Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gnome-panel-3.38.0/modules/menu/gp-screensaver-gen.c
Examining data/gnome-panel-3.38.0/modules/menu/gp-bookmarks.h
Examining data/gnome-panel-3.38.0/modules/menu/gp-places-menu.h
Examining data/gnome-panel-3.38.0/modules/menu/gp-menu-button-applet.c
Examining data/gnome-panel-3.38.0/modules/menu/gp-user-menu.h
Examining data/gnome-panel-3.38.0/modules/menu/gp-login1-manager-gen.c
Examining data/gnome-panel-3.38.0/modules/menu/gp-menu.c
Examining data/gnome-panel-3.38.0/modules/menu/gp-recent-menu.c
Examining data/gnome-panel-3.38.0/modules/menu/gp-recent-menu.h
Examining data/gnome-panel-3.38.0/modules/menu/gp-screensaver-gen.h
Examining data/gnome-panel-3.38.0/modules/menu/gp-menu-bar-applet.h
Examining data/gnome-panel-3.38.0/modules/menu/gp-volumes.c
Examining data/gnome-panel-3.38.0/modules/menu/gp-lock-logout.h
Examining data/gnome-panel-3.38.0/modules/menu/gp-dm-seat-gen.h
Examining data/gnome-panel-3.38.0/modules/menu/gp-bookmarks.c
Examining data/gnome-panel-3.38.0/modules/menu/gp-menu-utils.c
Examining data/gnome-panel-3.38.0/modules/menu/gp-session-manager-gen.c
Examining data/gnome-panel-3.38.0/modules/menu/gp-menu.h
Examining data/gnome-panel-3.38.0/modules/menu/gp-session-manager-gen.h
Examining data/gnome-panel-3.38.0/modules/menu/gp-dm-seat-gen.c
Examining data/gnome-panel-3.38.0/modules/menu/gp-lock-logout.c
Examining data/gnome-panel-3.38.0/modules/menu/menu-resources.h
Examining data/gnome-panel-3.38.0/modules/menu/menu-resources.c
Examining data/gnome-panel-3.38.0/modules/menu/gp-menu-button-applet.h
Examining data/gnome-panel-3.38.0/modules/menu/gp-menu-bar-applet.c
Examining data/gnome-panel-3.38.0/modules/menu/gp-menu-bar.h
Examining data/gnome-panel-3.38.0/modules/menu/gp-volumes.h
Examining data/gnome-panel-3.38.0/modules/menu/gp-menu-module.c
Examining data/gnome-panel-3.38.0/modules/menu/gp-menu-utils.h
Examining data/gnome-panel-3.38.0/modules/menu/gp-places-menu.c
Examining data/gnome-panel-3.38.0/modules/menu/gp-login1-manager-gen.h
Examining data/gnome-panel-3.38.0/modules/menu/gp-main-menu-applet.h
Examining data/gnome-panel-3.38.0/modules/menu/gp-main-menu-applet.c
Examining data/gnome-panel-3.38.0/modules/menu/gp-menu-button.c
Examining data/gnome-panel-3.38.0/modules/menu/gp-menu-bar.c
Examining data/gnome-panel-3.38.0/modules/menu/gp-user-menu-applet.c
Examining data/gnome-panel-3.38.0/modules/menu/gp-menu-button.h
Examining data/gnome-panel-3.38.0/modules/menu/gp-user-menu.c
Examining data/gnome-panel-3.38.0/modules/menu/gp-user-menu-applet.h
Examining data/gnome-panel-3.38.0/modules/fish/fish-module.c
Examining data/gnome-panel-3.38.0/modules/fish/fish-applet.h
Examining data/gnome-panel-3.38.0/modules/fish/fish-applet.c
Examining data/gnome-panel-3.38.0/modules/fish/fish-resources.h
Examining data/gnome-panel-3.38.0/modules/fish/fish-resources.c
Examining data/gnome-panel-3.38.0/modules/notification-area/na-tray.h
Examining data/gnome-panel-3.38.0/modules/notification-area/na-tray-child.h
Examining data/gnome-panel-3.38.0/modules/notification-area/na-applet.c
Examining data/gnome-panel-3.38.0/modules/notification-area/fixedtip.h
Examining data/gnome-panel-3.38.0/modules/notification-area/na-tray.c
Examining data/gnome-panel-3.38.0/modules/notification-area/na-tray-manager.c
Examining data/gnome-panel-3.38.0/modules/notification-area/fixedtip.c
Examining data/gnome-panel-3.38.0/modules/notification-area/na-tray-manager.h
Examining data/gnome-panel-3.38.0/modules/notification-area/na-tray-child.c
Examining data/gnome-panel-3.38.0/modules/notification-area/na-applet.h
Examining data/gnome-panel-3.38.0/modules/notification-area/na-module.c
Examining data/gnome-panel-3.38.0/modules/clock/clock-face.h
Examining data/gnome-panel-3.38.0/modules/clock/clock-module.c
Examining data/gnome-panel-3.38.0/modules/clock/clock-sunpos.c
Examining data/gnome-panel-3.38.0/modules/clock/calendar-debug.h
Examining data/gnome-panel-3.38.0/modules/clock/clock-resources.c
Examining data/gnome-panel-3.38.0/modules/clock/clock-utils.h
Examining data/gnome-panel-3.38.0/modules/clock/calendar-client.c
Examining data/gnome-panel-3.38.0/modules/clock/clock-sunpos.h
