Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/phosh-0.6.0/src/activity.c
Examining data/phosh-0.6.0/src/activity.h
Examining data/phosh-0.6.0/src/animation.c
Examining data/phosh-0.6.0/src/animation.h
Examining data/phosh-0.6.0/src/app-grid-button.c
Examining data/phosh-0.6.0/src/app-grid-button.h
Examining data/phosh-0.6.0/src/app-grid.c
Examining data/phosh-0.6.0/src/app-grid.h
Examining data/phosh-0.6.0/src/app-list-model.c
Examining data/phosh-0.6.0/src/app-list-model.h
Examining data/phosh-0.6.0/src/arrow.c
Examining data/phosh-0.6.0/src/arrow.h
Examining data/phosh-0.6.0/src/auth.c
Examining data/phosh-0.6.0/src/auth.h
Examining data/phosh-0.6.0/src/background-manager.c
Examining data/phosh-0.6.0/src/background-manager.h
Examining data/phosh-0.6.0/src/background.c
Examining data/phosh-0.6.0/src/background.h
Examining data/phosh-0.6.0/src/batteryinfo.c
Examining data/phosh-0.6.0/src/batteryinfo.h
Examining data/phosh-0.6.0/src/bt-info.c
Examining data/phosh-0.6.0/src/bt-info.h
Examining data/phosh-0.6.0/src/bt-manager.c
Examining data/phosh-0.6.0/src/bt-manager.h
Examining data/phosh-0.6.0/src/connectivity-info.c
Examining data/phosh-0.6.0/src/connectivity-info.h
Examining data/phosh-0.6.0/src/contrib/shell-network-agent.c
Examining data/phosh-0.6.0/src/contrib/shell-network-agent.h
Examining data/phosh-0.6.0/src/docked-info.c
Examining data/phosh-0.6.0/src/docked-info.h
Examining data/phosh-0.6.0/src/docked-manager.c
Examining data/phosh-0.6.0/src/docked-manager.h
Examining data/phosh-0.6.0/src/fader.c
Examining data/phosh-0.6.0/src/fader.h
Examining data/phosh-0.6.0/src/favorite-list-model.c
Examining data/phosh-0.6.0/src/favorite-list-model.h
Examining data/phosh-0.6.0/src/feedback-manager.c
Examining data/phosh-0.6.0/src/feedback-manager.h
Examining data/phosh-0.6.0/src/feedbackinfo.c
Examining data/phosh-0.6.0/src/feedbackinfo.h
Examining data/phosh-0.6.0/src/gtk-list-models/gtkfilterlistmodel.c
Examining data/phosh-0.6.0/src/gtk-list-models/gtkfilterlistmodel.h
Examining data/phosh-0.6.0/src/gtk-list-models/gtkrbtree.c
Examining data/phosh-0.6.0/src/gtk-list-models/gtkrbtreeprivate.h
Examining data/phosh-0.6.0/src/gtk-list-models/gtksortlistmodel.c
Examining data/phosh-0.6.0/src/gtk-list-models/gtksortlistmodel.h
Examining data/phosh-0.6.0/src/home.c
Examining data/phosh-0.6.0/src/home.h
Examining data/phosh-0.6.0/src/idle-manager.c
Examining data/phosh-0.6.0/src/idle-manager.h
Examining data/phosh-0.6.0/src/keyboard-events.c
Examining data/phosh-0.6.0/src/keyboard-events.h
Examining data/phosh-0.6.0/src/layersurface.c
Examining data/phosh-0.6.0/src/layersurface.h
Examining data/phosh-0.6.0/src/lockscreen-manager.c
Examining data/phosh-0.6.0/src/lockscreen-manager.h
Examining data/phosh-0.6.0/src/lockscreen.c
Examining data/phosh-0.6.0/src/lockscreen.h
Examining data/phosh-0.6.0/src/lockshield.c
Examining data/phosh-0.6.0/src/lockshield.h
Examining data/phosh-0.6.0/src/log.c
Examining data/phosh-0.6.0/src/log.h
Examining data/phosh-0.6.0/src/main.c
Examining data/phosh-0.6.0/src/media-player.c
Examining data/phosh-0.6.0/src/media-player.h
Examining data/phosh-0.6.0/src/mode-manager.c
Examining data/phosh-0.6.0/src/mode-manager.h
Examining data/phosh-0.6.0/src/monitor-manager.c
Examining data/phosh-0.6.0/src/monitor-manager.h
Examining data/phosh-0.6.0/src/monitor/head.c
Examining data/phosh-0.6.0/src/monitor/head.h
Examining data/phosh-0.6.0/src/monitor/monitor.c
Examining data/phosh-0.6.0/src/monitor/monitor.h
Examining data/phosh-0.6.0/src/network-auth-prompt.c
Examining data/phosh-0.6.0/src/network-auth-prompt.h
Examining data/phosh-0.6.0/src/notifications/notification-banner.c
Examining data/phosh-0.6.0/src/notifications/notification-banner.h
