Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gnome-shell-xrdesktop-3.36.1/src/calendar-server/calendar-debug.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/calendar-server/calendar-sources.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/calendar-server/calendar-sources.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/calendar-server/gnome-shell-calendar-server.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/gnome-shell-plugin.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/gnome-shell-portal-helper.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/gtkactionmuxer.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/gtkactionmuxer.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/gtkactionobservable.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/gtkactionobservable.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/gtkactionobserver.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/gtkactionobserver.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/hotplug-sniffer/hotplug-mimetypes.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/hotplug-sniffer/hotplug-sniffer.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/hotplug-sniffer/shell-mime-sniffer.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/hotplug-sniffer/shell-mime-sniffer.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/run-js-test.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-action-modes.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-app-cache-private.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-app-private.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-app-system-private.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-app-system.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-app-system.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-app-usage.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-app-usage.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-app.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-blur-effect.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-blur-effect.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-embedded-window-private.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-embedded-window.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-embedded-window.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-global-private.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-global.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-global.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-glsl-effect.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-glsl-effect.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-gtk-embed.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-gtk-embed.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-invert-lightness-effect.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-invert-lightness-effect.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-keyring-prompt.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-keyring-prompt.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-mount-operation.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-mount-operation.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-network-agent.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-network-agent.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-perf-helper.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-perf-log.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-perf-log.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-polkit-authentication-agent.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-polkit-authentication-agent.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-recorder-src.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-recorder-src.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-recorder.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-recorder.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-screenshot.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-screenshot.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-secure-text-buffer.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-secure-text-buffer.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-stack.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-stack.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-tray-icon.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-tray-icon.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-tray-manager.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-tray-manager.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-util.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-util.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-window-tracker-private.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-window-tracker.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-window-tracker.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-wm-private.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-wm.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-additional-sel.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-additional-sel.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-attr-sel.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-attr-sel.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-cascade.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-cascade.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-declaration.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-declaration.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-doc-handler.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-doc-handler.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-enc-handler.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-enc-handler.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-fonts.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-fonts.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-input.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-input.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-num.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-num.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-om-parser.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-om-parser.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-parser.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-parser.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-parsing-location.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-parsing-location.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-prop-list.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-prop-list.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-pseudo.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-pseudo.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-rgb.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-rgb.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-selector.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-selector.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-simple-sel.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-simple-sel.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-statement.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-statement.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-string.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-string.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-stylesheet.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-stylesheet.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-term.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-term.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-tknzr.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-tknzr.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-token.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-token.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-utils.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-utils.