Examining data/gnome-panel-3.38.0/modules/clock/clock-location-tile.c
Examining data/gnome-panel-3.38.0/modules/clock/clock-location.c
Examining data/gnome-panel-3.38.0/modules/clock/clock-location.h
Examining data/gnome-panel-3.38.0/modules/clock/clock-face.c
Examining data/gnome-panel-3.38.0/modules/clock/calendar-client.h
Examining data/gnome-panel-3.38.0/modules/clock/clock-applet.h
Examining data/gnome-panel-3.38.0/modules/clock/clock-applet.c
Examining data/gnome-panel-3.38.0/modules/clock/clock-location-tile.h
Examining data/gnome-panel-3.38.0/modules/clock/calendar-sources.h
Examining data/gnome-panel-3.38.0/modules/clock/clock-typebuiltins.h
Examining data/gnome-panel-3.38.0/modules/clock/clock-map.h
Examining data/gnome-panel-3.38.0/modules/clock/clock-typebuiltins.c
Examining data/gnome-panel-3.38.0/modules/clock/calendar-sources.c
Examining data/gnome-panel-3.38.0/modules/clock/calendar-window.h
Examining data/gnome-panel-3.38.0/modules/clock/set-timezone.h
Examining data/gnome-panel-3.38.0/modules/clock/calendar-window.c
Examining data/gnome-panel-3.38.0/modules/clock/clock-map.c
Examining data/gnome-panel-3.38.0/modules/clock/clock-resources.h
Examining data/gnome-panel-3.38.0/modules/clock/set-timezone.c
Examining data/gnome-panel-3.38.0/modules/clock/clock-utils.c
Examining data/gnome-panel-3.38.0/modules/separator/separator-module.c
Examining data/gnome-panel-3.38.0/modules/separator/separator-applet.h
Examining data/gnome-panel-3.38.0/modules/separator/separator-applet.c
Examining data/gnome-panel-3.38.0/modules/launcher/gp-launcher-button.c
Examining data/gnome-panel-3.38.0/modules/launcher/gp-custom-launcher-applet.c
Examining data/gnome-panel-3.38.0/modules/launcher/gp-editor.c
Examining data/gnome-panel-3.38.0/modules/launcher/gp-custom-launcher-applet.h
Examining data/gnome-panel-3.38.0/modules/launcher/gp-icon-name-chooser.h
Examining data/gnome-panel-3.38.0/modules/launcher/gp-launcher-applet.c
Examining data/gnome-panel-3.38.0/modules/launcher/launcher-resources.c
Examining data/gnome-panel-3.38.0/modules/launcher/gp-launcher-utils.c
Examining data/gnome-panel-3.38.0/modules/launcher/gp-launcher-utils.h
Examining data/gnome-panel-3.38.0/modules/launcher/gp-launcher-properties.h
Examining data/gnome-panel-3.38.0/modules/launcher/gp-launcher-properties.c
Examining data/gnome-panel-3.38.0/modules/launcher/gp-editor.h
Examining data/gnome-panel-3.38.0/modules/launcher/gp-launcher-button.h
Examining data/gnome-panel-3.38.0/modules/launcher/launcher-resources.h
Examining data/gnome-panel-3.38.0/modules/launcher/gp-launcher-applet.h
Examining data/gnome-panel-3.38.0/modules/launcher/gp-launcher-module.c
Examining data/gnome-panel-3.38.0/modules/launcher/gp-icon-name-chooser.c
Examining data/gnome-panel-3.38.0/modules/action-button/gp-shutdown-applet.c
Examining data/gnome-panel-3.38.0/modules/action-button/panel-force-quit.h
Examining data/gnome-panel-3.38.0/modules/action-button/gp-shutdown-applet.h
Examining data/gnome-panel-3.38.0/modules/action-button/gpab-session-manager-gen.c
Examining data/gnome-panel-3.38.0/modules/action-button/panel-force-quit.c
Examining data/gnome-panel-3.38.0/modules/action-button/gp-action-button-module.c
Examining data/gnome-panel-3.38.0/modules/action-button/action-button-resources.c
Examining data/gnome-panel-3.38.0/modules/action-button/gp-logout-applet.h
Examining data/gnome-panel-3.38.0/modules/action-button/gp-action-button-applet.c
Examining data/gnome-panel-3.38.0/modules/action-button/gpab-screensaver-gen.c
Examining data/gnome-panel-3.38.0/modules/action-button/gp-force-quit-applet.c
Examining data/gnome-panel-3.38.0/modules/action-button/gp-run-applet.c
Examining data/gnome-panel-3.38.0/modules/action-button/gp-action-button-applet.h
Examining data/gnome-panel-3.38.0/modules/action-button/gp-action-button.h
Examining data/gnome-panel-3.38.0/modules/action-button/gpab-screensaver-gen.h
Examining data/gnome-panel-3.38.0/modules/action-button/gp-logout-applet.c
Examining data/gnome-panel-3.38.0/modules/action-button/gp-action-button.c
Examining data/gnome-panel-3.38.0/modules/action-button/gp-run-applet.h
Examining data/gnome-panel-3.38.0/modules/action-button/gp-lock-screen-applet.c
