Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/rofi-1.5.4/config/config.c
Examining data/rofi-1.5.4/lexer/theme-lexer.c
Examining data/rofi-1.5.4/lexer/theme-parser.c
Examining data/rofi-1.5.4/lexer/theme-parser.h
Examining data/rofi-1.5.4/resources/resources.c
Examining data/rofi-1.5.4/resources/resources.h
Examining data/rofi-1.5.4/test/helper-tokenize.c
Examining data/rofi-1.5.4/test/scrollbar-test.c
Examining data/rofi-1.5.4/test/widget-test.c
Examining data/rofi-1.5.4/test/box-test.c
Examining data/rofi-1.5.4/test/theme-parser-test.c
Examining data/rofi-1.5.4/test/helper-config-cmdline-parser.c
Examining data/rofi-1.5.4/test/helper-expand.c
Examining data/rofi-1.5.4/test/helper-test.c
Examining data/rofi-1.5.4/test/mode-test.c
Examining data/rofi-1.5.4/test/helper-pidfile.c
Examining data/rofi-1.5.4/test/history-test.c
Examining data/rofi-1.5.4/test/textbox-test.c
Examining data/rofi-1.5.4/subprojects/libgwater/xcb/libgwater-xcb.h
Examining data/rofi-1.5.4/subprojects/libgwater/xcb/libgwater-xcb.c
Examining data/rofi-1.5.4/subprojects/libnkutils/src/uuid.c
Examining data/rofi-1.5.4/subprojects/libnkutils/src/xdg-de.c
Examining data/rofi-1.5.4/subprojects/libnkutils/src/gtk-settings.c
Examining data/rofi-1.5.4/subprojects/libnkutils/src/token.c
Examining data/rofi-1.5.4/subprojects/libnkutils/src/bindings.c
Examining data/rofi-1.5.4/subprojects/libnkutils/src/nkutils-token.h
Examining data/rofi-1.5.4/subprojects/libnkutils/src/nkutils-gtk-settings.h
Examining data/rofi-1.5.4/subprojects/libnkutils/src/nkutils-bindings.h
Examining data/rofi-1.5.4/subprojects/libnkutils/src/uuid-libuuid.c
Examining data/rofi-1.5.4/subprojects/libnkutils/src/nkutils-colour.h
Examining data/rofi-1.5.4/subprojects/libnkutils/src/uuid-apr-util.c
Examining data/rofi-1.5.4/subprojects/libnkutils/src/uuid-internal.h
Examining data/rofi-1.5.4/subprojects/libnkutils/src/nkutils-enum.h
Examining data/rofi-1.5.4/subprojects/libnkutils/src/enum.c
Examining data/rofi-1.5.4/subprojects/libnkutils/src/xdg-theme.c
Examining data/rofi-1.5.4/subprojects/libnkutils/src/colour.c
Examining data/rofi-1.5.4/subprojects/libnkutils/src/nkutils-xdg-de.h
Examining data/rofi-1.5.4/subprojects/libnkutils/src/nkutils-uuid.h
Examining data/rofi-1.5.4/subprojects/libnkutils/src/nkutils-xdg-theme.h
Examining data/rofi-1.5.4/subprojects/libnkutils/tests/uuid.c
Examining data/rofi-1.5.4/subprojects/libnkutils/tests/xdg-de.c
Examining data/rofi-1.5.4/subprojects/libnkutils/tests/gtk-settings.c
Examining data/rofi-1.5.4/subprojects/libnkutils/tests/token.c
Examining data/rofi-1.5.4/subprojects/libnkutils/tests/bindings.c
Examining data/rofi-1.5.4/subprojects/libnkutils/tests/enum.c
Examining data/rofi-1.5.4/subprojects/libnkutils/tests/xdg-theme.c
Examining data/rofi-1.5.4/subprojects/libnkutils/tests/colour.c
Examining data/rofi-1.5.4/include/rofi-types.h
Examining data/rofi-1.5.4/include/xcb-internal.h
Examining data/rofi-1.5.4/include/css-colors.h
Examining data/rofi-1.5.4/include/mode.h
Examining data/rofi-1.5.4/include/widgets/widget.h
Examining data/rofi-1.5.4/include/widgets/box.h
Examining data/rofi-1.5.4/include/widgets/container.h
Examining data/rofi-1.5.4/include/widgets/listview.h
Examining data/rofi-1.5.4/include/widgets/icon.h
Examining data/rofi-1.5.4/include/widgets/scrollbar.h
Examining data/rofi-1.5.4/include/widgets/textbox.h
Examining data/rofi-1.5.4/include/widgets/widget-internal.h
Examining data/rofi-1.5.4/include/rofi.h
Examining data/rofi-1.5.4/include/timings.h
Examining data/rofi-1.5.4/include/theme.h
Examining data/rofi-1.5.4/include/xrmoptions.h
Examining data/rofi-1.5.4/include/dialogs/dmenuscriptshared.h
Examining data/rofi-1.5.4/include/dialogs/dmenu.h
Examining data/rofi-1.5.4/include/dialogs/combi.h
Examining data/rofi-1.5.4/include/dialogs/run.h
Examining data/rofi-1.5.4/include/dialogs/dialogs.h
Examining data/rofi-1.5.4/include/dialogs/help-keys.h
Examining data/rofi-1.5.4/include/dialogs/drun.h
Examining data/rofi-1.5.4/include/dialogs/ssh.h
Examining data/rofi-1.5.4/include/dialogs/script.h
Examining data/rofi-1.5.4/include/dialogs/window.h
Examining data/rofi-1.5.4/include/settings.h
Examining data/rofi-1.5.4/include/mode-private.h
Examining data/rofi-1.5.4/include/rofi-icon-fetcher.h
Examining data/rofi-1.5.4/include/history.h
Examining data/rofi-1.5.4/include/view.h
Examining data/rofi-1.5.4/include/helper-theme.h
Examining data/rofi-1.5.4/include/view-internal.h