Examining data/phosh-0.6.0/src/notifications/notification-content.c
Examining data/phosh-0.6.0/src/notifications/notification-content.h
Examining data/phosh-0.6.0/src/notifications/notification-frame.c
Examining data/phosh-0.6.0/src/notifications/notification-frame.h
Examining data/phosh-0.6.0/src/notifications/notification-list.c
Examining data/phosh-0.6.0/src/notifications/notification-list.h
Examining data/phosh-0.6.0/src/notifications/notification-source.c
Examining data/phosh-0.6.0/src/notifications/notification-source.h
Examining data/phosh-0.6.0/src/notifications/notification.c
Examining data/phosh-0.6.0/src/notifications/notification.h
Examining data/phosh-0.6.0/src/notifications/notify-manager.c
Examining data/phosh-0.6.0/src/notifications/notify-manager.h
Examining data/phosh-0.6.0/src/notifications/timestamp-label.c
Examining data/phosh-0.6.0/src/notifications/timestamp-label.h
Examining data/phosh-0.6.0/src/osk-manager.c
Examining data/phosh-0.6.0/src/osk-manager.h
Examining data/phosh-0.6.0/src/osk/osk-button.c
Examining data/phosh-0.6.0/src/osk/osk-button.h
Examining data/phosh-0.6.0/src/overview.c
Examining data/phosh-0.6.0/src/overview.h
Examining data/phosh-0.6.0/src/panel.c
Examining data/phosh-0.6.0/src/panel.h
Examining data/phosh-0.6.0/src/phosh-wayland.c
Examining data/phosh-0.6.0/src/phosh-wayland.h
Examining data/phosh-0.6.0/src/polkit-auth-agent.c
Examining data/phosh-0.6.0/src/polkit-auth-agent.h
Examining data/phosh-0.6.0/src/polkit-auth-prompt.c
Examining data/phosh-0.6.0/src/polkit-auth-prompt.h
Examining data/phosh-0.6.0/src/proximity.c
Examining data/phosh-0.6.0/src/proximity.h
Examining data/phosh-0.6.0/src/quick-setting.c
Examining data/phosh-0.6.0/src/quick-setting.h
Examining data/phosh-0.6.0/src/rotateinfo.c
Examining data/phosh-0.6.0/src/rotateinfo.h
Examining data/phosh-0.6.0/src/screen-saver-manager.c
Examining data/phosh-0.6.0/src/screen-saver-manager.h
Examining data/phosh-0.6.0/src/sensor-proxy-manager.c
Examining data/phosh-0.6.0/src/sensor-proxy-manager.h
Examining data/phosh-0.6.0/src/session-presence.c
Examining data/phosh-0.6.0/src/session-presence.h
Examining data/phosh-0.6.0/src/session.c
Examining data/phosh-0.6.0/src/session.h
Examining data/phosh-0.6.0/src/settings.c
Examining data/phosh-0.6.0/src/settings.h
Examining data/phosh-0.6.0/src/settings/brightness.c
Examining data/phosh-0.6.0/src/settings/brightness.h
Examining data/phosh-0.6.0/src/settings/gvc-channel-bar.c
Examining data/phosh-0.6.0/src/settings/gvc-channel-bar.h
Examining data/phosh-0.6.0/src/shell.c
Examining data/phosh-0.6.0/src/shell.h
Examining data/phosh-0.6.0/src/status-icon.c
Examining data/phosh-0.6.0/src/status-icon.h
Examining data/phosh-0.6.0/src/swipe-away-bin.c
Examining data/phosh-0.6.0/src/swipe-away-bin.h
Examining data/phosh-0.6.0/src/system-prompt.c
Examining data/phosh-0.6.0/src/system-prompt.h
Examining data/phosh-0.6.0/src/system-prompter.c
Examining data/phosh-0.6.0/src/system-prompter.h
Examining data/phosh-0.6.0/src/thumbnail.c
Examining data/phosh-0.6.0/src/thumbnail.h
Examining data/phosh-0.6.0/src/toplevel-manager.c
Examining data/phosh-0.6.0/src/toplevel-manager.h
Examining data/phosh-0.6.0/src/toplevel-thumbnail.c
Examining data/phosh-0.6.0/src/toplevel-thumbnail.h
Examining data/phosh-0.6.0/src/toplevel.c
Examining data/phosh-0.6.0/src/toplevel.h
Examining data/phosh-0.6.0/src/torch-info.c
Examining data/phosh-0.6.0/src/torch-info.h
Examining data/phosh-0.6.0/src/torch-manager.c
Examining data/phosh-0.6.0/src/torch-manager.h
Examining data/phosh-0.6.0/src/util.c
Examining data/phosh-0.6.0/src/util.h
Examining data/phosh-0.6.0/src/wifiinfo.c
Examining data/phosh-0.6.0/src/wifiinfo.h
Examining data/phosh-0.6.0/src/wifimanager.c
Examining data/phosh-0.6.0/src/wifimanager.h
