Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/font-manager-0.7.9/build-aux/orthographies/OrthographyData.h Examining data/font-manager-0.7.9/build-aux/orthographies/class2struct.cpp Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Afrikaans.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Ahom.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/AleutCyrillic.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/AleutLatin.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Arabic.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/ArchaicGreekLetters.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Armenian.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Astronomy.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Balinese.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Baltic.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Bamum.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/BasicCyrillic.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/BasicGreek.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/BasicLatin.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Batak.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Bengali.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Brahmi.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Buginese.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/CanadianSyllabics.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Carian.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Catalan.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/CentralEuropean.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Chakma.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Cham.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Cherokee.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/ChessSymbols.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/ClaudianLetters.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Coptic.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Currencies.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/CypriotSyllabary.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Devanagari.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Dutch.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/EgyptianHieroglyphs.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Emoticons.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Ethiopic.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Euro.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/ExtendedArabic.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Farsi.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Food.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/FullCyrillic.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Georgian.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Glagolitic.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Gothic.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Gujarati.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Gurmukhi.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/HKSCS.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Hangul.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Hanunoo.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Hebrew.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/IPA.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/IgboOnwu.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Jamo.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Javanese.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Jinmeiyo.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Joyo.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Kaithi.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Kana.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Kannada.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/KayahLi.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Kazakh.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Kharoshthi.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Khmer.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Kokuji.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Lao.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/LatinLigatures.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Lepcha.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Limbu.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/LinearBIdeograms.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/LinearBSyllabary.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/MUFI_3_0.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Malayalam.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/MathematicalGreek.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/MathematicalLatin.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/MathematicalNumerals.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/MathematicalOperators.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/MeeteiMayak.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/MendeKikakui.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/MeroiticCursive.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/MeroiticHieroglyphs.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Miao.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Mongolian.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Myanmar.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/NewTaiLue.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Nko.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Ogham.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/OlChiki.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/OldItalic.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/OldSouthArabian.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Oriya.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Osmanya.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/PanAfricanLatin.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Pashto.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/PhagsPa.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Pinyin.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Polynesian.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/PolytonicGreek.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Rejang.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Romanian.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Runic.