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/libcroco-config.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/croco/libcroco.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-adjustment.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-adjustment.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-bin.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-bin.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-border-image.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-border-image.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-box-layout-child.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-box-layout-child.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-box-layout.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-box-layout.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-button.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-button.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-clipboard.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-clipboard.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-drawing-area.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-drawing-area.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-entry.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-entry.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-focus-manager.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-focus-manager.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-generic-accessible.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-generic-accessible.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-icon-colors.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-icon-colors.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-icon.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-image-content.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-image-content.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-label.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-label.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-password-entry.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-password-entry.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-private.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-private.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-scroll-bar.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-scroll-bar.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-scroll-view-fade.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-scroll-view-fade.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-scroll-view.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-scroll-view.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-scrollable.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-scrollable.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-settings.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-settings.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-shadow.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-shadow.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-texture-cache.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-texture-cache.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-theme-node-transition.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-theme-node-transition.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-theme-node.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-theme-private.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-theme.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-theme.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-types.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-viewport.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-viewport.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-widget-accessible.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-widget.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-widget.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/test-theme.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-icon.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-theme-context.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-theme-context.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-theme-node-private.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-theme-node-drawing.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/st/st-theme-node.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/tray/na-tray-child.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/tray/na-tray-child.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/tray/na-tray-manager.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/tray/na-tray-manager.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-app-cache.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-app.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-wm.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-vr-mirror-dbus.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/main.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-vr-mirror.h
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-vr-mirror-dbus.c
Examining data/gnome-shell-xrdesktop-3.36.1/src/shell-vr-mirror.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/extensions-tool/src/command-create.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/extensions-tool/src/command-disable.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/extensions-tool/src/command-enable.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/extensions-tool/src/command-info.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/extensions-tool/src/command-install.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/extensions-tool/src/command-list.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/extensions-tool/src/command-pack.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/extensions-tool/src/command-prefs.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/extensions-tool/src/command-reset.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/extensions-tool/src/command-uninstall.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/extensions-tool/src/commands.h
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/extensions-tool/src/common.h
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/extensions-tool/src/main.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-channel-map-private.h
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-channel-map.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-channel-map.h
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-mixer-card-private.h
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-mixer-card.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-mixer-card.h
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-mixer-control-private.h
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-mixer-control.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-mixer-control.h
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-mixer-event-role.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-mixer-event-role.h
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-mixer-sink-input.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-mixer-sink-input.h
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-mixer-sink.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-mixer-sink.h
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-mixer-source-output.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-mixer-source-output.h
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-mixer-source.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-mixer-source.h
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-mixer-stream-private.h
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-mixer-stream.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-mixer-stream.h
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-mixer-ui-device.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-mixer-ui-device.h
