Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gnome-recipes-2.0.2/tests/ingredients-test.c
Examining data/gnome-recipes-2.0.2/tests/number.c
Examining data/gnome-recipes-2.0.2/tests/ids.c
Examining data/gnome-recipes-2.0.2/tests/strv.c
Examining data/gnome-recipes-2.0.2/tests/unit.c
Examining data/gnome-recipes-2.0.2/data/chefs.db.h
Examining data/gnome-recipes-2.0.2/data/recipes.db.h
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-main-view.c
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd.h
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-styled-text-renderer.h
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-main-box.h
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-main-box-child.h
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-main-icon-box-child.h
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-notification.h
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-toggle-pixbuf-renderer.h
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-margin-container.h
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-main-icon-box.c
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-main-box.c
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-types-catalog.c
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-styled-text-renderer.c
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-main-list-view.c
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-main-icon-box.h
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-main-box-generic.h
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-tagged-entry.c
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-main-box-item.c
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-entry-focus-hack.c
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-main-list-view.h
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-main-box-item.h
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-two-lines-renderer.c
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-toggle-pixbuf-renderer.c
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-main-view-generic.h
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-main-box-generic.c
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-main-box-child.c
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-main-view-generic.c
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-main-icon-view.h
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-main-icon-view.c
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-types-catalog.h
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-margin-container.c
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-main-view.h
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-notification.c
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-main-icon-box-child.c
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-icon-utils.h
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-entry-focus-hack.h
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-tagged-entry.h
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-two-lines-renderer.h
Examining data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-icon-utils.c
Examining data/gnome-recipes-2.0.2/subprojects/libgd/test-tagged-entry.c
Examining data/gnome-recipes-2.0.2/src/gr-unit.c
Examining data/gnome-recipes-2.0.2/src/gr-shopping-page.c
Examining data/gnome-recipes-2.0.2/src/gr-recipe-importer.h
Examining data/gnome-recipes-2.0.2/src/gr-logging.c
Examining data/gnome-recipes-2.0.2/src/gr-shopping-page.h
Examining data/gnome-recipes-2.0.2/src/gr-ingredient.c
Examining data/gnome-recipes-2.0.2/src/gr-window.h
Examining data/gnome-recipes-2.0.2/src/gr-recipe-tile.h
Examining data/gnome-recipes-2.0.2/src/gr-list-page.c
Examining data/gnome-recipes-2.0.2/src/gr-meal.c
Examining data/gnome-recipes-2.0.2/src/gr-ingredients-viewer.h
Examining data/gnome-recipes-2.0.2/src/gr-diet-row.c