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Saurashtra.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/SimplifiedChinese.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Sindhi.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Sinhala.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Siraiki.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/SouthKoreanHanja.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Sundanese.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/SylotiNagri.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Syriac.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/TaiLe.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/TaiTham.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/TaiViet.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Tamil.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Telugu.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Thaana.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Thai.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Tibetan.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Tifinagh.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/TraditionalChinese.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Turkish.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Uighur.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Urdu.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Vai.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/VedicExtensions.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Venda.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Vietnamese.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/WesternEuropean.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/Yi.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/ZhuYinFuHao.h Examining data/font-manager-0.7.9/build-aux/orthographies/fontaine/orthographies.h Examining data/font-manager-0.7.9/extensions/nautilus/font-manager-menu-provider.c Examining data/font-manager-0.7.9/extensions/nautilus/font-manager-menu-provider.h Examining data/font-manager-0.7.9/extensions/nautilus/nautilus-font-manager-module.c Examining data/font-manager-0.7.9/extensions/nemo/font-manager-menu-provider.c Examining data/font-manager-0.7.9/extensions/nemo/font-manager-menu-provider.h Examining data/font-manager-0.7.9/extensions/nemo/nemo-font-manager-module.c Examining data/font-manager-0.7.9/extensions/thunar/font-manager-extension-utils.c Examining data/font-manager-0.7.9/extensions/thunar/font-manager-extension-utils.h Examining data/font-manager-0.7.9/extensions/thunar/font-manager-menu-provider.c Examining data/font-manager-0.7.9/extensions/thunar/font-manager-menu-provider.h Examining data/font-manager-0.7.9/extensions/thunar/font-manager-renamer-provider.c Examining data/font-manager-0.7.9/extensions/thunar/font-manager-renamer-provider.h Examining data/font-manager-0.7.9/extensions/thunar/thunar-font-manager-module.c Examining data/font-manager-0.7.9/lib/common/font-manager-alias.c Examining data/font-manager-0.7.9/lib/common/font-manager-alias.h Examining data/font-manager-0.7.9/lib/common/font-manager-aliases.c Examining data/font-manager-0.7.9/lib/common/font-manager-aliases.h Examining data/font-manager-0.7.9/lib/common/font-manager-character-map.c Examining data/font-manager-0.7.9/lib/common/font-manager-character-map.h Examining data/font-manager-0.7.9/lib/common/font-manager-codepoint-list.c Examining data/font-manager-0.7.9/lib/common/font-manager-codepoint-list.h Examining data/font-manager-0.7.9/lib/common/font-manager-database.c Examining data/font-manager-0.7.9/lib/common/font-manager-database.h Examining data/font-manager-0.7.9/lib/common/font-manager-directories.c Examining data/font-manager-0.7.9/lib/common/font-manager-directories.h Examining data/font-manager-0.7.9/lib/common/font-manager-family.c Examining data/font-manager-0.7.9/lib/common/font-manager-family.h Examining data/font-manager-0.7.9/lib/common/font-manager-font-info.c Examining data/font-manager-0.7.9/lib/common/font-manager-font-info.h Examining data/font-manager-0.7.9/lib/common/font-manager-font-model.c Examining data/font-manager-0.7.9/lib/common/font-manager-font-model.h Examining data/font-manager-0.7.9/lib/common/font-manager-font-preview.c Examining data/font-manager-0.7.9/lib/common/font-manager-font-preview.h Examining data/font-manager-0.7.9/lib/common/font-manager-font-scale.c Examining data/font-manager-0.7.9/lib/common/font-manager-font-scale.h Examining data/font-manager-0.7.9/lib/common/font-manager-font.c Examining data/font-manager-0.7.9/lib/common/font-manager-font.h Examining data/font-manager-0.7.9/lib/common/font-manager-fontconfig.c Examining data/font-manager-0.7.9/lib/common/font-manager-fontconfig.h Examining data/font-manager-0.7.9/lib/common/font-manager-freetype.c Examining data/font-manager-0.7.9/lib/common/font-manager-freetype.h Examining data/font-manager-0.7.9/lib/common/font-manager-gtk-utils.c Examining data/font-manager-0.7.9/lib/common/font-manager-gtk-utils.h Examining data/font-manager-0.7.9/lib/common/font-manager-json-proxy.c Examining data/font-manager-0.7.9/lib/common/font-manager-json-proxy.h Examining data/font-manager-0.7.9/lib/common/font-manager-json.c Examining data/font-manager-0.7.9/lib/common/font-manager-json.h Examining data/font-manager-0.7.9/lib/common/font-manager-license-pane.c Examining data/font-manager-0.7.9/lib/common/font-manager-license-pane.h Examining data/font-manager-0.7.9/lib/common/font-manager-license.h Examining data/font-manager-0.7.9/lib/common/font-manager-orthography.c Examining data/font-manager-0.7.9/lib/common/font-manager-orthography.h Examining data/font-manager-0.7.9/lib/common/font-manager-place-holder.c Examining data/font-manager-0.7.9/lib/common/font-manager-place-holder.h Examining data/font-manager-0.7.9/lib/common/font-manager-preview-controls.c Examining data/font-manager-0.7.9/lib/common/font-manager-preview-controls.h Examining data/font-manager-0.7.9/lib/common/font-manager-preview-pane.c Examining data/font-manager-0.7.9/lib/common/font-manager-preview-pane.h Examining data/font-manager-0.7.9/lib/common/font-manager-progress-data.c Examining data/font-manager-0.7.9/lib/common/font-manager-progress-data.h Examining data/font-manager-0.7.9/lib/common/font-manager-properties-pane.c Examining data/font-manager-0.7.9/lib/common/font-manager-properties-pane.h Examining data/font-manager-0.7.9/lib/common/font-manager-properties.c