stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-agent.c
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-agent.h
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-chooser-button.c
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-chooser-button.h
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-chooser-combo.c
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-chooser-combo.h
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-chooser-private.h
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-chooser.c
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-chooser.h
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-client-private.h
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-client.c
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-client.h
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-enums.h
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-filter-widget.c
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-filter-widget.h
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-hdy-column.c
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-hdy-column.h
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-pairing-dialog.c
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-pairing-dialog.h
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-settings-obexpush.c
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-settings-obexpush.h
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-settings-row.c
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-settings-row.h
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-settings-widget.c
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-settings-widget.h
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-utils.c
Examining data/gnome-bluetooth-3.34.3/lib/bluetooth-utils.h
Examining data/gnome-bluetooth-3.34.3/lib/pin.c
Examining data/gnome-bluetooth-3.34.3/lib/pin.h
Examining data/gnome-bluetooth-3.34.3/lib/test-agent.c
Examining data/gnome-bluetooth-3.34.3/lib/test-class.c
Examining data/gnome-bluetooth-3.34.3/lib/test-client.c
Examining data/gnome-bluetooth-3.34.3/lib/test-deviceselection.c
Examining data/gnome-bluetooth-3.34.3/lib/test-pairing-dialog.c
Examining data/gnome-bluetooth-3.34.3/lib/test-pin.c
Examining data/gnome-bluetooth-3.34.3/lib/test-settings.c
Examining data/gnome-bluetooth-3.34.3/sendto/main.c

FINAL RESULTS:

data/gnome-bluetooth-3.34.3/lib/test-class.c:42:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(b, ((x & z) == z) ? "1" : "0");
data/gnome-bluetooth-3.34.3/lib/bluetooth-settings-obexpush.c:492:26:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
	dir = g_build_filename (g_get_home_dir (), "Downloads", NULL);
data/gnome-bluetooth-3.34.3/lib/bluetooth-settings-widget.c:307:32:  [3] (random) g_random_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	return g_strdup_printf ("%d", g_random_int_range (pow (10, num_digits - 1),
data/gnome-bluetooth-3.34.3/lib/bluetooth-settings-widget.c:331:7:  [3] (random) g_random_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		r = g_random_int_range (1, 5);
data/gnome-bluetooth-3.34.3/lib/test-class.c:38:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char b[9] = {0};
data/gnome-bluetooth-3.34.3/lib/bluetooth-pairing-dialog.c:204:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (entered < strlen (priv->pin))
data/gnome-bluetooth-3.34.3/lib/bluetooth-pairing-dialog.c:246:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!text || strlen (text) < 4)
data/gnome-bluetooth-3.34.3/lib/bluetooth-settings-obexpush.c:531:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			position = strlen (dest_filename);
data/gnome-bluetooth-3.34.3/lib/bluetooth-utils.c:140:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen (bdaddr) != 17)
data/gnome-bluetooth-3.34.3/lib/pin.c:50:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    strlen (oui) < 8)
data/gnome-bluetooth-3.34.3/lib/pin.c:157:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				pdata->max_digits = strtoul (*attr_values + strlen (MAX_DIGITS_PIN_PREFIX), NULL, 0);

ANALYSIS SUMMARY:

Hits = 11
Lines analyzed = 12777 in approximately 0.38 seconds (33659 lines/second)
Physical Source Lines of Code (SLOC) = 9128
Hits@level = [0]   0 [1]   6 [2]   1 [3]   3 [4]   1 [5]   0
Hits@level+ = [0+]  11 [1+]  11 [2+]   5 [3+]   4 [4+]   1 [5+]   0
Hits/KSLOC@level+ = [0+] 1.20508 [1+] 1.20508 [2+] 0.547765 [3+] 0.438212 [4+] 0.109553 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.