Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/giggle-0.7/libgiggle/giggle-remote-ref.c
Examining data/giggle-0.7/libgiggle/giggle-tag.c
Examining data/giggle-0.7/libgiggle/giggle-branch.c
Examining data/giggle-0.7/libgiggle/giggle-revision.h
Examining data/giggle-0.7/libgiggle/giggle-job.c
Examining data/giggle-0.7/libgiggle/giggle-view-shell.h
Examining data/giggle-0.7/libgiggle/giggle-remote-branch.h
Examining data/giggle-0.7/libgiggle/giggle-ref.h
Examining data/giggle-0.7/libgiggle/giggle-sysdeps.h
Examining data/giggle-0.7/libgiggle/giggle-remote.h
Examining data/giggle-0.7/libgiggle/giggle-error.h
Examining data/giggle-0.7/libgiggle/giggle-tag.h
Examining data/giggle-0.7/libgiggle/giggle-enums.c
Examining data/giggle-0.7/libgiggle/giggle-enums.h
Examining data/giggle-0.7/libgiggle/giggle-searchable.c
Examining data/giggle-0.7/libgiggle/giggle-dispatcher.h
Examining data/giggle-0.7/libgiggle/giggle-author.c
Examining data/giggle-0.7/libgiggle/giggle-remote-branch.c
Examining data/giggle-0.7/libgiggle/giggle-remote-ref.h
Examining data/giggle-0.7/libgiggle/giggle-dispatcher.c
Examining data/giggle-0.7/libgiggle/giggle-clipboard.h
Examining data/giggle-0.7/libgiggle/giggle-remote.c
Examining data/giggle-0.7/libgiggle/giggle-revision.c
Examining data/giggle-0.7/libgiggle/giggle-plugin.h
Examining data/giggle-0.7/libgiggle/giggle-job.h
Examining data/giggle-0.7/libgiggle/giggle-plugin.c
Examining data/giggle-0.7/libgiggle/giggle-searchable.h
Examining data/giggle-0.7/libgiggle/giggle-view.h
Examining data/giggle-0.7/libgiggle/giggle-sysdeps.c
Examining data/giggle-0.7/libgiggle/giggle-clipboard.c
Examining data/giggle-0.7/libgiggle/giggle-ref.c
Examining data/giggle-0.7/libgiggle/giggle-error.c
Examining data/giggle-0.7/libgiggle/giggle-view-shell.c
Examining data/giggle-0.7/libgiggle/giggle-history.c
Examining data/giggle-0.7/libgiggle/giggle-plugin-manager.h
Examining data/giggle-0.7/libgiggle/giggle-branch.h
Examining data/giggle-0.7/libgiggle/giggle-plugin-manager.c
Examining data/giggle-0.7/libgiggle/giggle-view.c
Examining data/giggle-0.7/libgiggle/giggle-history.h
Examining data/giggle-0.7/libgiggle/giggle-author.h
Examining data/giggle-0.7/src/giggle-label-action.c
Examining data/giggle-0.7/src/giggle-diff-window.h
Examining data/giggle-0.7/src/giggle-avatar-image.c
Examining data/giggle-0.7/src/giggle-spaning-renderer.h
Examining data/giggle-0.7/src/giggle-input-dialog.c
Examining data/giggle-0.7/src/giggle-rev-list-view.c
Examining data/giggle-0.7/src/giggle-rev-list-view.h
Examining data/giggle-0.7/src/giggle-branches-view.c
Examining data/giggle-0.7/src/giggle-input-dialog.h
Examining data/giggle-0.7/src/giggle-remote-editor.h
Examining data/giggle-0.7/src/giggle-view-diff.h
Examining data/giggle-0.7/src/giggle-window.c
Examining data/giggle-0.7/src/giggle-diff-tree-view.c
Examining data/giggle-0.7/src/eggfindbar.c
Examining data/giggle-0.7/src/giggle-remotes-view.h
Examining data/giggle-0.7/src/giggle-file-list.h
Examining data/giggle-0.7/src/giggle-branches-view.h
Examining data/giggle-0.7/src/giggle-revision-info-action.h
Examining data/giggle-0.7/src/giggle-window.h
Examining data/giggle-0.7/src/giggle-view-diff.c
Examining data/giggle-0.7/src/giggle-revision-info-action.c
Examining data/giggle-0.7/src/giggle-view-history.c
Examining data/giggle-0.7/src/giggle-spaning-renderer.c
Examining data/giggle-0.7/src/giggle-clone-dialog.h
Examining data/giggle-0.7/src/giggle-revision-info.h
Examining data/giggle-0.7/src/giggle-avatar-cache.h
Examining data/giggle-0.7/src/giggle-view-file.h
Examining data/giggle-0.7/src/giggle-short-list.c
Examining data/giggle-0.7/src/giggle-helpers.h
Examining data/giggle-0.7/src/giggle-graph-renderer.c
Examining data/giggle-0.7/src/giggle-revision-view.c
Examining data/giggle-0.7/src/giggle-remotes-view.c
Examining data/giggle-0.7/src/giggle-clone-dialog.c
Examining data/giggle-0.7/src/giggle-view-summary.c
Examining data/giggle-0.7/src/giggle-label-action.h
Examining data/giggle-0.7/src/giggle-view-summary.h
Examining data/giggle-0.7/src/giggle-helpers.c
Examining data/giggle-0.7/src/giggle-revision-info.c
Examining data/giggle-0.7/src/giggle-description-editor.h
Examining data/giggle-0.7/src/giggle-avatar-image.h
