Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ayatana-indicator-notifications-0.8.2/src/dbus-spy.c Examining data/ayatana-indicator-notifications-0.8.2/src/dbus-spy.h Examining data/ayatana-indicator-notifications-0.8.2/src/indicator-notifications.c Examining data/ayatana-indicator-notifications-0.8.2/src/indicator-notifications-settings.c Examining data/ayatana-indicator-notifications-0.8.2/src/notification.c Examining data/ayatana-indicator-notifications-0.8.2/src/notification.h Examining data/ayatana-indicator-notifications-0.8.2/src/notification-menuitem.c Examining data/ayatana-indicator-notifications-0.8.2/src/notification-menuitem.h Examining data/ayatana-indicator-notifications-0.8.2/src/settings.h Examining data/ayatana-indicator-notifications-0.8.2/src/urlregex.c Examining data/ayatana-indicator-notifications-0.8.2/src/urlregex.h FINAL RESULTS: data/ayatana-indicator-notifications-0.8.2/src/indicator-notifications-settings.c:161:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(self->text) > 0) { data/ayatana-indicator-notifications-0.8.2/src/notification.c:127:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). self->priv->summary_length = strlen(self->priv->summary); data/ayatana-indicator-notifications-0.8.2/src/notification.c:136:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). self->priv->body_length = strlen(self->priv->body); data/ayatana-indicator-notifications-0.8.2/src/urlregex.c:102:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int text_length = strlen(text); ANALYSIS SUMMARY: Hits = 4 Lines analyzed = 2647 in approximately 0.09 seconds (29100 lines/second) Physical Source Lines of Code (SLOC) = 1751 Hits@level = [0] 0 [1] 4 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 2.28441 [1+] 2.28441 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.