Examining data/rofi-1.5.4/include/xcb.h
Examining data/rofi-1.5.4/include/helper.h
Examining data/rofi-1.5.4/include/keyb.h
Examining data/rofi-1.5.4/include/display.h
Examining data/rofi-1.5.4/source/rofi-icon-fetcher.c
Examining data/rofi-1.5.4/source/css-colors.c
Examining data/rofi-1.5.4/source/rofi.c
Examining data/rofi-1.5.4/source/widgets/widget.c
Examining data/rofi-1.5.4/source/widgets/box.c
Examining data/rofi-1.5.4/source/widgets/listview.c
Examining data/rofi-1.5.4/source/widgets/container.c
Examining data/rofi-1.5.4/source/widgets/icon.c
Examining data/rofi-1.5.4/source/widgets/textbox.c
Examining data/rofi-1.5.4/source/widgets/scrollbar.c
Examining data/rofi-1.5.4/source/xrmoptions.c
Examining data/rofi-1.5.4/source/history.c
Examining data/rofi-1.5.4/source/dialogs/window.c
Examining data/rofi-1.5.4/source/dialogs/script.c
Examining data/rofi-1.5.4/source/dialogs/help-keys.c
Examining data/rofi-1.5.4/source/dialogs/run.c
Examining data/rofi-1.5.4/source/dialogs/dmenu.c
Examining data/rofi-1.5.4/source/dialogs/combi.c
Examining data/rofi-1.5.4/source/dialogs/drun.c
Examining data/rofi-1.5.4/source/dialogs/ssh.c
Examining data/rofi-1.5.4/source/helper.c
Examining data/rofi-1.5.4/source/keyb.c
Examining data/rofi-1.5.4/source/mode.c
Examining data/rofi-1.5.4/source/rofi-types.c
Examining data/rofi-1.5.4/source/view.c
Examining data/rofi-1.5.4/source/xcb.c
Examining data/rofi-1.5.4/source/timings.c
Examining data/rofi-1.5.4/source/theme.c
FINAL RESULTS:
data/rofi-1.5.4/lexer/theme-parser.c:720:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/rofi-1.5.4/source/view.c:214:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf ( stderr, color_green "Storing screenshot %s\n"color_reset, fpath );
data/rofi-1.5.4/source/xrmoptions.c:647:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf ( "\t"color_italic "%s"color_reset, ( *( xo->value.str ) == NULL ) ? "(unset)" : ( *( xo->value.str ) ) );
data/rofi-1.5.4/source/xrmoptions.c:661:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf ( "\t"color_italic "%u"color_reset, *( xo->value.num ) );
data/rofi-1.5.4/source/xrmoptions.c:675:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf ( "\t"color_italic "%d"color_reset, *( xo->value.snum ) );
data/rofi-1.5.4/source/xrmoptions.c:689:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf ( "\t"color_italic "%c"color_reset, *( xo->value.charc ) );
data/rofi-1.5.4/source/xrmoptions.c:703:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf ( "\t"color_italic "%s"color_reset, ( *( xo->value.snum ) ) ? "True" : "False" );
data/rofi-1.5.4/source/dialogs/run.c:226:42: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
gchar *homedir = g_locale_to_utf8 ( g_get_home_dir (), -1, NULL, &l, &error );
data/rofi-1.5.4/source/dialogs/ssh.c:464:10: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
if ( g_get_home_dir () == NULL ) {
data/rofi-1.5.4/source/dialogs/ssh.c:498:22: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
const char *hd = g_get_home_dir ();
data/rofi-1.5.4/source/dialogs/ssh.c:503:41: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
char *path = g_build_filename ( g_get_home_dir (), ".ssh", "known_hosts", NULL );
data/rofi-1.5.4/source/helper.c:665:33: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
str[i] = g_strdup ( g_get_home_dir () );
data/rofi-1.5.4/source/rofi.c:793:42: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
pidfile = g_build_filename ( g_get_home_dir (), ".rofi.pid", NULL );
data/rofi-1.5.4/subprojects/libnkutils/src/xdg-theme.c:323:17: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
try_dir(g_get_home_dir());
data/rofi-1.5.4/test/helper-expand.c:100:22: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
const char *hd = g_get_home_dir ();
data/rofi-1.5.4/test/helper-pidfile.c:74:28: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
const char *tmpd = g_get_tmp_dir ();
data/rofi-1.5.4/include/mode-private.h:157:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfg_name_key[128];
data/rofi-1.5.4/include/rofi-types.h:44:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char * const PropertyTypeName[P_NUM_TYPES];
data/rofi-1.5.4/lexer/theme-lexer.c:997:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, current->input_str, len);\
data/rofi-1.5.4/lexer/theme-lexer.c:1452:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen ( filename, "rb" );
data/rofi-1.5.4/lexer/theme-lexer.c:3035:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
