Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/desktop-file-utils-0.26/src/install.c
Examining data/desktop-file-utils-0.26/src/keyfileutils.c
Examining data/desktop-file-utils-0.26/src/keyfileutils.h
Examining data/desktop-file-utils-0.26/src/mimeutils.c
Examining data/desktop-file-utils-0.26/src/mimeutils.h
Examining data/desktop-file-utils-0.26/src/update-desktop-database.c
Examining data/desktop-file-utils-0.26/src/validate.c
Examining data/desktop-file-utils-0.26/src/validate.h
Examining data/desktop-file-utils-0.26/src/validator.c
FINAL RESULTS:
data/desktop-file-utils-0.26/src/install.c:131:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[4] = { "update-desktop-database", "-q", (char *) dir, NULL };
data/desktop-file-utils-0.26/src/validate.c:385:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *first_arg[3];
data/desktop-file-utils-0.26/src/validate.c:398:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *requires[2];
data/desktop-file-utils-0.26/src/validate.c:399:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *suggests[4];
data/desktop-file-utils-0.26/src/validate.c:3008:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_buf[VALIDATE_READ_SIZE];
data/desktop-file-utils-0.26/src/keyfileutils.c:148:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *locale = fromkeys[i] + strlen (fromkey);
data/desktop-file-utils-0.26/src/keyfileutils.c:191:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (value);
data/desktop-file-utils-0.26/src/update-desktop-database.c:278:10: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mask = umask(0);
data/desktop-file-utils-0.26/src/update-desktop-database.c:279:10: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
(void) umask (mask);
data/desktop-file-utils-0.26/src/validate.c:976:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp (value, "0.9.", strlen ("0.9."))) {
data/desktop-file-utils-0.26/src/validate.c:979:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = value[strlen ("0.9.")];
data/desktop-file-utils-0.26/src/validate.c:980:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ('3' <= c && c <= '8' && value[strlen ("0.9.") + 1] == '\0')
data/desktop-file-utils-0.26/src/validate.c:1003:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
locale_key + strlen ("Comment"));
data/desktop-file-utils-0.26/src/validate.c:1016:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
locale_key + strlen ("Comment"));
data/desktop-file-utils-0.26/src/validate.c:1823:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!key_is_valid (actions[i], strlen (actions[i]))) {
data/desktop-file-utils-0.26/src/validate.c:1993:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((strlen (argument) == 2 &&
data/desktop-file-utils-0.26/src/validate.c:1995:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (argument) >= 3 &&
data/desktop-file-utils-0.26/src/validate.c:2025:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argument && !strncmp (argument, first, strlen (first))) {
data/desktop-file-utils-0.26/src/validate.c:2026:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
after_first += strlen (first);
data/desktop-file-utils-0.26/src/validate.c:2215:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (key);
data/desktop-file-utils-0.26/src/validate.c:2229:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (start_locale);
data/desktop-file-utils-0.26/src/validate.c:2241:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*real_key = g_strndup (key, strlen (key) - len);
data/desktop-file-utils-0.26/src/validate.c:2363:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (GROUP_DESKTOP_ACTION)));
data/desktop-file-utils-0.26/src/validate.c:2512:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp (group, GROUP_DESKTOP_ACTION, strlen (GROUP_DESKTOP_ACTION))) {
data/desktop-file-utils-0.26/src/validate.c:2513:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (group[strlen (GROUP_DESKTOP_ACTION) - 1] == '\0') {
data/desktop-file-utils-0.26/src/validate.c:2520:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
action = g_strdup (group + strlen (GROUP_DESKTOP_ACTION));
data/desktop-file-utils-0.26/src/validate.c:2522:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!key_is_valid (action, strlen (action))) {
data/desktop-file-utils-0.26/src/validate.c:2800:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = (*chomped == '[' && chomped[strlen (chomped) - 1] == ']');
data/desktop-file-utils-0.26/src/validate.c:2808:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*group = g_strndup (chomped + 1, strlen (chomped) - 2);
data/desktop-file-utils-0.26/src/validate.c:3027:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read (fd, read_buf, VALIDATE_READ_SIZE);
ANALYSIS SUMMARY:
Hits = 30
Lines analyzed = 5468 in approximately 0.19 seconds (29513 lines/second)
Physical Source Lines of Code (SLOC) = 3985
Hits@level = [0] 1 [1] 25 [2] 5 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 31 [1+] 30 [2+] 5 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 7.77917 [1+] 7.52823 [2+] 1.25471 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.