Examining data/giggle-0.7/src/giggle-diff-window.c
Examining data/giggle-0.7/src/giggle-main.c
Examining data/giggle-0.7/src/giggle-diff-tree-view.h
Examining data/giggle-0.7/src/giggle-graph-renderer.h
Examining data/giggle-0.7/src/giggle-description-editor.c
Examining data/giggle-0.7/src/giggle-file-list.c
Examining data/giggle-0.7/src/giggle-authors-view.c
Examining data/giggle-0.7/src/giggle-remote-editor.c
Examining data/giggle-0.7/src/giggle-view-history.h
Examining data/giggle-0.7/src/giggle-authors-view.h
Examining data/giggle-0.7/src/eggfindbar.h
Examining data/giggle-0.7/src/giggle-avatar-cache.c
Examining data/giggle-0.7/src/giggle-short-list.h
Examining data/giggle-0.7/src/giggle-revision-view.h
Examining data/giggle-0.7/src/giggle-view-file.c
Examining data/giggle-0.7/src/giggle-diff-view.c
Examining data/giggle-0.7/src/giggle-diff-view.h
Examining data/giggle-0.7/test/check-bare.c
Examining data/giggle-0.7/plugins/giggle-view-terminal-plugin.c
Examining data/giggle-0.7/plugins/giggle-personal-details-window.c
Examining data/giggle-0.7/plugins/giggle-view-terminal.h
Examining data/giggle-0.7/plugins/giggle-hello-world-plugin.c
Examining data/giggle-0.7/plugins/giggle-personal-details-plugin.c
Examining data/giggle-0.7/plugins/giggle-personal-details-window.h
Examining data/giggle-0.7/plugins/giggle-view-terminal.c
Examining data/giggle-0.7/libgiggle-git/giggle-git-blame.c
Examining data/giggle-0.7/libgiggle-git/giggle-git.h
Examining data/giggle-0.7/libgiggle-git/giggle-git-config-write.h
Examining data/giggle-0.7/libgiggle-git/giggle-git-diff.c
Examining data/giggle-0.7/libgiggle-git/giggle-git-refs.h
Examining data/giggle-0.7/libgiggle-git/giggle-git-enums.h
Examining data/giggle-0.7/libgiggle-git/giggle-git-config-read.c
Examining data/giggle-0.7/libgiggle-git/giggle-git-add.h
Examining data/giggle-0.7/libgiggle-git/giggle-git-ignore.h
Examining data/giggle-0.7/libgiggle-git/giggle-git-log.c
Examining data/giggle-0.7/libgiggle-git/giggle-git-delete-ref.c
Examining data/giggle-0.7/libgiggle-git/giggle-git-list-tree.c
Examining data/giggle-0.7/libgiggle-git/giggle-git-diff.h
Examining data/giggle-0.7/libgiggle-git/giggle-git-remote-list.c
Examining data/giggle-0.7/libgiggle-git/giggle-git-enums.c
Examining data/giggle-0.7/libgiggle-git/giggle-git-diff-tree.h
Examining data/giggle-0.7/libgiggle-git/giggle-git-commit.c
Examining data/giggle-0.7/libgiggle-git/giggle-git-config-write.c
Examining data/giggle-0.7/libgiggle-git/giggle-git-revisions.c
Examining data/giggle-0.7/libgiggle-git/giggle-git-cat-file.h
Examining data/giggle-0.7/libgiggle-git/giggle-git-authors.c
Examining data/giggle-0.7/libgiggle-git/giggle-git-clone.h
Examining data/giggle-0.7/libgiggle-git/giggle-git-diff-tree.c
Examining data/giggle-0.7/libgiggle-git/giggle-git-authors.h
Examining data/giggle-0.7/libgiggle-git/giggle-git-revisions.h
Examining data/giggle-0.7/libgiggle-git/giggle-git-clone.c
Examining data/giggle-0.7/libgiggle-git/giggle-git-add-ref.c
Examining data/giggle-0.7/libgiggle-git/giggle-git-config-read.h
Examining data/giggle-0.7/libgiggle-git/giggle-git-list-tree.h
Examining data/giggle-0.7/libgiggle-git/giggle-git-ignore.c
Examining data/giggle-0.7/libgiggle-git/giggle-git-add.c
Examining data/giggle-0.7/libgiggle-git/giggle-git-blame.h
Examining data/giggle-0.7/libgiggle-git/giggle-git-remote-list.h
Examining data/giggle-0.7/libgiggle-git/giggle-git-config.h
Examining data/giggle-0.7/libgiggle-git/giggle-git-log.h
Examining data/giggle-0.7/libgiggle-git/giggle-git-cat-file.c
Examining data/giggle-0.7/libgiggle-git/giggle-git-list-files.h
Examining data/giggle-0.7/libgiggle-git/giggle-git-commit.h
Examining data/giggle-0.7/libgiggle-git/giggle-git-refs.c
Examining data/giggle-0.7/libgiggle-git/giggle-git-delete-ref.h
Examining data/giggle-0.7/libgiggle-git/giggle-git-config.c
Examining data/giggle-0.7/libgiggle-git/giggle-git-add-ref.h
Examining data/giggle-0.7/libgiggle-git/giggle-git-list-files.c
Examining data/giggle-0.7/libgiggle-git/giggle-git.c
FINAL RESULTS:
data/giggle-0.7/libgiggle-git/giggle-git-revisions.c:150:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf (date, "%" GIGGLE_FORMAT_TIME_T, &time);
