Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/xpad-5.4.0/src/xpad-grip-tool-item.h
Examining data/xpad-5.4.0/src/prefix.h
Examining data/xpad-5.4.0/src/xpad-toolbar.c
Examining data/xpad-5.4.0/src/xpad-settings.h
Examining data/xpad-5.4.0/src/xpad-tray.c
Examining data/xpad-5.4.0/src/xpad-app.c
Examining data/xpad-5.4.0/src/xpad-app.h
Examining data/xpad-5.4.0/src/xpad-periodic.h
Examining data/xpad-5.4.0/src/xpad-tray.h
Examining data/xpad-5.4.0/src/xpad-text-view.h
Examining data/xpad-5.4.0/src/xpad-text-buffer.h
Examining data/xpad-5.4.0/src/xpad-periodic.c
Examining data/xpad-5.4.0/src/xpad-grip-tool-item.c
Examining data/xpad-5.4.0/src/xpad-preferences.c
Examining data/xpad-5.4.0/src/xpad-pad-group.h
Examining data/xpad-5.4.0/src/xpad-undo.c
Examining data/xpad-5.4.0/src/xpad-session-manager.h
Examining data/xpad-5.4.0/src/help.c
Examining data/xpad-5.4.0/src/xpad-pad-group.c
Examining data/xpad-5.4.0/src/xpad-settings.c
Examining data/xpad-5.4.0/src/fio.c
Examining data/xpad-5.4.0/src/xpad-preferences.h
Examining data/xpad-5.4.0/src/xpad-pad-properties.c
Examining data/xpad-5.4.0/src/help.h
Examining data/xpad-5.4.0/src/xpad-session-manager.c
Examining data/xpad-5.4.0/src/xpad-undo.h
Examining data/xpad-5.4.0/src/xpad-toolbar.h
Examining data/xpad-5.4.0/src/xpad-pad.h
Examining data/xpad-5.4.0/src/xpad-pad-properties.h
Examining data/xpad-5.4.0/src/fio.h
Examining data/xpad-5.4.0/src/xpad-text-buffer.c
Examining data/xpad-5.4.0/src/xpad-styling-helpers.c
Examining data/xpad-5.4.0/src/prefix.c
Examining data/xpad-5.4.0/src/xpad-pad.c
Examining data/xpad-5.4.0/src/xpad-text-view.c
Examining data/xpad-5.4.0/src/xpad-styling-helpers.h
FINAL RESULTS:
data/xpad-5.4.0/src/xpad-app.c:566:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (p, argv[i]);
data/xpad-5.4.0/src/xpad-app.c:726:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (master.sun_path, server_filename);
data/xpad-5.4.0/src/xpad-app.c:760:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (master.sun_path, server_filename);
data/xpad-5.4.0/src/xpad-app.c:314:27: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
dir = g_build_filename (g_get_home_dir (), "." PACKAGE, NULL);
data/xpad-5.4.0/src/xpad-app.c:366:30: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
olddir = g_build_filename (g_get_home_dir (), "." PACKAGE, NULL);
data/xpad-5.4.0/src/xpad-preferences.c:735:67: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
filename = g_strdup_printf ("%s/.config/autostart/xpad.desktop", g_get_home_dir());
data/xpad-5.4.0/src/xpad-settings.c:366:63: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
destination_dir = g_strdup_printf ("%s/.config/autostart", g_get_home_dir());
data/xpad-5.4.0/src/xpad-settings.c:505:98: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_value_set_boolean (value, g_file_test (g_strdup_printf ("%s/.config/autostart/xpad.desktop", g_get_home_dir()), G_FILE_TEST_EXISTS));
data/xpad-5.4.0/src/fio.c:89:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p, replacement, rsize);
data/xpad-5.4.0/src/fio.c:231:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*((gint *) value) = atoi (temp);
data/xpad-5.4.0/src/fio.c:244:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*((gboolean *) value) = atoi (temp) ? TRUE : FALSE;
data/xpad-5.4.0/src/prefix.c:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[5000];
data/xpad-5.4.0/src/prefix.c:117:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen ("/proc/self/maps", "r");
data/xpad-5.4.0/src/prefix.c:350:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (result, str1, len1);
data/xpad-5.4.0/src/prefix.c:351:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (result + len1, str2, len2);
data/xpad-5.4.0/src/prefix.c:372:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (result, str, size);
data/xpad-5.4.0/src/xpad-session-manager.c:284:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_string_net[100];
data/xpad-5.4.0/src/fio.c:77:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize rsize = strlen (replacement);
data/xpad-5.4.0/src/fio.c:85:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*string = g_realloc (*string, strlen (*string) + diff + 1);
data/xpad-5.4.0/src/fio.c:87:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (p + rsize, p + osize, strlen (p + osize) + 1);
data/xpad-5.4.0/src/fio.c:135:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_output_stream_write_all (G_OUTPUT_STREAM (stream), value, strlen (value),
data/xpad-5.4.0/src/fio.c:196:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (buf);
data/xpad-5.4.0/src/fio.c:225:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (temp, where, size);
data/xpad-5.4.0/src/prefix.c:144:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (path);
data/xpad-5.4.0/src/prefix.c:346:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen (str1);
data/xpad-5.4.0/src/prefix.c:347:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen (str2);
data/xpad-5.4.0/src/prefix.c:367:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str);
data/xpad-5.4.0/src/xpad-app.c:58:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define SUN_LEN(sunp) ((size_t)((struct sockaddr_un *)0)->sun_path + strlen((sunp)->sun_path))
data/xpad-5.4.0/src/xpad-app.c:510:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp (name, "info-", 5) && name[strlen (name) - 1] != '~')
data/xpad-5.4.0/src/xpad-app.c:549:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_length = strlen (argv[i]) + 1;
data/xpad-5.4.0/src/xpad-app.c:567:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen (argv[i]);
data/xpad-5.4.0/src/xpad-app.c:613:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (string);
data/xpad-5.4.0/src/xpad-app.c:616:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (list[i], string, len);
data/xpad-5.4.0/src/xpad-app.c:650:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes = read (client_fd, &size, sizeof (size));
data/xpad-5.4.0/src/xpad-app.c:662:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes = read (client_fd, args, size);
data/xpad-5.4.0/src/xpad-app.c:791:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytesRead = read (client_fd, buf, 128);
data/xpad-5.4.0/src/xpad-session-manager.c:226:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_length = strlen (vals.user->value);
data/xpad-5.4.0/src/xpad-session-manager.c:233:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_length = strlen (vals.program->value);
data/xpad-5.4.0/src/xpad-session-manager.c:240:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_length = strlen (vals.clone->value);
data/xpad-5.4.0/src/xpad-session-manager.c:247:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_length = strlen (vals.restart[0].value);
data/xpad-5.4.0/src/xpad-session-manager.c:254:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_length = strlen (vals.restart[1].value);
data/xpad-5.4.0/src/xpad-session-manager.c:261:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_length = strlen (vals.restart[2].value);
data/xpad-5.4.0/src/xpad-session-manager.c:269:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_length = strlen (vals.process->value);
ANALYSIS SUMMARY:
Hits = 43
Lines analyzed = 10387 in approximately 0.27 seconds (38232 lines/second)
Physical Source Lines of Code (SLOC) = 7231
Hits@level = [0] 8 [1] 26 [2] 9 [3] 5 [4] 3 [5] 0
Hits@level+ = [0+] 51 [1+] 43 [2+] 17 [3+] 8 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 7.05297 [1+] 5.94662 [2+] 2.35099 [3+] 1.10635 [4+] 0.41488 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.