Examining data/gnome-panel-3.38.0/modules/action-button/gp-lock-screen-applet.h
Examining data/gnome-panel-3.38.0/modules/action-button/gpab-session-manager-gen.h
Examining data/gnome-panel-3.38.0/modules/action-button/action-button-resources.h
Examining data/gnome-panel-3.38.0/modules/action-button/gp-force-quit-applet.h
Examining data/gnome-panel-3.38.0/modules/wncklet/window-list.h
Examining data/gnome-panel-3.38.0/modules/wncklet/wncklet-resources.h
Examining data/gnome-panel-3.38.0/modules/wncklet/window-menu.h
Examining data/gnome-panel-3.38.0/modules/wncklet/showdesktop.h
Examining data/gnome-panel-3.38.0/modules/wncklet/window-list.c
Examining data/gnome-panel-3.38.0/modules/wncklet/wncklet-resources.c
Examining data/gnome-panel-3.38.0/modules/wncklet/workspace-switcher.h
Examining data/gnome-panel-3.38.0/modules/wncklet/showdesktop.c
Examining data/gnome-panel-3.38.0/modules/wncklet/window-menu.c
Examining data/gnome-panel-3.38.0/modules/wncklet/wncklet.h
Examining data/gnome-panel-3.38.0/modules/wncklet/wncklet-module.c
Examining data/gnome-panel-3.38.0/modules/wncklet/wncklet.c
Examining data/gnome-panel-3.38.0/modules/wncklet/workspace-switcher.c
Examining data/gnome-panel-3.38.0/modules/status-notifier/sn-dbus-menu-item.c
Examining data/gnome-panel-3.38.0/modules/status-notifier/sn-watcher-v0-gen.c
Examining data/gnome-panel-3.38.0/modules/status-notifier/sn-host.c
Examining data/gnome-panel-3.38.0/modules/status-notifier/sn-host.h
Examining data/gnome-panel-3.38.0/modules/status-notifier/sn-dbus-menu-gen.c
Examining data/gnome-panel-3.38.0/modules/status-notifier/sn-applet.h
Examining data/gnome-panel-3.38.0/modules/status-notifier/sn-host-v0.c
Examining data/gnome-panel-3.38.0/modules/status-notifier/sn-item-v0-gen.c
Examining data/gnome-panel-3.38.0/modules/status-notifier/sn-dbus-menu-item.h
Examining data/gnome-panel-3.38.0/modules/status-notifier/sn-applet.c
Examining data/gnome-panel-3.38.0/modules/status-notifier/sn-item-v0.c
Examining data/gnome-panel-3.38.0/modules/status-notifier/sn-dbus-menu.h
Examining data/gnome-panel-3.38.0/modules/status-notifier/sn-module.c
Examining data/gnome-panel-3.38.0/modules/status-notifier/sn-dbus-menu-gen.h
Examining data/gnome-panel-3.38.0/modules/status-notifier/sn-item.c
Examining data/gnome-panel-3.38.0/modules/status-notifier/sn-host-v0-gen.c
Examining data/gnome-panel-3.38.0/modules/status-notifier/sn-item-v0-gen.h
Examining data/gnome-panel-3.38.0/modules/status-notifier/sn-host-v0-gen.h
Examining data/gnome-panel-3.38.0/modules/status-notifier/sn-dbus-menu.c
Examining data/gnome-panel-3.38.0/modules/status-notifier/sn-host-v0.h
Examining data/gnome-panel-3.38.0/modules/status-notifier/sn-item.h
Examining data/gnome-panel-3.38.0/modules/status-notifier/sn-watcher-v0-gen.h
Examining data/gnome-panel-3.38.0/modules/status-notifier/sn-item-v0.h
Examining data/gnome-panel-3.38.0/gnome-panel/gp-theme.h
Examining data/gnome-panel-3.38.0/gnome-panel/panel.h
Examining data/gnome-panel-3.38.0/gnome-panel/panel.c
Examining data/gnome-panel-3.38.0/gnome-panel/panel-resources.h
Examining data/gnome-panel-3.38.0/gnome-panel/panel-context-menu.c
Examining data/gnome-panel-3.38.0/gnome-panel/gp-arrow-button.h
Examining data/gnome-panel-3.38.0/gnome-panel/gp-application.h
Examining data/gnome-panel-3.38.0/gnome-panel/gp-session.c
Examining data/gnome-panel-3.38.0/gnome-panel/gp-applet-row.h
Examining data/gnome-panel-3.38.0/gnome-panel/gp-properties-dialog.c
Examining data/gnome-panel-3.38.0/gnome-panel/panel-bindings.c
Examining data/gnome-panel-3.38.0/gnome-panel/panel-toplevel.c
Examining data/gnome-panel-3.38.0/gnome-panel/panel-layout.h
Examining data/gnome-panel-3.38.0/gnome-panel/panel-typebuiltins.h
Examining data/gnome-panel-3.38.0/gnome-panel/panel-struts.c
Examining data/gnome-panel-3.38.0/gnome-panel/gp-main.c
Examining data/gnome-panel-3.38.0/gnome-panel/panel-applets-manager.c
Examining data/gnome-panel-3.38.0/gnome-panel/gp-arrow-button.c
Examining data/gnome-panel-3.38.0/gnome-panel/gp-applet-manager.h
Examining data/gnome-panel-3.38.0/gnome-panel/panel-typebuiltins.c
Examining data/gnome-panel-3.38.0/gnome-panel/panel-bindings.h
Examining data/gnome-panel-3.38.0/gnome-panel/panel-enums-gsettings.h
