Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gdl-3.34.0/gdl/gdl-dock-object.h
Examining data/gdl-3.34.0/gdl/libgdlmarshal.c
Examining data/gdl-3.34.0/gdl/gdl-dock-placeholder.h
Examining data/gdl-3.34.0/gdl/gdl-dock-object.c
Examining data/gdl-3.34.0/gdl/gdl-switcher.c
Examining data/gdl-3.34.0/gdl/gdl-dock-bar.c
Examining data/gdl-3.34.0/gdl/gdl-dock.c
Examining data/gdl-3.34.0/gdl/gdl-dock-item-button-image.c
Examining data/gdl-3.34.0/gdl/gdl-dock-notebook.c
Examining data/gdl-3.34.0/gdl/libgdltypebuiltins.c
Examining data/gdl-3.34.0/gdl/gdl-dock-bar.h
Examining data/gdl-3.34.0/gdl/gdl.h
Examining data/gdl-3.34.0/gdl/gdl-switcher.h
Examining data/gdl-3.34.0/gdl/gdl-dock-master.h
Examining data/gdl-3.34.0/gdl/gdl-dock-layout.h
Examining data/gdl-3.34.0/gdl/gdl-dock-layout.c
Examining data/gdl-3.34.0/gdl/test-dock.c
Examining data/gdl-3.34.0/gdl/gdl-dock-paned.c
Examining data/gdl-3.34.0/gdl/gdl-dock-item-grip.c
Examining data/gdl-3.34.0/gdl/deprecated/gdl-dock-tablabel.h
Examining data/gdl-3.34.0/gdl/deprecated/gdl-dock-tablabel.c
Examining data/gdl-3.34.0/gdl/gdl-dock-item-grip.h
Examining data/gdl-3.34.0/gdl/gdl-dock-item-button-image.h
Examining data/gdl-3.34.0/gdl/libgdlmarshal.h
Examining data/gdl-3.34.0/gdl/gdl-dock-placeholder.c
Examining data/gdl-3.34.0/gdl/libgdltypebuiltins.h
Examining data/gdl-3.34.0/gdl/gdl-dock.h
Examining data/gdl-3.34.0/gdl/gdl-dock-paned.h
Examining data/gdl-3.34.0/gdl/gdl-dock-item.c
Examining data/gdl-3.34.0/gdl/gdl-dock-notebook.h
Examining data/gdl-3.34.0/gdl/gdl-preview-window.h
Examining data/gdl-3.34.0/gdl/gdl-dock-item.h
Examining data/gdl-3.34.0/gdl/gdl-preview-window.c
Examining data/gdl-3.34.0/gdl/gdl-dock-master.c
Examining data/gdl-3.34.0/gdl/gdl-deprecated.c
FINAL RESULTS:
data/gdl-3.34.0/gdl/gdl-dock-layout.c:839:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_handle = fopen (filename, "w");
data/gdl-3.34.0/gdl/gdl-dock-object.c:1404:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dst->data [0].v_int = atoi (src->data [0].v_pointer);
data/gdl-3.34.0/gdl/gdl-dock-object.c:1411:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dst->data [0].v_uint = (guint) atoi (src->data [0].v_pointer);
data/gdl-3.34.0/gdl/gdl-dock-layout.c:291:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (object_name && strlen ((char*)object_name) > 0) {
ANALYSIS SUMMARY:
Hits = 4
Lines analyzed = 16481 in approximately 0.44 seconds (37621 lines/second)
Physical Source Lines of Code (SLOC) = 10742
Hits@level = [0] 1 [1] 1 [2] 3 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 5 [1+] 4 [2+] 3 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.465463 [1+] 0.37237 [2+] 0.279278 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.