Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/xdg-desktop-portal-gtk-1.8.0/src/testappchooser.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/appchooserrow.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/appchooserrow.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/appchooserdialog.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/appchooserdialog.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/xdg-desktop-portal-gtk.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/utils.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/utils.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/request.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/request.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/session.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/session.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/filechooser.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/filechooser.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/appchooser.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/appchooser.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/notification.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/notification.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/fdonotification.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/fdonotification.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/inhibit.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/inhibit.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/screenshot.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/screenshot.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/screenshotdialog.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/screenshotdialog.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/print.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/print.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/access.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/access.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/account.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/account.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/accountdialog.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/accountdialog.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/email.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/email.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/gtkbackports.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/gtkbackports.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/externalwindow.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/externalwindow.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/screencast.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/screencast.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/screencastwidget.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/screencastwidget.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/screencastdialog.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/screencastdialog.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/gnomescreencast.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/gnomescreencast.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/remotedesktop.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/remotedesktop.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/remotedesktopdialog.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/remotedesktopdialog.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/displaystatetracker.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/displaystatetracker.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/shellintrospect.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/shellintrospect.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/lockdown.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/lockdown.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/background.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/background.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/fc-monitor.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/fc-monitor.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/settings.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/settings.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/wallpaperdialog.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/wallpaperdialog.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/wallpaperpreview.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/wallpaperpreview.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/wallpaper.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/wallpaper.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/externalwindow-x11.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/externalwindow-x11.c
Examining data/xdg-desktop-portal-gtk-1.8.0/src/externalwindow-wayland.h
Examining data/xdg-desktop-portal-gtk-1.8.0/src/externalwindow-wayland.c
FINAL RESULTS:
data/xdg-desktop-portal-gtk-1.8.0/src/print.c:109:9: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
r = g_random_int ();
data/xdg-desktop-portal-gtk-1.8.0/src/email.c:133:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *no_att[1] = { NULL };
data/xdg-desktop-portal-gtk-1.8.0/src/email.c:161:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (addrs + 1, addresses, sizeof (char *) * (len + 1));
data/xdg-desktop-portal-gtk-1.8.0/src/appchooser.c:110:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
handle->chosen = g_strndup (desktop_id, strlen (desktop_id) - strlen (".desktop"));
data/xdg-desktop-portal-gtk-1.8.0/src/appchooser.c:110:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
handle->chosen = g_strndup (desktop_id, strlen (desktop_id) - strlen (".desktop"));
data/xdg-desktop-portal-gtk-1.8.0/src/externalwindow.c:56:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *x11_handle_str = handle_str + strlen (x11_prefix);
data/xdg-desktop-portal-gtk-1.8.0/src/externalwindow.c:69:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *wayland_handle_str = handle_str + strlen (wayland_prefix);
data/xdg-desktop-portal-gtk-1.8.0/src/screencastwidget.c:148:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
processed_app_id[strlen (processed_app_id) -
data/xdg-desktop-portal-gtk-1.8.0/src/screencastwidget.c:149:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (".desktop")] = '\0';
data/xdg-desktop-portal-gtk-1.8.0/src/settings.c:81:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pattern_len = strlen (pattern);
ANALYSIS SUMMARY:
Hits = 10
Lines analyzed = 14576 in approximately 0.30 seconds (48866 lines/second)
Physical Source Lines of Code (SLOC) = 10704
Hits@level = [0] 3 [1] 7 [2] 2 [3] 1 [4] 0 [5] 0
Hits@level+ = [0+] 13 [1+] 10 [2+] 3 [3+] 1 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.2145 [1+] 0.93423 [2+] 0.280269 [3+] 0.093423 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.