Examining data/gnome-panel-3.38.0/gnome-panel/panel-widget.h
Examining data/gnome-panel-3.38.0/gnome-panel/panel-a11y.c
Examining data/gnome-panel-3.38.0/gnome-panel/panel-xutils.h
Examining data/gnome-panel-3.38.0/gnome-panel/panel-run-dialog.h
Examining data/gnome-panel-3.38.0/gnome-panel/gp-module-manager.c
Examining data/gnome-panel-3.38.0/gnome-panel/panel-lockdown.c
Examining data/gnome-panel-3.38.0/gnome-panel/panel-object-loader.h
Examining data/gnome-panel-3.38.0/gnome-panel/panel-schemas.h
Examining data/gnome-panel-3.38.0/gnome-panel/panel-action-protocol.h
Examining data/gnome-panel-3.38.0/gnome-panel/panel-util.c
Examining data/gnome-panel-3.38.0/gnome-panel/gp-applet-manager.c
Examining data/gnome-panel-3.38.0/gnome-panel/panel-util.h
Examining data/gnome-panel-3.38.0/gnome-panel/panel-object-loader.c
Examining data/gnome-panel-3.38.0/gnome-panel/panel-multiscreen.h
Examining data/gnome-panel-3.38.0/gnome-panel/panel-layout.c
Examining data/gnome-panel-3.38.0/gnome-panel/applet.h
Examining data/gnome-panel-3.38.0/gnome-panel/panel-widget.c
Examining data/gnome-panel-3.38.0/gnome-panel/gp-properties-dialog.h
Examining data/gnome-panel-3.38.0/gnome-panel/panel-action-protocol.c
Examining data/gnome-panel-3.38.0/gnome-panel/panel-xutils.c
Examining data/gnome-panel-3.38.0/gnome-panel/gp-add-applet-window.h
Examining data/gnome-panel-3.38.0/gnome-panel/panel-resources.c
Examining data/gnome-panel-3.38.0/gnome-panel/gp-application.c
Examining data/gnome-panel-3.38.0/gnome-panel/panel-multiscreen.c
Examining data/gnome-panel-3.38.0/gnome-panel/panel-icon-names.h
Examining data/gnome-panel-3.38.0/gnome-panel/gp-theme.c
Examining data/gnome-panel-3.38.0/gnome-panel/panel-struts.h
Examining data/gnome-panel-3.38.0/gnome-panel/gp-add-applet-window.c
Examining data/gnome-panel-3.38.0/gnome-panel/applet.c
Examining data/gnome-panel-3.38.0/gnome-panel/libpanel-util/panel-xdg.h
Examining data/gnome-panel-3.38.0/gnome-panel/libpanel-util/panel-dconf.c
Examining data/gnome-panel-3.38.0/gnome-panel/libpanel-util/panel-glib.c
Examining data/gnome-panel-3.38.0/gnome-panel/libpanel-util/panel-show.h
Examining data/gnome-panel-3.38.0/gnome-panel/libpanel-util/panel-keyfile.h
Examining data/gnome-panel-3.38.0/gnome-panel/libpanel-util/panel-cleanup.c
Examining data/gnome-panel-3.38.0/gnome-panel/libpanel-util/panel-xdg.c
Examining data/gnome-panel-3.38.0/gnome-panel/libpanel-util/panel-error.h
Examining data/gnome-panel-3.38.0/gnome-panel/libpanel-util/panel-gsettings.c
Examining data/gnome-panel-3.38.0/gnome-panel/libpanel-util/panel-cleanup.h
Examining data/gnome-panel-3.38.0/gnome-panel/libpanel-util/panel-dconf.h
Examining data/gnome-panel-3.38.0/gnome-panel/libpanel-util/panel-glib.h
Examining data/gnome-panel-3.38.0/gnome-panel/libpanel-util/panel-keyfile.c
Examining data/gnome-panel-3.38.0/gnome-panel/libpanel-util/panel-error.c
Examining data/gnome-panel-3.38.0/gnome-panel/libpanel-util/panel-gsettings.h
Examining data/gnome-panel-3.38.0/gnome-panel/libpanel-util/panel-show.c
Examining data/gnome-panel-3.38.0/gnome-panel/panel-context-menu.h
Examining data/gnome-panel-3.38.0/gnome-panel/panel-run-dialog.c
Examining data/gnome-panel-3.38.0/gnome-panel/panel-a11y.h
Examining data/gnome-panel-3.38.0/gnome-panel/gp-applet-row.c
Examining data/gnome-panel-3.38.0/gnome-panel/gp-session.h
Examining data/gnome-panel-3.38.0/gnome-panel/gp-module-manager.h
Examining data/gnome-panel-3.38.0/gnome-panel/panel-applet-frame.h
Examining data/gnome-panel-3.38.0/gnome-panel/panel-applet-frame.c
Examining data/gnome-panel-3.38.0/gnome-panel/panel-lockdown.h
Examining data/gnome-panel-3.38.0/gnome-panel/panel-toplevel.h
Examining data/gnome-panel-3.38.0/gnome-panel/panel-applets-manager.h
Examining data/gnome-panel-3.38.0/gnome-panel/panel-types.h
Examining data/gnome-panel-3.38.0/libgnome-panel/gp-utils.h
Examining data/gnome-panel-3.38.0/libgnome-panel/gp-initial-setup-dialog.c
Examining data/gnome-panel-3.38.0/libgnome-panel/gp-initial-setup-dialog.h
Examining data/gnome-panel-3.38.0/libgnome-panel/gp-applet-private.h
Examining data/gnome-panel-3.38.0/libgnome-panel/gp-applet-info.c
Examining data/gnome-panel-3.38.0/libgnome-panel/gp-module.h