Examining data/gnome-recipes-2.0.2/src/gr-number.h
Examining data/gnome-recipes-2.0.2/src/gr-unit.h
Examining data/gnome-recipes-2.0.2/src/gr-shopping-tile.c
Examining data/gnome-recipes-2.0.2/src/gr-image-page.c
Examining data/gnome-recipes-2.0.2/src/gr-chef.c
Examining data/gnome-recipes-2.0.2/src/gr-image.c
Examining data/gnome-recipes-2.0.2/src/gr-ingredients-list.c
Examining data/gnome-recipes-2.0.2/src/gr-utils.c
Examining data/gnome-recipes-2.0.2/src/gr-appdata.c
Examining data/gnome-recipes-2.0.2/src/gr-cooking-page.h
Examining data/gnome-recipes-2.0.2/src/gr-recipe-store.c
Examining data/gnome-recipes-2.0.2/src/gr-recipe-exporter.h
Examining data/gnome-recipes-2.0.2/src/main.c
Examining data/gnome-recipes-2.0.2/src/gr-appdata.h
Examining data/gnome-recipes-2.0.2/src/gr-cuisine-tile.c
Examining data/gnome-recipes-2.0.2/src/gr-recipe-formatter.c
Examining data/gnome-recipes-2.0.2/src/gr-recipe-exporter.c
Examining data/gnome-recipes-2.0.2/src/gr-spice-row.h
Examining data/gnome-recipes-2.0.2/src/gr-recipe-store.h
Examining data/gnome-recipes-2.0.2/src/gr-about-dialog.h
Examining data/gnome-recipes-2.0.2/src/gr-list-page.h
Examining data/gnome-recipes-2.0.2/src/gr-settings.h
Examining data/gnome-recipes-2.0.2/src/gr-recipe.c
Examining data/gnome-recipes-2.0.2/src/gr-shopping-list-exporter.c
Examining data/gnome-recipes-2.0.2/src/gr-query-editor.h
Examining data/gnome-recipes-2.0.2/src/gr-app.c
Examining data/gnome-recipes-2.0.2/src/gr-shopping-tile.h
Examining data/gnome-recipes-2.0.2/src/gr-season.c
Examining data/gnome-recipes-2.0.2/src/gr-ingredients-list.h
Examining data/gnome-recipes-2.0.2/src/gr-cuisines-page.h
Examining data/gnome-recipes-2.0.2/src/gr-cooking-view.c
Examining data/gnome-recipes-2.0.2/src/gr-image-page.h
Examining data/gnome-recipes-2.0.2/src/gr-number.c
Examining data/gnome-recipes-2.0.2/src/gr-season.h
Examining data/gnome-recipes-2.0.2/src/gr-meal-row.h
Examining data/gnome-recipes-2.0.2/src/gr-cooking-view.h
Examining data/gnome-recipes-2.0.2/src/gr-recipe-importer.c
Examining data/gnome-recipes-2.0.2/src/gr-logging.h
Examining data/gnome-recipes-2.0.2/src/gr-shell-search-provider.h
Examining data/gnome-recipes-2.0.2/src/gr-recipes-page.c
Examining data/gnome-recipes-2.0.2/src/gr-category-tile.c
Examining data/gnome-recipes-2.0.2/src/gr-time-widget.h
Examining data/gnome-recipes-2.0.2/src/gr-mail.c
Examining data/gnome-recipes-2.0.2/src/gr-image-viewer.h
Examining data/gnome-recipes-2.0.2/src/gr-chef-dialog.c
Examining data/gnome-recipes-2.0.2/src/gr-about-dialog.c
Examining data/gnome-recipes-2.0.2/src/gr-ingredient.h
Examining data/gnome-recipes-2.0.2/src/gr-shopping-list-printer.h
Examining data/gnome-recipes-2.0.2/src/gr-spice-row.c
Examining data/gnome-recipes-2.0.2/src/gr-shopping-list-printer.c
Examining data/gnome-recipes-2.0.2/src/gr-settings.c
Examining data/gnome-recipes-2.0.2/src/gr-mail.h
Examining data/gnome-recipes-2.0.2/src/gr-convert-units.c
Examining data/gnome-recipes-2.0.2/src/gr-ingredients-viewer.c
Examining data/gnome-recipes-2.0.2/src/gr-edit-page.c
Examining data/gnome-recipes-2.0.2/src/gr-diet.c
Examining data/gnome-recipes-2.0.2/src/gr-timer.h
Examining data/gnome-recipes-2.0.2/src/gr-cuisine-tile.h
Examining data/gnome-recipes-2.0.2/src/gr-search-page.c
Examining data/gnome-recipes-2.0.2/src/gr-account.h
Examining data/gnome-recipes-2.0.2/src/gr-image-viewer.c
Examining data/gnome-recipes-2.0.2/src/gr-cuisines-page.c
Examining data/gnome-recipes-2.0.2/src/gr-shopping-list-exporter.h
Examining data/gnome-recipes-2.0.2/src/gr-recipe.h
Examining data/gnome-recipes-2.0.2/src/gr-query-editor.c
Examining data/gnome-recipes-2.0.2/src/gr-chef-dialog.h
Examining data/gnome-recipes-2.0.2/src/gr-meal.h
Examining data/gnome-recipes-2.0.2/src/gr-cuisine.c
Examining data/gnome-recipes-2.0.2/src/gr-timer-widget.h
Examining data/gnome-recipes-2.0.2/src/gr-cooking-page.c
Examining data/gnome-recipes-2.0.2/src/gr-timer-widget.c
