Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/eog-3.38.0/jpegutils/jpegint-8a.h
Examining data/eog-3.38.0/jpegutils/jpegint.h
Examining data/eog-3.38.0/jpegutils/transupp-6b.c
Examining data/eog-3.38.0/jpegutils/transupp-6b.h
Examining data/eog-3.38.0/jpegutils/transupp-8a.c
Examining data/eog-3.38.0/jpegutils/transupp-8a.h
Examining data/eog-3.38.0/jpegutils/transupp.h
Examining data/eog-3.38.0/plugins/fullscreen/eog-fullscreen-plugin.c
Examining data/eog-3.38.0/plugins/fullscreen/eog-fullscreen-plugin.h
Examining data/eog-3.38.0/plugins/reload/eog-reload-plugin.c
Examining data/eog-3.38.0/plugins/reload/eog-reload-plugin.h
Examining data/eog-3.38.0/plugins/statusbar-date/eog-statusbar-date-plugin.c
Examining data/eog-3.38.0/plugins/statusbar-date/eog-statusbar-date-plugin.h
Examining data/eog-3.38.0/src/eog-application-activatable.c
Examining data/eog-3.38.0/src/eog-application-activatable.h
Examining data/eog-3.38.0/src/eog-application-internal.h
Examining data/eog-3.38.0/src/eog-application.c
Examining data/eog-3.38.0/src/eog-application.h
Examining data/eog-3.38.0/src/eog-clipboard-handler.c
Examining data/eog-3.38.0/src/eog-clipboard-handler.h
Examining data/eog-3.38.0/src/eog-close-confirmation-dialog.c
Examining data/eog-3.38.0/src/eog-close-confirmation-dialog.h
Examining data/eog-3.38.0/src/eog-config-keys.h
Examining data/eog-3.38.0/src/eog-debug.c
Examining data/eog-3.38.0/src/eog-debug.h
Examining data/eog-3.38.0/src/eog-enums.h
Examining data/eog-3.38.0/src/eog-error-message-area.c
Examining data/eog-3.38.0/src/eog-error-message-area.h
Examining data/eog-3.38.0/src/eog-exif-util.c
Examining data/eog-3.38.0/src/eog-exif-util.h
Examining data/eog-3.38.0/src/eog-file-chooser.c
Examining data/eog-3.38.0/src/eog-file-chooser.h
Examining data/eog-3.38.0/src/eog-image-jpeg.c
Examining data/eog-3.38.0/src/eog-image-jpeg.h
Examining data/eog-3.38.0/src/eog-image-private.h
Examining data/eog-3.38.0/src/eog-image-save-info.c
Examining data/eog-3.38.0/src/eog-image-save-info.h
Examining data/eog-3.38.0/src/eog-image.c
Examining data/eog-3.38.0/src/eog-image.h
Examining data/eog-3.38.0/src/eog-job-scheduler.c
Examining data/eog-3.38.0/src/eog-job-scheduler.h
Examining data/eog-3.38.0/src/eog-jobs.c
Examining data/eog-3.38.0/src/eog-jobs.h
Examining data/eog-3.38.0/src/eog-list-store.c
Examining data/eog-3.38.0/src/eog-list-store.h
Examining data/eog-3.38.0/src/eog-metadata-details.c
Examining data/eog-3.38.0/src/eog-metadata-details.h
Examining data/eog-3.38.0/src/eog-metadata-reader-jpg.c
Examining data/eog-3.38.0/src/eog-metadata-reader-jpg.h
Examining data/eog-3.38.0/src/eog-metadata-reader-png.c
Examining data/eog-3.38.0/src/eog-metadata-reader-png.h
Examining data/eog-3.38.0/src/eog-metadata-reader.c
Examining data/eog-3.38.0/src/eog-metadata-reader.h
Examining data/eog-3.38.0/src/eog-metadata-sidebar.c
Examining data/eog-3.38.0/src/eog-metadata-sidebar.h
Examining data/eog-3.38.0/src/eog-pixbuf-util.c
Examining data/eog-3.38.0/src/eog-pixbuf-util.h
Examining data/eog-3.38.0/src/eog-plugin-engine.c
Examining data/eog-3.38.0/src/eog-plugin-engine.h
Examining data/eog-3.38.0/src/eog-preferences-dialog.c
Examining data/eog-3.38.0/src/eog-preferences-dialog.h
Examining data/eog-3.38.0/src/eog-print-image-setup.c
Examining data/eog-3.38.0/src/eog-print-image-setup.h
Examining data/eog-3.38.0/src/eog-print-preview.c
Examining data/eog-3.38.0/src/eog-print-preview.h
Examining data/eog-3.38.0/src/eog-print.c
Examining data/eog-3.38.0/src/eog-print.h
Examining data/eog-3.38.0/src/eog-properties-dialog.c
Examining data/eog-3.38.0/src/eog-properties-dialog.h
Examining data/eog-3.38.0/src/eog-save-as-dialog-helper.c
Examining data/eog-3.38.0/src/eog-save-as-dialog-helper.h
Examining data/eog-3.38.0/src/eog-scroll-view.c
Examining data/eog-3.38.0/src/eog-scroll-view.h
Examining data/eog-3.38.0/src/eog-session.c
Examining data/eog-3.38.0/src/eog-session.h
Examining data/eog-3.38.0/src/eog-sidebar.c
Examining data/eog-3.38.0/src/eog-sidebar.h
Examining data/eog-3.38.0/src/eog-statusbar.c
Examining data/eog-3.38.0/src/eog-statusbar.h
Examining data/eog-3.38.0/src/eog-thumb-nav.c
Examining data/eog-3.38.0/src/eog-thumb-nav.h
Examining data/eog-3.38.0/src/eog-thumb-view.c
Examining data/eog-3.38.0/src/eog-thumb-view.h
Examining data/eog-3.38.0/src/eog-thumbnail.c
Examining data/eog-3.38.0/src/eog-thumbnail.h
Examining data/eog-3.38.0/src/eog-transform.c
Examining data/eog-3.38.0/src/eog-transform.h
Examining data/eog-3.38.0/src/eog-uri-converter.c
Examining data/eog-3.38.0/src/eog-uri-converter.h
Examining data/eog-3.38.0/src/eog-util.c
Examining data/eog-3.38.0/src/eog-util.h
Examining data/eog-3.38.0/src/eog-window-activatable.c
Examining data/eog-3.38.0/src/eog-window-activatable.h
