Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/xfwm4-4.15.3/src/terminate.c
Examining data/xfwm4-4.15.3/src/menu.c
Examining data/xfwm4-4.15.3/src/focus.h
Examining data/xfwm4-4.15.3/src/keyboard.c
Examining data/xfwm4-4.15.3/src/stacking.c
Examining data/xfwm4-4.15.3/src/settings.h
Examining data/xfwm4-4.15.3/src/misc.h
Examining data/xfwm4-4.15.3/src/menu.h
Examining data/xfwm4-4.15.3/src/placement.c
Examining data/xfwm4-4.15.3/src/display.c
Examining data/xfwm4-4.15.3/src/terminate.h
Examining data/xfwm4-4.15.3/src/session.h
Examining data/xfwm4-4.15.3/src/ui_style.h
Examining data/xfwm4-4.15.3/src/xpm-color-table.h
Examining data/xfwm4-4.15.3/src/startup_notification.h
Examining data/xfwm4-4.15.3/src/events.h
Examining data/xfwm4-4.15.3/src/parserc.h
Examining data/xfwm4-4.15.3/src/xsync.c
Examining data/xfwm4-4.15.3/src/transients.c
Examining data/xfwm4-4.15.3/src/stacking.h
Examining data/xfwm4-4.15.3/src/parserc.c
Examining data/xfwm4-4.15.3/src/ui_style.c
Examining data/xfwm4-4.15.3/src/screen.h
Examining data/xfwm4-4.15.3/src/compositor.c
Examining data/xfwm4-4.15.3/src/session.c
Examining data/xfwm4-4.15.3/src/screen.c
Examining data/xfwm4-4.15.3/src/cycle.h
Examining data/xfwm4-4.15.3/src/mypixmap.c
Examining data/xfwm4-4.15.3/src/tabwin.c
Examining data/xfwm4-4.15.3/src/hints.h
Examining data/xfwm4-4.15.3/src/client.c
Examining data/xfwm4-4.15.3/src/spinning_cursor.h
Examining data/xfwm4-4.15.3/src/icons.c
Examining data/xfwm4-4.15.3/src/settings.c
Examining data/xfwm4-4.15.3/src/transients.h
Examining data/xfwm4-4.15.3/src/hints.c
Examining data/xfwm4-4.15.3/src/xsync.h
Examining data/xfwm4-4.15.3/src/keyboard.h
Examining data/xfwm4-4.15.3/src/mywindow.h
Examining data/xfwm4-4.15.3/src/device.c
Examining data/xfwm4-4.15.3/src/main.c
Examining data/xfwm4-4.15.3/src/poswin.h
Examining data/xfwm4-4.15.3/src/event_filter.c
Examining data/xfwm4-4.15.3/src/compositor.h
Examining data/xfwm4-4.15.3/src/workspaces.c
Examining data/xfwm4-4.15.3/src/placement.h
Examining data/xfwm4-4.15.3/src/focus.c
Examining data/xfwm4-4.15.3/src/client.h
Examining data/xfwm4-4.15.3/src/misc.c
Examining data/xfwm4-4.15.3/src/mywindow.c
Examining data/xfwm4-4.15.3/src/netwm.h
Examining data/xfwm4-4.15.3/src/mypixmap.h
Examining data/xfwm4-4.15.3/src/spinning_cursor.c
Examining data/xfwm4-4.15.3/src/startup_notification.c
Examining data/xfwm4-4.15.3/src/netwm.c
Examining data/xfwm4-4.15.3/src/tabwin.h
Examining data/xfwm4-4.15.3/src/wireframe.c
Examining data/xfwm4-4.15.3/src/display.h
Examining data/xfwm4-4.15.3/src/event_filter.h
Examining data/xfwm4-4.15.3/src/events.c
Examining data/xfwm4-4.15.3/src/workspaces.h
Examining data/xfwm4-4.15.3/src/frame.c
Examining data/xfwm4-4.15.3/src/moveresize.h
Examining data/xfwm4-4.15.3/src/cycle.c
Examining data/xfwm4-4.15.3/src/moveresize.c
Examining data/xfwm4-4.15.3/src/frame.h
Examining data/xfwm4-4.15.3/src/icons.h
Examining data/xfwm4-4.15.3/src/poswin.c
Examining data/xfwm4-4.15.3/src/device.h
Examining data/xfwm4-4.15.3/src/wireframe.h
Examining data/xfwm4-4.15.3/settings-dialogs/xfwm4-settings.h
Examining data/xfwm4-4.15.3/settings-dialogs/range-debouncer.c
Examining data/xfwm4-4.15.3/settings-dialogs/workspace-resource.h
Examining data/xfwm4-4.15.3/settings-dialogs/workspace-resource.c
Examining data/xfwm4-4.15.3/settings-dialogs/workspace-settings.c
Examining data/xfwm4-4.15.3/settings-dialogs/tweaks-settings.c
Examining data/xfwm4-4.15.3/settings-dialogs/xfwm4-workspace-dialog_ui.h
Examining data/xfwm4-4.15.3/settings-dialogs/xfwm4-dialog_ui.h
Examining data/xfwm4-4.15.3/settings-dialogs/xfwm4-settings.c
