Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gconf-editor-3.0.1/src/gconf-search.c
Examining data/gconf-editor-3.0.1/src/gconf-util.c
Examining data/gconf-editor-3.0.1/src/gconf-marshal.h
Examining data/gconf-editor-3.0.1/src/gconf-tree-model.h
Examining data/gconf-editor-3.0.1/src/gconf-bookmarks.h
Examining data/gconf-editor-3.0.1/src/gconf-policykit.h
Examining data/gconf-editor-3.0.1/src/gconf-editor-application.h
Examining data/gconf-editor-3.0.1/src/gconf-bookmarks.c
Examining data/gconf-editor-3.0.1/src/gconf-key-editor.h
Examining data/gconf-editor-3.0.1/src/gconf-bookmarks-dialog.h
Examining data/gconf-editor-3.0.1/src/gconf-editor-application.c
Examining data/gconf-editor-3.0.1/src/gconf-bookmarks-dialog.c
Examining data/gconf-editor-3.0.1/src/gconf-cell-renderer.h
Examining data/gconf-editor-3.0.1/src/gconf-policykit.c
Examining data/gconf-editor-3.0.1/src/gconf-marshal.c
Examining data/gconf-editor-3.0.1/src/gconf-util.h
Examining data/gconf-editor-3.0.1/src/gconf-editor-window.c
Examining data/gconf-editor-3.0.1/src/gconf-cell-renderer.c
Examining data/gconf-editor-3.0.1/src/gconf-tree-model.c
Examining data/gconf-editor-3.0.1/src/gconf-search.h
Examining data/gconf-editor-3.0.1/src/gconf-stock-icons.c
Examining data/gconf-editor-3.0.1/src/gconf-stock-icons.h
Examining data/gconf-editor-3.0.1/src/gedit-output-window.c
Examining data/gconf-editor-3.0.1/src/main.c
Examining data/gconf-editor-3.0.1/src/gconf-search-dialog.h
Examining data/gconf-editor-3.0.1/src/gconf-list-model.h
Examining data/gconf-editor-3.0.1/src/gconf-key-editor.c
Examining data/gconf-editor-3.0.1/src/gconf-search-dialog.c
Examining data/gconf-editor-3.0.1/src/gconf-editor-window.h
Examining data/gconf-editor-3.0.1/src/gedit-output-window.h
Examining data/gconf-editor-3.0.1/src/gconf-list-model.c
FINAL RESULTS:
data/gconf-editor-3.0.1/src/gconf-list-model.c:419:17: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
model->stamp = g_random_int ();
data/gconf-editor-3.0.1/src/main.c:32:27: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
return g_build_filename (g_get_home_dir (), ".gnome2", "accels", PACKAGE, NULL);
data/gconf-editor-3.0.1/src/gconf-editor-window.c:137:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!key || strlen (key) < 2)
data/gconf-editor-3.0.1/src/gconf-editor-window.c:891:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (name) > 0) {
data/gconf-editor-3.0.1/src/gconf-editor-window.c:1064:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = text + strlen (text);
data/gconf-editor-3.0.1/src/gconf-key-editor.c:1009:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (key_path[strlen(key_path) - 1] != '/') {
data/gconf-editor-3.0.1/src/gconf-list-model.c:68:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (key, list_model->root_path, strlen (list_model->root_path)) != 0)
data/gconf-editor-3.0.1/src/gconf-tree-model.c:62:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (key) == 1 && key[0] == '/')
data/gconf-editor-3.0.1/src/gconf-tree-model.c:125:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = node->path + strlen (node->path);
data/gconf-editor-3.0.1/src/gconf-tree-model.c:282:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = node->path + strlen (node->path);
data/gconf-editor-3.0.1/src/gconf-util.c:51:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = path + strlen (path);
ANALYSIS SUMMARY:
Hits = 11
Lines analyzed = 7395 in approximately 0.19 seconds (38429 lines/second)
Physical Source Lines of Code (SLOC) = 5307
Hits@level = [0] 0 [1] 9 [2] 0 [3] 2 [4] 0 [5] 0
Hits@level+ = [0+] 11 [1+] 11 [2+] 2 [3+] 2 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 2.07273 [1+] 2.07273 [2+] 0.376861 [3+] 0.376861 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.