Examining data/gnome-recipes-2.0.2/src/gr-recipes-page.h
Examining data/gnome-recipes-2.0.2/src/gr-app.h
Examining data/gnome-recipes-2.0.2/src/gr-chef.h
Examining data/gnome-recipes-2.0.2/src/gr-meal-row.c
Examining data/gnome-recipes-2.0.2/src/gr-cuisine.h
Examining data/gnome-recipes-2.0.2/src/gr-account.c
Examining data/gnome-recipes-2.0.2/src/gr-gourmet-format.c
Examining data/gnome-recipes-2.0.2/src/gr-recipe-tile.c
Examining data/gnome-recipes-2.0.2/src/gr-utils.h
Examining data/gnome-recipes-2.0.2/src/gr-details-page.h
Examining data/gnome-recipes-2.0.2/src/gr-search-page.h
Examining data/gnome-recipes-2.0.2/src/gr-shopping-list-formatter.h
Examining data/gnome-recipes-2.0.2/src/gr-chef-tile.c
Examining data/gnome-recipes-2.0.2/src/gr-chef-tile.h
Examining data/gnome-recipes-2.0.2/src/gr-details-page.c
Examining data/gnome-recipes-2.0.2/src/gr-time-widget.c
Examining data/gnome-recipes-2.0.2/src/gr-edit-page.h
Examining data/gnome-recipes-2.0.2/src/gr-category-tile.h
Examining data/gnome-recipes-2.0.2/src/gr-shell-search-provider.c
Examining data/gnome-recipes-2.0.2/src/gr-timer.c
Examining data/gnome-recipes-2.0.2/src/gr-convert-units.h
Examining data/gnome-recipes-2.0.2/src/gr-recipe-printer.c
Examining data/gnome-recipes-2.0.2/src/gr-diet.h
Examining data/gnome-recipes-2.0.2/src/gr-cuisine-page.c
Examining data/gnome-recipes-2.0.2/src/gr-cuisine-page.h
Examining data/gnome-recipes-2.0.2/src/gr-image.h
Examining data/gnome-recipes-2.0.2/src/gr-window.c
Examining data/gnome-recipes-2.0.2/src/gr-ingredients-viewer-row.h
Examining data/gnome-recipes-2.0.2/src/gr-gourmet-format.h
Examining data/gnome-recipes-2.0.2/src/gr-recipe-printer.h
Examining data/gnome-recipes-2.0.2/src/gr-recipe-formatter.h
Examining data/gnome-recipes-2.0.2/src/gr-ingredient-row.c
Examining data/gnome-recipes-2.0.2/src/gr-ingredient-row.h
Examining data/gnome-recipes-2.0.2/src/gr-ingredients-viewer-row.c
Examining data/gnome-recipes-2.0.2/src/gr-diet-row.h
Examining data/gnome-recipes-2.0.2/src/gr-shopping-list-formatter.c
Examining data/gnome-recipes-2.0.2/tools/recipe-extract.c
FINAL RESULTS:
data/gnome-recipes-2.0.2/src/gr-account.c:141:43: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
token = g_strdup_printf ("app%d", g_random_int_range (0, G_MAXINT));
data/gnome-recipes-2.0.2/src/gr-cuisines-page.c:180:23: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
pos = g_random_int_range (0, length);
data/gnome-recipes-2.0.2/src/gr-mail.c:256:43: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
token = g_strdup_printf ("app%d", g_random_int_range (0, G_MAXINT));
data/gnome-recipes-2.0.2/src/gr-recipe-exporter.c:454:54: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
exporter->dir = g_mkdtemp (g_build_filename (g_get_tmp_dir (), "recipeXXXXXX", NULL));
data/gnome-recipes-2.0.2/src/gr-recipe-importer.c:858:54: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
importer->dir = g_mkdtemp (g_build_filename (g_get_tmp_dir (), "recipeXXXXXX", NULL));
data/gnome-recipes-2.0.2/src/gr-recipes-page.c:304:21: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
r = g_random_int_range (0, length);
data/gnome-recipes-2.0.2/src/gr-recipes-page.c:418:21: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
r = g_random_int_range (0, length);
data/gnome-recipes-2.0.2/src/gr-about-dialog.c:207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/gnome-recipes-2.0.2/src/gr-app.c:302:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *accelerators[2];
data/gnome-recipes-2.0.2/src/gr-appdata.c:127:63: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->ri->date = g_date_time_new_utc (atoi (dmy[0]), atoi (dmy[1]), atoi (dmy[2]), 0, 0, 0);
data/gnome-recipes-2.0.2/src/gr-appdata.c:127:78: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->ri->date = g_date_time_new_utc (atoi (dmy[0]), atoi (dmy[1]), atoi (dmy[2]), 0, 0, 0);