Examining data/phosh-0.6.0/src/wwan/phosh-wwan-backend.h
Examining data/phosh-0.6.0/src/wwan/phosh-wwan-iface.c
Examining data/phosh-0.6.0/src/wwan/phosh-wwan-iface.h
Examining data/phosh-0.6.0/src/wwan/phosh-wwan-mm.c
Examining data/phosh-0.6.0/src/wwan/phosh-wwan-mm.h
Examining data/phosh-0.6.0/src/wwan/phosh-wwan-ofono.c
Examining data/phosh-0.6.0/src/wwan/phosh-wwan-ofono.h
Examining data/phosh-0.6.0/src/wwaninfo.c
Examining data/phosh-0.6.0/src/wwaninfo.h
Examining data/phosh-0.6.0/subprojects/gvc/gvc-channel-map-private.h
Examining data/phosh-0.6.0/subprojects/gvc/gvc-channel-map.c
Examining data/phosh-0.6.0/subprojects/gvc/gvc-channel-map.h
Examining data/phosh-0.6.0/subprojects/gvc/gvc-mixer-card-private.h
Examining data/phosh-0.6.0/subprojects/gvc/gvc-mixer-card.c
Examining data/phosh-0.6.0/subprojects/gvc/gvc-mixer-card.h
Examining data/phosh-0.6.0/subprojects/gvc/gvc-mixer-control-private.h
Examining data/phosh-0.6.0/subprojects/gvc/gvc-mixer-control.c
Examining data/phosh-0.6.0/subprojects/gvc/gvc-mixer-control.h
Examining data/phosh-0.6.0/subprojects/gvc/gvc-mixer-event-role.c
Examining data/phosh-0.6.0/subprojects/gvc/gvc-mixer-event-role.h
Examining data/phosh-0.6.0/subprojects/gvc/gvc-mixer-sink-input.c
Examining data/phosh-0.6.0/subprojects/gvc/gvc-mixer-sink-input.h
Examining data/phosh-0.6.0/subprojects/gvc/gvc-mixer-sink.c
Examining data/phosh-0.6.0/subprojects/gvc/gvc-mixer-sink.h
Examining data/phosh-0.6.0/subprojects/gvc/gvc-mixer-source-output.c
Examining data/phosh-0.6.0/subprojects/gvc/gvc-mixer-source-output.h
Examining data/phosh-0.6.0/subprojects/gvc/gvc-mixer-source.c
Examining data/phosh-0.6.0/subprojects/gvc/gvc-mixer-source.h
Examining data/phosh-0.6.0/subprojects/gvc/gvc-mixer-stream-private.h
Examining data/phosh-0.6.0/subprojects/gvc/gvc-mixer-stream.c
Examining data/phosh-0.6.0/subprojects/gvc/gvc-mixer-stream.h
Examining data/phosh-0.6.0/subprojects/gvc/gvc-mixer-ui-device.c
Examining data/phosh-0.6.0/subprojects/gvc/gvc-mixer-ui-device.h
Examining data/phosh-0.6.0/subprojects/gvc/gvc-pulseaudio-fake.h
Examining data/phosh-0.6.0/subprojects/gvc/test-audio-device-selection.c
Examining data/phosh-0.6.0/subprojects/gvc/tests-include/config.h
Examining data/phosh-0.6.0/tests/stubs/bad-prop.h
Examining data/phosh-0.6.0/tests/stubs/phosh.c
Examining data/phosh-0.6.0/tests/stubs/thumbnail.c
Examining data/phosh-0.6.0/tests/stubs/toplevel-manager.c
Examining data/phosh-0.6.0/tests/stubs/toplevel.c
Examining data/phosh-0.6.0/tests/test-activity.c
Examining data/phosh-0.6.0/tests/test-app-grid-button.c
Examining data/phosh-0.6.0/tests/test-app-list-model.c
Examining data/phosh-0.6.0/tests/test-background.c
Examining data/phosh-0.6.0/tests/test-connectivity-info.c
Examining data/phosh-0.6.0/tests/test-favourite-model.c
Examining data/phosh-0.6.0/tests/test-idle-manager.c
Examining data/phosh-0.6.0/tests/test-layer-surface.c
Examining data/phosh-0.6.0/tests/test-lockshield.c
Examining data/phosh-0.6.0/tests/test-media-player.c
Examining data/phosh-0.6.0/tests/test-notification-banner.c
Examining data/phosh-0.6.0/tests/test-notification-content.c
Examining data/phosh-0.6.0/tests/test-notification-frame.c
Examining data/phosh-0.6.0/tests/test-notification-list.c
Examining data/phosh-0.6.0/tests/test-notification-source.c
Examining data/phosh-0.6.0/tests/test-notification.c
Examining data/phosh-0.6.0/tests/test-overview.c
Examining data/phosh-0.6.0/tests/test-quick-setting.c
Examining data/phosh-0.6.0/tests/test-status-icon.c
Examining data/phosh-0.6.0/tests/test-timestamp-label.c
Examining data/phosh-0.6.0/tests/testlib.c
Examining data/phosh-0.6.0/tests/testlib.h
Examining data/phosh-0.6.0/tools/app-buttons.c
Examining data/phosh-0.6.0/tools/app-grid-standalone.c