Examining data/gnome-panel-3.38.0/libgnome-panel/gp-action-private.h
Examining data/gnome-panel-3.38.0/libgnome-panel/gp-enum-types.c
Examining data/gnome-panel-3.38.0/libgnome-panel/gp-initial-setup-dialog-private.h
Examining data/gnome-panel-3.38.0/libgnome-panel/gp-image-menu-item.c
Examining data/gnome-panel-3.38.0/libgnome-panel/gp-action.h
Examining data/gnome-panel-3.38.0/libgnome-panel/gp-image-menu-item.h
Examining data/gnome-panel-3.38.0/libgnome-panel/gp-lockdown.c
Examining data/gnome-panel-3.38.0/libgnome-panel/gp-applet.c
Examining data/gnome-panel-3.38.0/libgnome-panel/gp-applet-info-private.h
Examining data/gnome-panel-3.38.0/libgnome-panel/gp-lockdown.h
Examining data/gnome-panel-3.38.0/libgnome-panel/gp-utils.c
Examining data/gnome-panel-3.38.0/libgnome-panel/gp-applet-info.h
Examining data/gnome-panel-3.38.0/libgnome-panel/gp-enum-types.h
Examining data/gnome-panel-3.38.0/libgnome-panel/gp-module.c
Examining data/gnome-panel-3.38.0/libgnome-panel/gp-action.c
Examining data/gnome-panel-3.38.0/libgnome-panel/gp-applet.h
Examining data/gnome-panel-3.38.0/libgnome-panel/gp-module-private.h
FINAL RESULTS:
data/gnome-panel-3.38.0/gnome-panel/libpanel-util/panel-keyfile.c:129:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (new_data, KEYFILE_TRUSTED_SHEBANG);
data/gnome-panel-3.38.0/modules/clock/calendar-debug.h:33:24: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define dprintf(...) fprintf (stderr, __VA_ARGS__);
data/gnome-panel-3.38.0/modules/clock/calendar-debug.h:35:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define dprintf(args...) fprintf (stderr, args);
data/gnome-panel-3.38.0/modules/clock/set-timezone.c:45:27: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
static GDBusConnection *system;
data/gnome-panel-3.38.0/modules/clock/set-timezone.c:58:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return system;
data/gnome-panel-3.38.0/gnome-panel/panel-run-dialog.c:1306:11: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_get_home_dir ());
data/gnome-panel-3.38.0/gnome-panel/panel-run-dialog.c:1503:31: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
dirname = g_build_filename (g_get_home_dir (), dirprefix, NULL);
data/gnome-panel-3.38.0/gnome-panel/panel-run-dialog.c:1905:44: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
save_uri = panel_make_unique_desktop_uri (g_get_tmp_dir (), name);
data/gnome-panel-3.38.0/gnome-panel/panel-util.c:467:33: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
compare = g_file_new_for_path (g_get_home_dir ());
data/gnome-panel-3.38.0/gnome-panel/panel-util.c:593:25: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
else if (strcmp (path, g_get_home_dir ()) == 0)
data/gnome-panel-3.38.0/gnome-panel/panel-util.c:786:27: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
path = g_build_filename (g_get_home_dir (), location, NULL);
data/gnome-panel-3.38.0/gnome-panel/panel.c:702:31: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
file = g_file_new_for_path (g_get_home_dir ());
data/gnome-panel-3.38.0/gnome-panel/panel.c:757:30: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
home = g_file_new_for_path (g_get_home_dir ());
data/gnome-panel-3.38.0/modules/launcher/gp-launcher-applet.c:1070:41: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_str_has_prefix (priv->location, g_get_home_dir ()))
data/gnome-panel-3.38.0/modules/menu/gp-menu-utils.c:200:34: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
compare = g_file_new_for_path (g_get_home_dir ());
data/gnome-panel-3.38.0/modules/menu/gp-places-menu.c:420:31: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
file = g_file_new_for_path (g_get_home_dir ());
data/gnome-panel-3.38.0/gnome-panel/libpanel-util/panel-keyfile.c:130:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_data + strlen (KEYFILE_TRUSTED_SHEBANG),
data/gnome-panel-3.38.0/gnome-panel/panel-run-dialog.c:446:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
real_argv[i] = (char *)the_argv[j];
data/gnome-panel-3.38.0/gnome-panel/panel-toplevel.c:1556:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *description[4][4] = {