Examining data/font-manager-0.7.9/lib/common/font-manager-properties.h Examining data/font-manager-0.7.9/lib/common/font-manager-reject.c Examining data/font-manager-0.7.9/lib/common/font-manager-reject.h Examining data/font-manager-0.7.9/lib/common/font-manager-selections.c Examining data/font-manager-0.7.9/lib/common/font-manager-selections.h Examining data/font-manager-0.7.9/lib/common/font-manager-source.c Examining data/font-manager-0.7.9/lib/common/font-manager-source.h Examining data/font-manager-0.7.9/lib/common/font-manager-string-hashset.c Examining data/font-manager-0.7.9/lib/common/font-manager-string-hashset.h Examining data/font-manager-0.7.9/lib/common/font-manager-utils.h Examining data/font-manager-0.7.9/lib/common/font-manager-vendor.h Examining data/font-manager-0.7.9/lib/common/font-manager-xml-writer.c Examining data/font-manager-0.7.9/lib/common/font-manager-xml-writer.h Examining data/font-manager-0.7.9/lib/unicode/unicode-blocks.h Examining data/font-manager-0.7.9/lib/unicode/unicode-categories.h Examining data/font-manager-0.7.9/lib/unicode/unicode-character-map-zoom-window.c Examining data/font-manager-0.7.9/lib/unicode/unicode-character-map-zoom-window.h Examining data/font-manager-0.7.9/lib/unicode/unicode-character-map.c Examining data/font-manager-0.7.9/lib/unicode/unicode-character-map.h Examining data/font-manager-0.7.9/lib/unicode/unicode-codepoint-list.c Examining data/font-manager-0.7.9/lib/unicode/unicode-codepoint-list.h Examining data/font-manager-0.7.9/lib/unicode/unicode-info.c Examining data/font-manager-0.7.9/lib/unicode/unicode-info.h Examining data/font-manager-0.7.9/lib/unicode/unicode-names.h Examining data/font-manager-0.7.9/lib/unicode/unicode-nameslist.h Examining data/font-manager-0.7.9/lib/unicode/unicode-scripts.h Examining data/font-manager-0.7.9/lib/unicode/unicode-search-bar.c Examining data/font-manager-0.7.9/lib/unicode/unicode-search-bar.h Examining data/font-manager-0.7.9/lib/unicode/unicode-unihan.h Examining data/font-manager-0.7.9/lib/unicode/unicode-versions.h FINAL RESULTS: data/font-manager-0.7.9/lib/common/font-manager-properties.c:616:13: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system) { data/font-manager-0.7.9/lib/common/font-manager-properties.c:628:37: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (FcPatternGetInteger(system, FC_HINT_STYLE, 0, &hintstyle) == FcResultMatch) data/font-manager-0.7.9/lib/common/font-manager-properties.c:631:37: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (FcPatternGetInteger(system, FC_RGBA, 0, &rgba) == FcResultMatch) { data/font-manager-0.7.9/lib/common/font-manager-properties.c:636:37: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (FcPatternGetInteger(system, FC_LCD_FILTER, 0, &lcdfilter) == FcResultMatch) data/font-manager-0.7.9/lib/common/font-manager-properties.c:639:36: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (FcPatternGetDouble(system, FC_SCALE, 0 , &scale) == FcResultMatch) data/font-manager-0.7.9/lib/common/font-manager-properties.c:642:36: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (FcPatternGetDouble(system, FC_DPI, 0 , &dpi) == FcResultMatch) data/font-manager-0.7.9/lib/common/font-manager-properties.c:645:34: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (FcPatternGetBool(system, FC_ANTIALIAS, 0 , &antialias) == FcResultMatch) data/font-manager-0.7.9/lib/common/font-manager-properties.c:648:34: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (FcPatternGetBool(system, FC_HINTING, 0 , &hinting) == FcResultMatch) data/font-manager-0.7.9/lib/common/font-manager-properties.c:651:34: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (FcPatternGetBool(system, FC_AUTOHINT, 0 , &autohint) == FcResultMatch) data/font-manager-0.7.9/lib/common/font-manager-properties.c:654:34: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (FcPatternGetBool(system, FC_EMBEDDED_BITMAP, 0 , &embeddedbitmap) == FcResultMatch) data/font-manager-0.7.9/lib/common/font-manager-properties.c:657:30: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. FcPatternDestroy(system); data/font-manager-0.7.9/lib/common/font-manager-font-model.c:477:24: [3] (random) g_random_int: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. do { self->stamp = g_random_int(); } while (self->stamp == 0); data/font-manager-0.7.9/lib/common/font-manager-orthography.c:190:24: [3] (random) g_random_int_range: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int rand = g_random_int_range(0, length); data/font-manager-0.7.9/build-aux/orthographies/class2struct.cpp:17:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outfile.open(filename.str()); data/font-manager-0.7.9/lib/common/font-manager-properties.c:262:59: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_object_set(self, (const gchar *) prop_name, atoi((const char *) prop_val), NULL); data/font-manager-0.7.9/build-aux/orthographies/class2struct.cpp:20:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cout << (strlen(p->nativeName) > 0 ? p->nativeName : p->commonName); data/font-manager-0.7.9/lib/common/font-manager-place-holder.c:100:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). visible = strlen(gtk_label_get_text(GTK_LABEL(self->title))) > 0; data/font-manager-0.7.9/lib/common/font-manager-place-holder.c:105:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). visible = strlen(gtk_label_get_text(GTK_LABEL(self->subtitle))) > 0; data/font-manager-0.7.9/lib/common/font-manager-place-holder.c:110:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). visible = strlen(gtk_label_get_text(GTK_LABEL(self->message))) > 0; data/font-manager-0.7.9/lib/unicode/unicode-search-bar.c:99:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gint needle_len = strlen(needle); data/font-manager-0.7.9/lib/unicode/unicode-search-bar.c:100:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gint haystack_len = strlen(haystack); data/font-manager-0.7.9/lib/unicode/unicode-search-bar.c:494:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(entry_text) != 0) { ANALYSIS SUMMARY: Hits = 22 Lines analyzed = 339222 in approximately 10.51 seconds (32266 lines/second) Physical Source Lines of Code (SLOC) = 328212 Hits@level = [0] 6 [1] 7 [2] 2 [3] 2 [4] 11 [5] 0 Hits@level+ = [0+] 28 [1+] 22 [2+] 15 [3+] 13 [4+] 11 [5+] 0 Hits/KSLOC@level+ = [0+] 0.0853107 [1+] 0.0670298 [2+] 0.0457022 [3+] 0.0396085 [4+] 0.0335149 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.