Examining data/eog-3.38.0/src/eog-window.c
Examining data/eog-3.38.0/src/eog-window.h
Examining data/eog-3.38.0/src/eog-zoom-entry.c
Examining data/eog-3.38.0/src/eog-zoom-entry.h
Examining data/eog-3.38.0/src/main.c
Examining data/eog-3.38.0/src/test-eog-tb.c
Examining data/eog-3.38.0/src/zoom.c
Examining data/eog-3.38.0/src/zoom.h
FINAL RESULTS:
data/eog-3.38.0/src/eog-image.c:1466:36: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
tmp_file_path = g_build_filename (g_get_tmp_dir (), "eog-save-XXXXXX", NULL);
data/eog-3.38.0/src/eog-thumb-view.c:982:43: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
path = gtk_tree_path_new_from_indices (g_random_int_range (0, n_items), -1);
data/eog-3.38.0/src/eog-thumb-view.c:1020:43: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
path = gtk_tree_path_new_from_indices (g_random_int_range (0, n_items), -1);
data/eog-3.38.0/src/eog-util.c:304:37: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
gchar* old_dir = g_build_filename (g_get_home_dir (), ".gnome2",
data/eog-3.38.0/src/eog-util.c:335:35: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
old_filename = g_build_filename (g_get_home_dir (), ".gnome2",
data/eog-3.38.0/src/eog-file-chooser.c:275:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bytes = atoi (bytes_str);
data/eog-3.38.0/src/eog-file-chooser.c:287:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pixels = atoi (height);
data/eog-3.38.0/src/eog-image-jpeg.c:80:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[JMSG_LENGTH_MAX];
data/eog-3.38.0/src/eog-image-jpeg.c:231:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input_file = fopen (infile_uri, "rb");
data/eog-3.38.0/src/eog-image-jpeg.c:240:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output_file = fopen (file, "wb");
data/eog-3.38.0/src/eog-image-jpeg.c:369:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = fopen (file, "wb");
data/eog-3.38.0/src/eog-image-jpeg.c:458:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(buf[j*3]), &(ptr[i*rowstride + j*(rowstride/w)]), 3);
data/eog-3.38.0/src/eog-image.c:1600:16: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
GFile *tmpfile,
data/eog-3.38.0/src/eog-image.c:1609:36: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
tmp_file_restore_unix_attributes (tmpfile, file);
data/eog-3.38.0/src/eog-image.c:1612:24: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
result = g_file_move (tmpfile,
data/eog-3.38.0/src/eog-image.c:1639:25: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
tmp_file_delete (GFile *tmpfile)
data/eog-3.38.0/src/eog-image.c:1646:26: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
result = g_file_delete (tmpfile, NULL, &err);
data/eog-3.38.0/src/eog-image.c:1656:35: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
tmpfile_path = g_file_get_path (tmpfile);
data/eog-3.38.0/src/eog-metadata-details.c:468:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[1024];
data/eog-3.38.0/src/eog-metadata-reader-jpg.c:193:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((guchar*) (chunk) + priv->bytes_read, &buf[*i], priv->size);
data/eog-3.38.0/src/eog-metadata-reader-jpg.c:198:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((guchar*) (chunk) + priv->bytes_read, &buf[*i], chunk_len);
data/eog-3.38.0/src/eog-metadata-reader-png.c:171:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((guchar*) (chunk) + priv->bytes_read, &buf[*i], priv->size);
data/eog-3.38.0/src/eog-metadata-reader-png.c:177:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((guchar*) (chunk) + priv->bytes_read, &buf[*i], chunk_len);
data/eog-3.38.0/src/eog-exif-util.c:118:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p == date + strlen (date)) {
data/eog-3.38.0/src/eog-pixbuf-util.c:81:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (extensions[i]) <= 3) {
data/eog-3.38.0/src/eog-pixbuf-util.c:110:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (suffix_start) - 1;
data/eog-3.38.0/src/eog-save-as-dialog-helper.c:113:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
enable_save = (strlen (gtk_entry_get_text (GTK_ENTRY (data->token_entry))) > 0);
data/eog-3.38.0/src/eog-uri-converter.c:578:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (basename) - len - 1;
data/eog-3.38.0/src/eog-util.c:95:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
remaining_bytes = strlen (str);
ANALYSIS SUMMARY:
Hits = 29
Lines analyzed = 39228 in approximately 0.85 seconds (45971 lines/second)
Physical Source Lines of Code (SLOC) = 27248
Hits@level = [0] 4 [1] 6 [2] 18 [3] 5 [4] 0 [5] 0
Hits@level+ = [0+] 33 [1+] 29 [2+] 23 [3+] 5 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.2111 [1+] 1.0643 [2+] 0.844099 [3+] 0.1835 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.