data/gnome-recipes-2.0.2/src/gr-appdata.c:127:93: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->ri->date = g_date_time_new_utc (atoi (dmy[0]), atoi (dmy[1]), atoi (dmy[2]), 0, 0, 0);
data/gnome-recipes-2.0.2/src/gr-cuisines-page.c:165:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
cuisines[j++] = (char *)all_cuisines[i];
data/gnome-recipes-2.0.2/src/gr-list-page.c:525:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *terms[2];
data/gnome-recipes-2.0.2/src/gr-mail.c:330:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *empty_strv[1] = { NULL };
data/gnome-recipes-2.0.2/src/gr-recipe-formatter.c:191:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *unit_str[2] = { "°C", "°F" };
data/gnome-recipes-2.0.2/src/gr-recipe-formatter.c:206:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi (p + strlen ("[temperature:"));
data/gnome-recipes-2.0.2/src/gr-recipe-formatter.c:233:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
image = atoi (p + strlen ("[image:"));
data/gnome-recipes-2.0.2/src/gr-recipe-formatter.c:259:62: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timer = G_TIME_SPAN_MINUTE * atoi (strv[0]) +
data/gnome-recipes-2.0.2/src/gr-recipe-formatter.c:260:62: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
G_TIME_SPAN_SECOND * atoi (strv[1]);
data/gnome-recipes-2.0.2/src/gr-recipe-formatter.c:263:60: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timer = G_TIME_SPAN_HOUR * atoi (strv[0]) +
data/gnome-recipes-2.0.2/src/gr-recipe-formatter.c:264:62: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
G_TIME_SPAN_MINUTE * atoi (strv[1]) +
data/gnome-recipes-2.0.2/src/gr-recipe-formatter.c:265:62: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
G_TIME_SPAN_SECOND * atoi (strv[2]);
data/gnome-recipes-2.0.2/src/gr-recipe-store.c:1129:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv[6];
data/gnome-recipes-2.0.2/src/gr-recipe-store.c:1656:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
g_hash_table_add (ingreds, (char *)names[i]);
data/gnome-recipes-2.0.2/src/gr-recipe-store.c:1852:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char **empty[1] = { NULL };
data/gnome-recipes-2.0.2/src/gr-recipe.c:810:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
level = atoi (terms[i] + 3);
data/gnome-recipes-2.0.2/src/gr-recipe.c:819:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
level = atoi (terms[i] + 3);
data/gnome-recipes-2.0.2/src/gr-utils.c:543:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/gnome-recipes-2.0.2/src/gr-utils.c:818:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (p && (atoi (p + 1) % 2 == 1))
data/gnome-recipes-2.0.2/tests/number.c:100:22: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
char *diff, *tmpfile;
data/gnome-recipes-2.0.2/tests/number.c:106:38: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
fd = g_file_open_tmp (NULL, &tmpfile, error);
data/gnome-recipes-2.0.2/tests/number.c:114:77: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
"Could not write data to temporary file '%s'", tmpfile);
data/gnome-recipes-2.0.2/tests/number.c:118:22: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
command[3] = tmpfile;
data/gnome-recipes-2.0.2/tests/number.c:124:19: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
g_unlink (tmpfile);
data/gnome-recipes-2.0.2/tests/number.c:125:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
g_free (tmpfile);
data/gnome-recipes-2.0.2/src/gr-about-dialog.c:178:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start += strlen (before);
data/gnome-recipes-2.0.2/src/gr-about-dialog.c:291:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen ("app/");
data/gnome-recipes-2.0.2/src/gr-about-dialog.c:310:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen ("runtime/");
data/gnome-recipes-2.0.2/src/gr-cuisine.c:187:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = q + strlen ("@pkgdatadir@");