data/giggle-0.7/libgiggle-git/giggle-git-blame.c:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sha[41];
data/giggle-0.7/libgiggle-git/giggle-git-diff-tree.c:216:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sha1[41], sha2[41];
data/giggle-0.7/libgiggle-git/giggle-git-list-tree.c:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/giggle-0.7/libgiggle-git/giggle-git-list-tree.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sha[41];
data/giggle-0.7/src/giggle-avatar-cache.c:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192];
data/giggle-0.7/src/giggle-revision-info.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[256] = "";
data/giggle-0.7/src/giggle-revision-view.c:452:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/giggle-0.7/src/giggle-window.c:301:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char geometry[25];
data/giggle-0.7/libgiggle-git/giggle-git-blame.c:187:25: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
g_warn_if_fail (4 == sscanf
data/giggle-0.7/libgiggle-git/giggle-git-diff-tree.c:228:12: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (5 != sscanf (lines[i], ":%6d %6d %40s %40s %c\t%n",
data/giggle-0.7/libgiggle-git/giggle-git-ignore.c:207:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen (giggle_git_get_directory (priv->git))
data/giggle-0.7/libgiggle-git/giggle-git-list-tree.c:177:3: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf (start, "%6d %4s %40s\t%n", &item->mode, item->type, item->sha, &len);
data/giggle-0.7/libgiggle-git/giggle-git-refs.c:138:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ref = giggle_branch_new (data[1] + strlen ("refs/heads/"));
data/giggle-0.7/libgiggle-git/giggle-git-refs.c:147:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ref = giggle_tag_new (data[1] + strlen ("refs/tags/"));
data/giggle-0.7/libgiggle-git/giggle-git-refs.c:151:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ref = giggle_remote_ref_new (data[1] + strlen ("refs/remotes/"));
data/giggle-0.7/libgiggle-git/giggle-git-revisions.c:237:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
converted + strlen ("author "),
data/giggle-0.7/libgiggle-git/giggle-git-revisions.c:241:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
converted + strlen ("committer "),
data/giggle-0.7/libgiggle-git/giggle-git-revisions.c:327:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen (str) > 0) {
data/giggle-0.7/libgiggle-git/giggle-git-revisions.c:332:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str += strlen (str) + 1;
data/giggle-0.7/libgiggle-git/giggle-git.c:452:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key += strlen ("svn-remote.");
data/giggle-0.7/libgiggle/giggle-plugin.c:548:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
priv->name[strlen (priv->name) - 4] = '\0';
data/giggle-0.7/libgiggle/giggle-remote.c:242:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
giggle_remote_set_url (remote, *step + strlen ("URL: "));
data/giggle-0.7/libgiggle/giggle-remote.c:245:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*step + strlen ("Push: "));
data/giggle-0.7/libgiggle/giggle-remote.c:248:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*step + strlen ("Pull: "));
data/giggle-0.7/src/giggle-avatar-cache.c:329:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (gravatar_id));
data/giggle-0.7/src/giggle-clone-dialog.c:114:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = start + strlen (start);
data/giggle-0.7/src/giggle-diff-view.c:211:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (text);
data/giggle-0.7/src/giggle-diff-view.c:668:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (filename);
data/giggle-0.7/src/giggle-window.c:1741:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!g_file_set_contents (path, text, strlen (text), &error)) {
ANALYSIS SUMMARY:
Hits = 30
Lines analyzed = 32959 in approximately 0.66 seconds (49596 lines/second)
Physical Source Lines of Code (SLOC) = 23381
Hits@level = [0] 6 [1] 21 [2] 8 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 36 [1+] 30 [2+] 9 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 1.53971 [1+] 1.28309 [2+] 0.384928 [3+] 0.0427698 [4+] 0.0427698 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.