yyin = fopen ( filename, "rb" );
data/rofi-1.5.4/lexer/theme-parser.c:3176:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/rofi-1.5.4/source/dialogs/dmenu.c:360:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open ( str, O_RDONLY );
data/rofi-1.5.4/source/dialogs/drun.c:269:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[id_len];
data/rofi-1.5.4/source/dialogs/ssh.c:176:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fd = fopen ( path, "r" );
data/rofi-1.5.4/source/dialogs/ssh.c:270:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fd = fopen ( "/etc/hosts", "r" );
data/rofi-1.5.4/source/dialogs/ssh.c:347:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fd = fopen ( filename, "r" );
data/rofi-1.5.4/source/dialogs/window.c:324:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( c->state, states.atoms, MIN ( CLIENTSTATE, states.atoms_len ) * sizeof ( xcb_atom_t ) );
data/rofi-1.5.4/source/dialogs/window.c:330:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( c->window_type, states.atoms, MIN ( CLIENTWINDOWTYPE, states.atoms_len ) * sizeof ( xcb_atom_t ) );
data/rofi-1.5.4/source/dialogs/window.c:494:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( wins, clients.windows, nwins * sizeof ( xcb_window_t ) );
data/rofi-1.5.4/source/dialogs/window.c:501:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( wins, clients.windows, nwins * sizeof ( xcb_window_t ) );
data/rofi-1.5.4/source/dialogs/window.c:621:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char window_regex[100]; /* We are probably safe here */
data/rofi-1.5.4/source/helper.c:509:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/rofi-1.5.4/source/history.c:239:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen ( filename, "w" );
data/rofi-1.5.4/source/rofi-icon-fetcher.c:108:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *themes[2] = { config.icon_theme, NULL };
data/rofi-1.5.4/source/rofi-types.c:6:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * const PropertyTypeName[P_NUM_TYPES] = {
data/rofi-1.5.4/source/theme.c:156:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[G_ASCII_DTOSTR_BUF_SIZE];
data/rofi-1.5.4/source/theme.c:178:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * const WindowLocationStr[9] = {
data/rofi-1.5.4/source/widgets/textbox.c:270:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string [l + 1];
data/rofi-1.5.4/source/xcb.c:133:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &rootpixmap, xcb_get_property_value ( reply ), sizeof ( xcb_pixmap_t ) );
data/rofi-1.5.4/source/xcb.c:237:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( retv->name, tname, tname_len );
data/rofi-1.5.4/subprojects/libnkutils/src/uuid.c:60:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->data, sum, NK_UUID_LENGTH);
data/rofi-1.5.4/lexer/theme-lexer.c:1161:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/rofi-1.5.4/lexer/theme-lexer.c:1686:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
po->str_len = strlen(val);
data/rofi-1.5.4/lexer/theme-lexer.c:2770:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return yy_scan_bytes( yystr, (int) strlen(yystr) );
data/rofi-1.5.4/lexer/theme-lexer.c:3087:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
po->str_len = strlen(string);
data/rofi-1.5.4/lexer/theme-parser.c:941:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen (yystr);
data/rofi-1.5.4/lexer/theme-parser.c:3254:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t yysz = yysize + strlen (yyformat);
data/rofi-1.5.4/resources/resources.c:642:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/rofi-1.5.4/resources/resources.c:650:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/rofi-1.5.4/resources/resources.c:662:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/rofi-1.5.4/resources/resources.c:669:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/rofi-1.5.4/source/dialogs/combi.c:235:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pa->end_index = strlen ( dname );
data/rofi-1.5.4/source/dialogs/drun.c:231:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( exec_path != NULL && strlen ( exec_path ) == 0 ) {
data/rofi-1.5.4/source/dialogs/drun.c:268:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const ssize_t id_len = strlen ( path ) - strlen ( root );
data/rofi-1.5.4/source/dialogs/drun.c:268:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const ssize_t id_len = strlen ( path ) - strlen ( root );
