Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/artha-1.0.5/src/suggestions.h Examining data/artha-1.0.5/src/gui.c Examining data/artha-1.0.5/src/hotkey_editor.c Examining data/artha-1.0.5/src/eggaccelerators.h Examining data/artha-1.0.5/src/wni.c Examining data/artha-1.0.5/src/libnotify.c Examining data/artha-1.0.5/src/instance_handler.h Examining data/artha-1.0.5/src/hotkey_editor.h Examining data/artha-1.0.5/src/suggestions.c Examining data/artha-1.0.5/src/addons.h Examining data/artha-1.0.5/src/mod_notify.h Examining data/artha-1.0.5/src/tomboyutil.c Examining data/artha-1.0.5/src/libnotify.h Examining data/artha-1.0.5/src/instance_handler.c Examining data/artha-1.0.5/src/wni.h Examining data/artha-1.0.5/src/gui.h Examining data/artha-1.0.5/src/mod_notify.c Examining data/artha-1.0.5/src/eggaccelerators.c Examining data/artha-1.0.5/src/tomboyutil.h FINAL RESULTS: data/artha-1.0.5/src/gui.c:421:15: [4] (shell) ShellExecute: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return ((int)ShellExecute(hMainWindow, "open", uri, NULL, NULL, SW_SHOWNORMAL) > 32); data/artha-1.0.5/src/libnotify.c:857:4: [4] (buffer) wcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. wcscpy(&wide_string[++i], ellipses); data/artha-1.0.5/src/libnotify.c:173:3: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection(&thread_guard); data/artha-1.0.5/src/libnotify.c:348:2: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&thread_guard); data/artha-1.0.5/src/libnotify.c:536:4: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&thread_guard); data/artha-1.0.5/src/gui.c:2461:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *hist_file = fopen(hist_file_path, "r"); data/artha-1.0.5/src/gui.c:2898:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *hist_file = fopen(hist_file_path, "a+"); data/artha-1.0.5/src/libnotify.c:96:2: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t summary[MAX_SUMMARY_LENGTH]; data/artha-1.0.5/src/libnotify.c:97:2: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t body[MAX_BODY_LENGTH]; data/artha-1.0.5/src/libnotify.c:851:10: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). if(0 != MultiByteToWideChar(CP_ACP, 0, byte_string, conv_len, wide_string, max_buffer)) data/artha-1.0.5/src/gui.c:2469:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t lookup_len = strlen(lookup); data/artha-1.0.5/src/libnotify.c:850:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int conv_len = ((gint)strlen(byte_string) >= max_buffer) ? conversion_limit : -1; data/artha-1.0.5/src/suggestions.c:81:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(lang_code) >= strlen(dict_lang_tag)) data/artha-1.0.5/src/suggestions.c:81:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(lang_code) >= strlen(dict_lang_tag)) data/artha-1.0.5/src/wni.c:447:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str) - 1; // skip the last close brace (len - 1) data/artha-1.0.5/src/wni.c:566:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). check_len = strlen(term) + 1; // check till \0 so that "Kelly" & "Kelly Gene" don't match data/artha-1.0.5/src/wni.c:637:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). last_char_index = strlen(line) - 1; data/artha-1.0.5/src/wni.c:675:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp += strlen(synptr->words[wdnum]) + 11; data/artha-1.0.5/src/wni.c:876:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). check_len = strlen(lemma) + 1; data/artha-1.0.5/src/wni.c:980:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). check_len = strlen(lemma) + 1; data/artha-1.0.5/src/wni.c:1077:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(0 != g_ascii_strncasecmp(lemma, cursyn->words[j], strlen(cursyn->words[j]) + 1)) data/artha-1.0.5/src/wni.c:1144:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(0 != g_ascii_strncasecmp(lemma, cursyn->words[j], strlen(cursyn->words[j]) + 1)) data/artha-1.0.5/src/wni.c:1452:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( strlen(search_str) > 0 && ANALYSIS SUMMARY: Hits = 23 Lines analyzed = 8823 in approximately 0.21 seconds (41367 lines/second) Physical Source Lines of Code (SLOC) = 6242 Hits@level = [0] 2 [1] 13 [2] 5 [3] 3 [4] 2 [5] 0 Hits@level+ = [0+] 25 [1+] 23 [2+] 10 [3+] 5 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 4.00513 [1+] 3.68472 [2+] 1.60205 [3+] 0.801025 [4+] 0.32041 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.