data/gnome-panel-3.38.0/gnome-panel/panel-util.c:280:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[NAME_MAX];
data/gnome-panel-3.38.0/modules/fish/fish-applet.c:467:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[4096];
data/gnome-panel-3.38.0/modules/fish/fish-applet.c:704:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char location [256];
data/gnome-panel-3.38.0/modules/fish/fish-applet.c:710:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zone = fopen("/etc/timezone", "r");
data/gnome-panel-3.38.0/modules/fish/fish-applet.c:735:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (location, &buffer [i + 2], len - i - 2);
data/gnome-panel-3.38.0/modules/notification-area/na-tray-manager.c:344:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((msg->str + msg->len - msg->remaining_len),
data/gnome-panel-3.38.0/gnome-panel/gp-applet-manager.c:173:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
module_id = g_strndup (iid, strlen (iid) - strlen (applet_id));
data/gnome-panel-3.38.0/gnome-panel/gp-applet-manager.c:173:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
module_id = g_strndup (iid, strlen (iid) - strlen (applet_id));
data/gnome-panel-3.38.0/gnome-panel/gp-applet-manager.c:211:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
module_id = g_strndup (iid, strlen (iid) - strlen (applet_id));
data/gnome-panel-3.38.0/gnome-panel/gp-applet-manager.c:211:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
module_id = g_strndup (iid, strlen (iid) - strlen (applet_id));
data/gnome-panel-3.38.0/gnome-panel/gp-applet-manager.c:334:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
module_id = g_strndup (iid, strlen (iid) - strlen (applet_id));
data/gnome-panel-3.38.0/gnome-panel/gp-applet-manager.c:334:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
module_id = g_strndup (iid, strlen (iid) - strlen (applet_id));
data/gnome-panel-3.38.0/gnome-panel/gp-applet-manager.c:440:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
module_id = g_strndup (iid, strlen (iid) - strlen (applet_id));
data/gnome-panel-3.38.0/gnome-panel/gp-applet-manager.c:440:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
module_id = g_strndup (iid, strlen (iid) - strlen (applet_id));
data/gnome-panel-3.38.0/gnome-panel/gp-applet-row.c:163:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (self->iid));
data/gnome-panel-3.38.0/gnome-panel/libpanel-util/panel-dconf.c:85:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
val[strlen (val) - 1] = '\0';
data/gnome-panel-3.38.0/gnome-panel/libpanel-util/panel-glib.c:101:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (needle) == 0) return haystack;
data/gnome-panel-3.38.0/gnome-panel/libpanel-util/panel-glib.c:102:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (haystack) == 0) return NULL;
data/gnome-panel-3.38.0/gnome-panel/libpanel-util/panel-glib.c:104:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nuni = g_alloca (sizeof (gunichar) * strlen (needle));
data/gnome-panel-3.38.0/gnome-panel/libpanel-util/panel-keyfile.c:126:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_length = length + strlen (KEYFILE_TRUSTED_SHEBANG);
data/gnome-panel-3.38.0/gnome-panel/libpanel-util/panel-keyfile.c:130:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (new_data + strlen (KEYFILE_TRUSTED_SHEBANG),
data/gnome-panel-3.38.0/gnome-panel/panel-layout.c:301:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keyname = key + strlen (PANEL_LAYOUT_INSTANCE_CONFIG_SUBPATH);
data/gnome-panel-3.38.0/gnome-panel/panel-layout.c:371:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id = group + strlen (group_prefix);
data/gnome-panel-3.38.0/gnome-panel/panel-multiscreen.c:88:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (g_ascii_strncasecmp (info->name, "LVDS", strlen ("LVDS")) == 0);
data/gnome-panel-3.38.0/gnome-panel/panel-resources.c:1960:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/gnome-panel-3.38.0/gnome-panel/panel-resources.c:1968:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/gnome-panel-3.38.0/gnome-panel/panel-resources.c:1980:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/gnome-panel-3.38.0/gnome-panel/panel-resources.c:1987:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/gnome-panel-3.38.0/gnome-panel/panel-run-dialog.c:1042:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval = g_new0 (char, strlen (exec) + 1);
