/src/systray_impl.h
Examining data/pasystray-0.7.1/src/ui.c
Examining data/pasystray-0.7.1/src/ui.h
Examining data/pasystray-0.7.1/src/x11-property.c
Examining data/pasystray-0.7.1/src/x11-property.h
Examining data/pasystray-0.7.1/src/systray_impl.c
Examining data/pasystray-0.7.1/src/pasystray.c
FINAL RESULTS:
data/pasystray-0.7.1/src/avahi.c:222:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[AVAHI_ADDRESS_STR_MAX];
data/pasystray-0.7.1/src/menu_info.c:208:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vol_buf[PA_CVOLUME_SNPRINT_MAX];
data/pasystray-0.7.1/src/pulseaudio_info.c:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss[PA_SAMPLE_SPEC_SNPRINT_MAX];
data/pasystray-0.7.1/src/pulseaudio_info.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cm[PA_CHANNEL_MAP_SNPRINT_MAX];
data/pasystray-0.7.1/src/pulseaudio_info.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[PA_SAMPLE_SPEC_SNPRINT_MAX];
data/pasystray-0.7.1/src/pulseaudio_info.c:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cv[PA_CVOLUME_SNPRINT_MAX];
data/pasystray-0.7.1/src/pulseaudio_info.c:83:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cvdb[PA_SW_CVOLUME_SNPRINT_DB_MAX];
data/pasystray-0.7.1/src/pulseaudio_info.c:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char v[PA_VOLUME_SNPRINT_MAX];
data/pasystray-0.7.1/src/pulseaudio_info.c:85:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vdb[PA_SW_VOLUME_SNPRINT_DB_MAX];
data/pasystray-0.7.1/src/pulseaudio_info.c:86:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cm[PA_CHANNEL_MAP_SNPRINT_MAX];
data/pasystray-0.7.1/src/pulseaudio_info.c:148:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[PA_SAMPLE_SPEC_SNPRINT_MAX];
data/pasystray-0.7.1/src/pulseaudio_info.c:149:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cv[PA_CVOLUME_SNPRINT_MAX];
data/pasystray-0.7.1/src/pulseaudio_info.c:150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cvdb[PA_SW_CVOLUME_SNPRINT_DB_MAX];
data/pasystray-0.7.1/src/pulseaudio_info.c:151:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char v[PA_VOLUME_SNPRINT_MAX];
data/pasystray-0.7.1/src/pulseaudio_info.c:152:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vdb[PA_SW_VOLUME_SNPRINT_DB_MAX];
data/pasystray-0.7.1/src/pulseaudio_info.c:153:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cm[PA_CHANNEL_MAP_SNPRINT_MAX];
data/pasystray-0.7.1/src/pulseaudio_info.c:207:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[32];
data/pasystray-0.7.1/src/pulseaudio_info.c:208:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char k[32];
data/pasystray-0.7.1/src/pulseaudio_info.c:209:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[PA_SAMPLE_SPEC_SNPRINT_MAX];
data/pasystray-0.7.1/src/pulseaudio_info.c:210:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cv[PA_CVOLUME_SNPRINT_MAX];
data/pasystray-0.7.1/src/pulseaudio_info.c:211:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cvdb[PA_SW_CVOLUME_SNPRINT_DB_MAX];
data/pasystray-0.7.1/src/pulseaudio_info.c:212:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cm[PA_CHANNEL_MAP_SNPRINT_MAX];
data/pasystray-0.7.1/src/pulseaudio_info.c:213:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f[PA_FORMAT_INFO_SNPRINT_MAX];
data/pasystray-0.7.1/src/pulseaudio_info.c:260:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[32];
data/pasystray-0.7.1/src/pulseaudio_info.c:261:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char k[32];
data/pasystray-0.7.1/src/pulseaudio_info.c:262:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[PA_SAMPLE_SPEC_SNPRINT_MAX];
data/pasystray-0.7.1/src/pulseaudio_info.c:263:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cv[PA_CVOLUME_SNPRINT_MAX];
data/pasystray-0.7.1/src/pulseaudio_info.c:264:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cvdb[PA_SW_CVOLUME_SNPRINT_DB_MAX];
data/pasystray-0.7.1/src/pulseaudio_info.c:265:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cm[PA_CHANNEL_MAP_SNPRINT_MAX];
data/pasystray-0.7.1/src/pulseaudio_info.c:266:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f[PA_FORMAT_INFO_SNPRINT_MAX];
data/pasystray-0.7.1/src/menu_info.c:199:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mii->desc) > DESC_MAX)
data/pasystray-0.7.1/src/x11-property.c:55:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(const unsigned char*) value, strlen(value)+1);
ANALYSIS SUMMARY:
Hits = 32
Lines analyzed = 4106 in approximately 0.12 seconds (34795 lines/second)
Physical Source Lines of Code (SLOC) = 2935
Hits@level = [0] 0 [1] 2 [2] 30 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 32 [1+] 32 [2+] 30 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 10.9029 [1+] 10.9029 [2+] 10.2215 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.