data/gnome-recipes-2.0.2/src/gr-details-page.c:347:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
idx = (int)g_ascii_strtoll (uri + strlen ("image:"), NULL, 10);
data/gnome-recipes-2.0.2/src/gr-details-page.c:357:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id = uri + strlen ("recipe:");
data/gnome-recipes-2.0.2/src/gr-edit-page.c:779:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (text, "[temperature:", strlen ("[temperature:")) != 0)
data/gnome-recipes-2.0.2/src/gr-edit-page.c:832:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = text + strlen ("[temperature:");
data/gnome-recipes-2.0.2/src/gr-number.c:140:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
space_or_nul ((*input)[strlen (vf)])) {
data/gnome-recipes-2.0.2/src/gr-number.c:142:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*input += strlen (vf);
data/gnome-recipes-2.0.2/src/gr-number.c:170:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (p, sup[i], strlen (sup[i])) == 0) {
data/gnome-recipes-2.0.2/src/gr-number.c:172:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen (sup[i]);
data/gnome-recipes-2.0.2/src/gr-number.c:179:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (p, "⁄", strlen ("⁄")) != 0)
data/gnome-recipes-2.0.2/src/gr-number.c:181:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen ("⁄");
data/gnome-recipes-2.0.2/src/gr-number.c:184:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (p, sub[i], strlen (sub[i])) == 0) {
data/gnome-recipes-2.0.2/src/gr-number.c:186:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen (sub[i]);
data/gnome-recipes-2.0.2/src/gr-recipe-formatter.c:206:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
num = atoi (p + strlen ("[temperature:"));
data/gnome-recipes-2.0.2/src/gr-recipe-formatter.c:233:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
image = atoi (p + strlen ("[image:"));
data/gnome-recipes-2.0.2/src/gr-recipe-formatter.c:251:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = strndup (p + strlen ("[timer:"), q - (p + strlen ("[timer:")));
data/gnome-recipes-2.0.2/src/gr-recipe-formatter.c:251:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = strndup (p + strlen ("[timer:"), q - (p + strlen ("[timer:")));
data/gnome-recipes-2.0.2/src/gr-recipe-store.c:2154:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *time = search->query[0] + strlen ("ct:");
data/gnome-recipes-2.0.2/src/gr-unit.c:144:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (g_str_has_prefix (*input, nu) && space_or_nul ((*input)[strlen (nu)])) {
data/gnome-recipes-2.0.2/src/gr-unit.c:145:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*input += strlen (nu);
data/gnome-recipes-2.0.2/src/gr-unit.c:152:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (g_str_has_prefix (*input, nu) && space_or_nul ((*input)[strlen (nu)])) {
data/gnome-recipes-2.0.2/src/gr-unit.c:153:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*input += strlen (nu);
data/gnome-recipes-2.0.2/src/gr-unit.c:160:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (g_str_has_prefix (*input, nu) && space_or_nul ((*input)[strlen (nu)])) {
data/gnome-recipes-2.0.2/src/gr-unit.c:161:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*input += strlen (nu);
data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-main-view.c:329:12: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
gboolean equal;
data/gnome-recipes-2.0.2/subprojects/libgd/libgd/gd-main-view.c:355:11: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal)
ANALYSIS SUMMARY:
Hits = 65
Lines analyzed = 45272 in approximately 1.09 seconds (41441 lines/second)
Physical Source Lines of Code (SLOC) = 33576
Hits@level = [0] 4 [1] 29 [2] 29 [3] 7 [4] 0 [5] 0
Hits@level+ = [0+] 69 [1+] 65 [2+] 36 [3+] 7 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 2.05504 [1+] 1.93591 [2+] 1.07219 [3+] 0.208482 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.