Examining data/xfwm4-4.15.3/settings-dialogs/xfwm4-tweaks-dialog_ui.h
Examining data/xfwm4-4.15.3/settings-dialogs/range-debouncer.h
Examining data/xfwm4-4.15.3/common/xfwm-common.h
Examining data/xfwm4-4.15.3/common/xfwm-common.c
Examining data/xfwm4-4.15.3/helper-dialog/helper-dialog.c
FINAL RESULTS:
data/xfwm4-4.15.3/src/mypixmap.c:163:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf (spec + 1, fmt, &red, &green, &blue) != 3)
data/xfwm4-4.15.3/src/compositor.c:913:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&pixmap, prop, 4);
data/xfwm4-4.15.3/src/compositor.c:1730:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/xfwm4-4.15.3/src/display.c:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/xfwm4-4.15.3/src/hints.c:159:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (hints, data, sizeof (PropMwmHints));
data/xfwm4-4.15.3/src/main.c:224:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *new, *old, path[PATH_MAX];
data/xfwm4-4.15.3/src/main.c:263:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
r = fopen (old, "r");
data/xfwm4-4.15.3/src/main.c:264:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
w = fopen (new, "w");
data/xfwm4-4.15.3/src/main.c:312:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
r = fopen (path, "r");
data/xfwm4-4.15.3/src/main.c:315:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
w = fopen (path, "w");
data/xfwm4-4.15.3/src/mypixmap.c:152:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[16];
data/xfwm4-4.15.3/src/mypixmap.c:205:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char instr[1024];
data/xfwm4-4.15.3/src/parserc.c:38:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define TOINT(x) (x ? atoi(x) : 0)
data/xfwm4-4.15.3/src/parserc.c:60:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (filename, "r");
data/xfwm4-4.15.3/src/session.c:384:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen (filename, "w")))
data/xfwm4-4.15.3/src/session.c:412:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen (filename, "r")))
data/xfwm4-4.15.3/src/terminate.c:108:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[4];
data/xfwm4-4.15.3/settings-dialogs/workspace-resource.c:12711:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/xfwm4-4.15.3/settings-dialogs/workspace-resource.c:12719:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/xfwm4-4.15.3/settings-dialogs/workspace-resource.c:12731:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/xfwm4-4.15.3/settings-dialogs/workspace-resource.c:12738:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/xfwm4-4.15.3/settings-dialogs/xfwm4-settings.c:422:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name[strlen (name) - 1] == '|')
data/xfwm4-4.15.3/settings-dialogs/xfwm4-settings.c:430:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_object_set_data (G_OBJECT (button), "key_char", (gpointer) &name[strlen (name) - 1]);
data/xfwm4-4.15.3/settings-dialogs/xfwm4-settings.c:453:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_object_set_data (G_OBJECT (button), "key_char", (gpointer) &name[strlen (name) - 1]);
data/xfwm4-4.15.3/settings-dialogs/xfwm4-settings.c:1210:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(const guchar *)name, strlen (name));
data/xfwm4-4.15.3/src/client.c:204:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (hostname) && (display_info->hostname) && (g_ascii_strcasecmp (display_info->hostname, hostname)))
data/xfwm4-4.15.3/src/frame.c:817:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen (screen_info->params->button_layout); i++)