data/gnome-panel-3.38.0/gnome-panel/panel-run-dialog.c:1558:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_len = strlen (gtk_entry_get_text (GTK_ENTRY (entry)));
data/gnome-panel-3.38.0/gnome-panel/panel-run-dialog.c:1606:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = strlen (prefix);
data/gnome-panel-3.38.0/gnome-panel/panel-run-dialog.c:1629:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefix, strlen (prefix),
data/gnome-panel-3.38.0/gnome-panel/panel-run-dialog.c:1939:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned char *) uri, strlen (uri));
data/gnome-panel-3.38.0/gnome-panel/panel-util.c:201:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!g_ascii_strncasecmp (location, "file:", strlen ("file:")))
data/gnome-panel-3.38.0/gnome-panel/panel-util.c:223:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_ascii_strncasecmp (location, "file:", strlen ("file:")))
data/gnome-panel-3.38.0/gnome-panel/panel-util.c:287:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof (filename) - strlen (".desktop") - LENGTH_FOR_TMPFILE_EXT,
data/gnome-panel-3.38.0/gnome-panel/panel-util.c:300:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof (filename) - strlen (buf) - LENGTH_FOR_TMPFILE_EXT,
data/gnome-panel-3.38.0/gnome-panel/panel-util.c:341:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (name, p + 1, strlen (p + 1) + 1);
data/gnome-panel-3.38.0/gnome-panel/panel-util.c:587:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (path);
data/gnome-panel-3.38.0/gnome-panel/panel.c:547:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!g_ascii_strncasecmp (location, "file:", strlen ("file:")))
data/gnome-panel-3.38.0/gnome-panel/panel.c:688:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ("x-nautilus-desktop:///")) != 0)
data/gnome-panel-3.38.0/gnome-panel/panel.c:692:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
basename = uri + strlen ("x-nautilus-desktop:///");
data/gnome-panel-3.38.0/gnome-panel/panel.c:694:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (basename, "trash", strlen ("trash")) == 0)
data/gnome-panel-3.38.0/gnome-panel/panel.c:697:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp (basename, "home", strlen ("home")) == 0) {
data/gnome-panel-3.38.0/gnome-panel/panel.c:718:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp (basename, "computer", strlen ("computer")) == 0)
data/gnome-panel-3.38.0/gnome-panel/panel.c:727:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp (basename, "network", strlen ("network")) == 0)
data/gnome-panel-3.38.0/gnome-panel/panel.c:770:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (g_ascii_strncasecmp (uri, "http:", strlen ("http:")) == 0 ||
data/gnome-panel-3.38.0/gnome-panel/panel.c:771:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_ascii_strncasecmp (uri, "https:", strlen ("https:")) == 0 ||
data/gnome-panel-3.38.0/gnome-panel/panel.c:772:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_ascii_strncasecmp (uri, "ftp:", strlen ("ftp:")) == 0 ||
data/gnome-panel-3.38.0/gnome-panel/panel.c:773:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_ascii_strncasecmp (uri, "gopher:", strlen ("gopher:")) == 0 ||
data/gnome-panel-3.38.0/gnome-panel/panel.c:774:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_ascii_strncasecmp (uri, "ghelp:", strlen ("ghelp:")) == 0 ||
data/gnome-panel-3.38.0/gnome-panel/panel.c:775:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_ascii_strncasecmp (uri, "help:", strlen ("help:")) == 0 ||
data/gnome-panel-3.38.0/gnome-panel/panel.c:776:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_ascii_strncasecmp (uri, "man:", strlen ("man:")) == 0 ||
data/gnome-panel-3.38.0/gnome-panel/panel.c:777:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_ascii_strncasecmp (uri, "info:", strlen ("info:")) == 0) {
data/gnome-panel-3.38.0/gnome-panel/panel.c:787:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ("x-nautilus-desktop:")) == 0) {