Examining data/phosh-0.6.0/tools/app-scroll.c
Examining data/phosh-0.6.0/tools/dump-app-list.c
Examining data/phosh-0.6.0/tools/image-notify.c
Examining data/phosh-0.6.0/tools/notify-blocks.c
Examining data/phosh-0.6.0/tools/notify-server-standalone.c
Examining data/phosh-0.6.0/tools/phosh-osk-stub.c
FINAL RESULTS:
data/phosh-0.6.0/src/monitor-manager.c:402:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wl_red.data, red, size);
data/phosh-0.6.0/src/monitor-manager.c:403:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wl_green.data, green, size);
data/phosh-0.6.0/src/monitor-manager.c:404:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wl_blue.data, blue, size);
data/phosh-0.6.0/src/polkit-auth-agent.c:148:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/phosh-0.6.0/subprojects/gvc/gvc-mixer-control.c:1454:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map_buff[PA_CHANNEL_MAP_SNPRINT_MAX];
data/phosh-0.6.0/subprojects/gvc/test-audio-device-selection.c:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *args[G_N_ELEMENTS (audio_selection_choices) + 1];
data/phosh-0.6.0/tests/test-favourite-model.c:46:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *items_missing[2] = {"thing-that-wont-exist.desktop", NULL};
data/phosh-0.6.0/tests/test-favourite-model.c:47:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *items[2] = {"demo.app.First.desktop", NULL};
data/phosh-0.6.0/tests/test-favourite-model.c:74:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *items[2] = {"demo.app.First.desktop", NULL};
data/phosh-0.6.0/src/app-grid-button.c:177:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(app_id + strlen (app_id) - strlen (".desktop")) = '\0';
data/phosh-0.6.0/src/app-grid-button.c:177:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(app_id + strlen (app_id) - strlen (".desktop")) = '\0';
data/phosh-0.6.0/src/app-grid.c:95:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (search == NULL || strlen (search) == 0) {
data/phosh-0.6.0/src/contrib/shell-network-agent.c:628:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (secret && strlen (secret))
data/phosh-0.6.0/src/contrib/shell-network-agent.c:673:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (secret && strlen (secret))
data/phosh-0.6.0/src/media-player.c:584:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (bus_name) < G_N_ELEMENTS (MPRIS_PREFIX))
data/phosh-0.6.0/src/notifications/notification.c:597:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (app_name) > 0 &&
data/phosh-0.6.0/src/notifications/notify-manager.c:255:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (string == NULL || strlen (string) < 1) {
data/phosh-0.6.0/src/polkit-auth-prompt.c:141:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(icon_name && strlen(icon_name)) ? icon_name : "dialog-password-symbolic",
data/phosh-0.6.0/src/polkit-auth-prompt.c:381:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!password || strlen (password) == 0)
data/phosh-0.6.0/src/system-prompt.c:466:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (password);
data/phosh-0.6.0/src/toplevel-thumbnail.c:65:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
randname (name + strlen (name) - 6);
data/phosh-0.6.0/src/util.c:33:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
first_char = strlen ("gnome-");
ANALYSIS SUMMARY:
Hits = 22
Lines analyzed = 46888 in approximately 0.89 seconds (52704 lines/second)
Physical Source Lines of Code (SLOC) = 33166
Hits@level = [0] 2 [1] 13 [2] 9 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 24 [1+] 22 [2+] 9 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.723633 [1+] 0.66333 [2+] 0.271362 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.