data/rofi-1.5.4/source/dialogs/drun.c:270:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_strlcpy ( id, &( path[strlen ( root ) + 1] ), id_len );
data/rofi-1.5.4/source/dialogs/drun.c:419:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pd->entry_list[pd->cmd_list_length].app_id = g_strndup ( basename, strlen ( basename ) - strlen ( ".desktop" ) );
data/rofi-1.5.4/source/dialogs/drun.c:419:102: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pd->entry_list[pd->cmd_list_length].app_id = g_strndup ( basename, strlen ( basename ) - strlen ( ".desktop" ) );
data/rofi-1.5.4/source/dialogs/run.c:168:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( buffer[strlen ( buffer ) - 1] == '\n' ) {
data/rofi-1.5.4/source/dialogs/run.c:169:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen ( buffer ) - 1] = '\0';
data/rofi-1.5.4/source/dialogs/script.c:110:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pd->message = strlen ( value ) ? g_strdup ( value ) : NULL;
data/rofi-1.5.4/source/dialogs/script.c:171:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buf_length = strlen(buffer)+1;
data/rofi-1.5.4/source/dialogs/ssh.c:109:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize l = strlen ( "Connecting to '' via rofi" ) + strlen ( entry->hostname ) + 1;
data/rofi-1.5.4/source/dialogs/ssh.c:109:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize l = strlen ( "Connecting to '' via rofi" ) + strlen ( entry->hostname ) + 1;
data/rofi-1.5.4/source/helper.c:139:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t str_l = strlen ( r );
data/rofi-1.5.4/source/helper.c:233:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen ( input );
data/rofi-1.5.4/source/helper.c:332:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen ( arg );
data/rofi-1.5.4/source/helper.c:1009:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize l = strlen ( "Launching '' via rofi" ) + strlen ( cmd ) + 1;
data/rofi-1.5.4/source/helper.c:1009:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize l = strlen ( "Launching '' via rofi" ) + strlen ( cmd ) + 1;
data/rofi-1.5.4/source/theme.c:294:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pl = strlen ( p->name );
data/rofi-1.5.4/source/theme.c:338:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
property_name_length = MAX ( strlen ( p->name ), property_name_length );
data/rofi-1.5.4/source/theme.c:816:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( *r == '#' && strlen ( r ) == 9 ) {
data/rofi-1.5.4/source/view.c:825:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ( ahost ), ahost );
data/rofi-1.5.4/source/view.c:1036:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( state->text && strlen ( state->text->text ) > 0 ) {
data/rofi-1.5.4/source/view.c:1398:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( textbox_append_text ( state->text, text, strlen ( text ) ) ) {
data/rofi-1.5.4/source/widgets/textbox.c:621:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = ( int ) strlen ( tb->text );
data/rofi-1.5.4/source/widgets/textbox.c:655:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove ( start, end, ( tb->text + strlen ( tb->text ) ) - end + 1 );
data/rofi-1.5.4/source/xcb.c:291:88: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xcb_query_extension_cookie_t randr_cookie = xcb_query_extension ( xcb->connection, strlen ( extension ), extension );
data/rofi-1.5.4/source/xcb.c:744:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int dl = strlen ( text );
data/rofi-1.5.4/source/xcb.c:1064:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xcb_intern_atom_cookie_t cc = xcb_intern_atom ( xcb->connection, 0, strlen ( netatom_names[i] ), netatom_names[i] );
data/rofi-1.5.4/source/xrmoptions.c:273:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen ( xrmValue ) > 0 &&
data/rofi-1.5.4/source/xrmoptions.c:524:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int) ( 30 - strlen ( option->name ) ), "" );
data/rofi-1.5.4/source/xrmoptions.c:644:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen ( xo->name );
data/rofi-1.5.4/source/xrmoptions.c:658:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen ( xo->name );
data/rofi-1.5.4/source/xrmoptions.c:672:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen ( xo->name );
data/rofi-1.5.4/source/xrmoptions.c:686:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen ( xo->name );