data/gnome-panel-3.38.0/modules/action-button/action-button-resources.c:152:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/gnome-panel-3.38.0/modules/action-button/action-button-resources.c:160:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/gnome-panel-3.38.0/modules/action-button/action-button-resources.c:172:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/gnome-panel-3.38.0/modules/action-button/action-button-resources.c:179:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/gnome-panel-3.38.0/modules/clock/calendar-client.c:1401:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (uid);
data/gnome-panel-3.38.0/modules/clock/calendar-client.c:1403:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len <= strlen (key) && strncmp (uid, key, len) == 0)
data/gnome-panel-3.38.0/modules/clock/clock-resources.c:15211:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/gnome-panel-3.38.0/modules/clock/clock-resources.c:15219:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/gnome-panel-3.38.0/modules/clock/clock-resources.c:15231:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/gnome-panel-3.38.0/modules/clock/clock-resources.c:15238:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/gnome-panel-3.38.0/modules/fish/fish-applet.c:712:11: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
count = fscanf (zone, "%255s", location);
data/gnome-panel-3.38.0/modules/fish/fish-applet.c:725:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (buffer);
data/gnome-panel-3.38.0/modules/fish/fish-resources.c:343:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/gnome-panel-3.38.0/modules/fish/fish-resources.c:351:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/gnome-panel-3.38.0/modules/fish/fish-resources.c:363:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/gnome-panel-3.38.0/modules/fish/fish-resources.c:370:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/gnome-panel-3.38.0/modules/launcher/gp-editor.c:131:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exec_uri = g_string_new_len (NULL, strlen (filename));
data/gnome-panel-3.38.0/modules/launcher/gp-launcher-properties.c:205:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_len = strlen (key);
data/gnome-panel-3.38.0/modules/launcher/gp-launcher-properties.c:214:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (keys[i]);
data/gnome-panel-3.38.0/modules/launcher/launcher-resources.c:387:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/gnome-panel-3.38.0/modules/launcher/launcher-resources.c:395:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/gnome-panel-3.38.0/modules/launcher/launcher-resources.c:407:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/gnome-panel-3.38.0/modules/launcher/launcher-resources.c:414:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/gnome-panel-3.38.0/modules/menu/gp-lock-logout.c:666:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
8, (guchar *) drag_id, strlen (drag_id));
data/gnome-panel-3.38.0/modules/menu/menu-resources.c:171:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/gnome-panel-3.38.0/modules/menu/menu-resources.c:179:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/gnome-panel-3.38.0/modules/menu/menu-resources.c:191:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/gnome-panel-3.38.0/modules/menu/menu-resources.c:198:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/gnome-panel-3.38.0/modules/wncklet/wncklet-resources.c:549:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/gnome-panel-3.38.0/modules/wncklet/wncklet-resources.c:557:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/gnome-panel-3.38.0/modules/wncklet/wncklet-resources.c:569:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/gnome-panel-3.38.0/modules/wncklet/wncklet-resources.c:576:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
ANALYSIS SUMMARY:
Hits = 106
Lines analyzed = 106769 in approximately 3.41 seconds (31265 lines/second)
Physical Source Lines of Code (SLOC) = 80672
Hits@level = [0] 2 [1] 81 [2] 9 [3] 11 [4] 5 [5] 0
Hits@level+ = [0+] 108 [1+] 106 [2+] 25 [3+] 16 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 1.33875 [1+] 1.31396 [2+] 0.309897 [3+] 0.198334 [4+] 0.0619794 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.