data/xfwm4-4.15.3/src/frame.c:852:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = strlen (screen_info->params->button_layout) - 1; j >= i; j--)
data/xfwm4-4.15.3/src/hints.c:687:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned char *) val, strlen (val));
data/xfwm4-4.15.3/src/hints.c:905:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen (ptr) + 1;
data/xfwm4-4.15.3/src/main.c:272:25: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (r)) != EOF)
data/xfwm4-4.15.3/src/main.c:321:29: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (r)) != EOF)
data/xfwm4-4.15.3/src/mypixmap.c:155:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((i = strlen (spec + 1)) % 3)
data/xfwm4-4.15.3/src/mypixmap.c:209:13: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (fscanf (infile, "%1023s", instr) < 0)
data/xfwm4-4.15.3/src/mypixmap.c:227:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((b = getc (infile)) != EOF)
data/xfwm4-4.15.3/src/mypixmap.c:231:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b = getc (infile);
data/xfwm4-4.15.3/src/mypixmap.c:242:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b = getc (infile);
data/xfwm4-4.15.3/src/mypixmap.c:279:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (infile);
data/xfwm4-4.15.3/src/mypixmap.c:287:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (infile)) != EOF)
data/xfwm4-4.15.3/src/mypixmap.c:428:17: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat (color, " ", space);
data/xfwm4-4.15.3/src/mypixmap.c:431:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (color, word, space);
data/xfwm4-4.15.3/src/mypixmap.c:432:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
space -= MIN (space, (gint) strlen (word));
data/xfwm4-4.15.3/src/mypixmap.c:441:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (current_color, new_color, sizeof (current_color) - 1);
data/xfwm4-4.15.3/src/mypixmap.c:456:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (current_color, color, sizeof (current_color) - 1);
data/xfwm4-4.15.3/src/mypixmap.c:594:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (color->color_string, buffer, cpp);
data/xfwm4-4.15.3/src/mypixmap.c:596:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer += strlen (color->color_string);
data/xfwm4-4.15.3/src/mypixmap.c:638:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((!buffer) || (wbytes > (gint) strlen (buffer)))
data/xfwm4-4.15.3/src/mypixmap.c:645:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pixel_str, &buffer[n], cpp);
data/xfwm4-4.15.3/src/session.c:120:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lg = strlen (s);
data/xfwm4-4.15.3/src/session.c:174:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lg = strlen (s);
data/xfwm4-4.15.3/src/session.c:416:13: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf (s, "%4000s", s1);
data/xfwm4-4.15.3/src/settings.c:469:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (font && strlen (font))
data/xfwm4-4.15.3/src/settings.c:542:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (screen_info->params->button_layout, getStringValue ("button_layout", rc), BUTTON_STRING_COUNT);
ANALYSIS SUMMARY:
Hits = 53
Lines analyzed = 59726 in approximately 1.85 seconds (32334 lines/second)
Physical Source Lines of Code (SLOC) = 50977
Hits@level = [0] 33 [1] 36 [2] 16 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 86 [1+] 53 [2+] 17 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 1.68704 [1+] 1.03968 [2+] 0.333484 [3+] 0.0196167 [4+] 0.0196167 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.