data/rofi-1.5.4/source/xrmoptions.c:700:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen ( xo->name );
data/rofi-1.5.4/source/xrmoptions.c:756:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = 37 - strlen ( option ) - strlen ( type );
data/rofi-1.5.4/source/xrmoptions.c:756:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = 37 - strlen ( option ) - strlen ( type );
data/rofi-1.5.4/source/xrmoptions.c:816:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen ( xrmOptions[i].name );
data/rofi-1.5.4/source/xrmoptions.c:820:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen ( extra_options[i].name );
data/rofi-1.5.4/subprojects/libnkutils/src/bindings.c:347:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(w);
data/rofi-1.5.4/subprojects/libnkutils/src/bindings.c:471:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( g_ascii_strncasecmp(s, "Mouse", strlen("Mouse")) == 0 )
data/rofi-1.5.4/subprojects/libnkutils/src/bindings.c:473:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen("Mouse");
data/rofi-1.5.4/subprojects/libnkutils/src/bindings.c:483:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( g_ascii_strncasecmp(s, "Extra", strlen("Extra")) == 0 )
data/rofi-1.5.4/subprojects/libnkutils/src/bindings.c:485:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen("Extra");
data/rofi-1.5.4/subprojects/libnkutils/src/bindings.c:523:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( g_ascii_strncasecmp(s, "Scroll", strlen("Scroll")) == 0 )
data/rofi-1.5.4/subprojects/libnkutils/src/bindings.c:525:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen("Scroll");
data/rofi-1.5.4/subprojects/libnkutils/src/colour.c:465:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_scanner_input_text(_nk_colour_scanner, s, strlen(s));
data/rofi-1.5.4/subprojects/libnkutils/src/colour.c:552:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const gchar *hex = _nk_colour_scanner->value.v_identifier + strlen("#");
data/rofi-1.5.4/subprojects/libnkutils/src/colour.c:553:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
switch ( strlen(hex) )
data/rofi-1.5.4/subprojects/libnkutils/src/token.c:140:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
self->length = strlen(self->string);
data/rofi-1.5.4/subprojects/libnkutils/src/token.c:299:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w = w + strlen(w) + 1;
data/rofi-1.5.4/subprojects/libnkutils/src/token.c:303:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w += strlen(w);
data/rofi-1.5.4/subprojects/libnkutils/src/uuid.c:48:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(name);
data/rofi-1.5.4/subprojects/libnkutils/src/xdg-de.c:101:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const gchar *s, *e = var + strlen(var);
data/rofi-1.5.4/subprojects/libnkutils/src/xdg-theme.c:840:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tl = strlen(*theme_name);
data/rofi-1.5.4/subprojects/libnkutils/src/xdg-theme.c:844:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l += strlen(G_DIR_SEPARATOR_S) + strlen(name) + 1;
data/rofi-1.5.4/subprojects/libnkutils/src/xdg-theme.c:844:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l += strlen(G_DIR_SEPARATOR_S) + strlen(name) + 1;
data/rofi-1.5.4/subprojects/libnkutils/src/xdg-theme.c:996:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(name) - strlen("-symbolic") + 1;
data/rofi-1.5.4/subprojects/libnkutils/src/xdg-theme.c:996:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(name) - strlen("-symbolic") + 1;
data/rofi-1.5.4/subprojects/libnkutils/src/xdg-theme.c:1072:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(locale);
data/rofi-1.5.4/subprojects/libnkutils/src/xdg-theme.c:1097:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(name);
data/rofi-1.5.4/subprojects/libnkutils/src/xdg-theme.c:1109:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ll = strlen(locales[i]);
data/rofi-1.5.4/test/helper-test.c:135:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str = rofi_force_utf8 ( in, strlen ( in ) );
ANALYSIS SUMMARY:
Hits = 116
Lines analyzed = 40140 in approximately 1.09 seconds (36704 lines/second)
Physical Source Lines of Code (SLOC) = 28856
Hits@level = [0] 173 [1] 74 [2] 26 [3] 9 [4] 7 [5] 0
Hits@level+ = [0+] 289 [1+] 116 [2+] 42 [3+] 16 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 10.0152 [1+] 4.01996 [2+] 1.4555 [3+] 0.554477 [4+] 0.242584 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.