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-pulseaudio-fake.h
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/test-audio-device-selection.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/shew/src/shew-external-window-wayland.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/shew/src/shew-external-window-wayland.h
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/shew/src/shew-external-window-x11.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/shew/src/shew-external-window-x11.h
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/shew/src/shew-external-window.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/shew/src/shew-external-window.h
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/shew/src/shew-window-exporter.c
Examining data/gnome-shell-xrdesktop-3.36.1/subprojects/shew/src/shew-window-exporter.h
FINAL RESULTS:
data/gnome-shell-xrdesktop-3.36.1/src/calendar-server/calendar-debug.h:33:24: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define dprintf(...) fprintf (stderr, __VA_ARGS__);
data/gnome-shell-xrdesktop-3.36.1/src/calendar-server/calendar-debug.h:35:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define dprintf(args...) fprintf (stderr, args);
data/gnome-shell-xrdesktop-3.36.1/src/calendar-server/gnome-shell-calendar-server.c:1128:35: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static void __attribute__((format(printf, 1, 0)))
data/gnome-shell-xrdesktop-3.36.1/src/hotplug-sniffer/hotplug-sniffer.c:265:35: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static void __attribute__((format(printf, 1, 0)))
data/gnome-shell-xrdesktop-3.36.1/src/shell-app-system.c:316:61: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
shell_app_system_lookup_heuristic_basename (ShellAppSystem *system,
data/gnome-shell-xrdesktop-3.36.1/src/shell-app-system.c:322:41: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
result = shell_app_system_lookup_app (system, name);
data/gnome-shell-xrdesktop-3.36.1/src/shell-app-system.c:329:45: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
result = shell_app_system_lookup_app (system, tmpid);
data/gnome-shell-xrdesktop-3.36.1/src/shell-app-system.c:349:58: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
shell_app_system_lookup_desktop_wmclass (ShellAppSystem *system,
data/gnome-shell-xrdesktop-3.36.1/src/shell-app-system.c:367:53: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
app = shell_app_system_lookup_heuristic_basename (system, desktop_file);
data/gnome-shell-xrdesktop-3.36.1/src/shell-app-system.c:381:53: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
app = shell_app_system_lookup_heuristic_basename (system, desktop_file);
data/gnome-shell-xrdesktop-3.36.1/src/shell-app-system.c:400:58: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
shell_app_system_lookup_startup_wmclass (ShellAppSystem *system,
data/gnome-shell-xrdesktop-3.36.1/src/shell-app-system.c:412:39: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return shell_app_system_lookup_app (system, id);
data/gnome-shell-xrdesktop-3.36.1/src/shell-app-system.h:17:81: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ShellApp *shell_app_system_lookup_app (ShellAppSystem *system,
data/gnome-shell-xrdesktop-3.36.1/src/shell-app-system.h:19:81: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ShellApp *shell_app_system_lookup_heuristic_basename (ShellAppSystem *system,
data/gnome-shell-xrdesktop-3.36.1/src/shell-app-system.h:22:80: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ShellApp *shell_app_system_lookup_startup_wmclass (ShellAppSystem *system,
data/gnome-shell-xrdesktop-3.36.1/src/shell-app-system.h:24:80: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ShellApp *shell_app_system_lookup_desktop_wmclass (ShellAppSystem *system,
data/gnome-shell-xrdesktop-3.36.1/src/shell-global.c:1269:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp (arr->pdata[0], (char**)arr->pdata);
data/gnome-shell-xrdesktop-3.36.1/subprojects/extensions-tool/src/command-list.c:127:46: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
.arg = G_OPTION_ARG_NONE, .arg_data = &system,
data/gnome-shell-xrdesktop-3.36.1/subprojects/extensions-tool/src/command-list.c:172:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (user || !system)
data/gnome-shell-xrdesktop-3.36.1/subprojects/extensions-tool/src/command-list.c:175:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system || !user)
data/gnome-shell-xrdesktop-3.36.1/src/shell-recorder.c:973:23: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
video_dir = g_get_home_dir ();
data/gnome-shell-xrdesktop-3.36.1/src/main.c:233:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fd = atoi (fd_str);
data/gnome-shell-xrdesktop-3.36.1/src/shell-app-usage.c:685:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/gnome-shell-xrdesktop-3.36.1/src/shell-perf-log.c:374:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (block->buffer + pos, &time_delta, sizeof (guint32));
data/gnome-shell-xrdesktop-3.36.1/src/shell-perf-log.c:376:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (block->buffer + pos, &event->id, sizeof (guint16));
data/gnome-shell-xrdesktop-3.36.1/src/shell-perf-log.c:378:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (block->buffer + pos, bytes, bytes_len);
data/gnome-shell-xrdesktop-3.36.1/src/shell-perf-log.c:709:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&time_delta, block->buffer + pos, sizeof (guint32));
data/gnome-shell-xrdesktop-3.36.1/src/shell-perf-log.c:711:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&id, block->buffer + pos, sizeof (guint16));
data/gnome-shell-xrdesktop-3.36.1/src/shell-perf-log.c:717:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&event_time, block->buffer + pos, sizeof (gint64));
data/gnome-shell-xrdesktop-3.36.1/src/shell-perf-log.c:737:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&l, block->buffer + pos, sizeof (gint32));
data/gnome-shell-xrdesktop-3.36.1/src/shell-perf-log.c:747:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&l, block->buffer + pos, sizeof (gint64));
data/gnome-shell-xrdesktop-3.36.1/src/shell-recorder.c:164:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("/proc/meminfo", "r");
data/gnome-shell-xrdesktop-3.36.1/src/shell-recorder.c:1064:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = open (path, flags, 0666);
data/gnome-shell-xrdesktop-3.36.1/src/shell-secure-text-buffer.c:112:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (self->text + at, chars, n_bytes);
data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-fonts.c:395:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (a_dst, a_src, sizeof (CRFontSize));
data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-input.c:210:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_ptr = fopen (a_file_uri, "r");
data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-input.c:244:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + len, tmp_buf, nb_read);
data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-num.c:222:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (a_dest, a_src, sizeof (CRNum));
data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-parsing-location.c:89:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (a_to, a_from, sizeof (CRParsingLocation)) ;
data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-rgb.c:538:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (a_dest, a_src, sizeof (CRRgb)) ;
data/gnome-shell-xrdesktop-3.36.1/src/st/st-clipboard.c:140:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (text, g_memory_output_stream_get_data (G_MEMORY_OUTPUT_STREAM (data->stream)), data_size);
data/gnome-shell-xrdesktop-3.36.1/src/st/st-private.c:347:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (line, pixels_out + y_out * *rowstride_out, *rowstride_out);
data/gnome-shell-xrdesktop-3.36.1/src/tray/na-tray-manager.c:339:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((msg->str + msg->len - msg->remaining_len),
data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/gvc-mixer-control.c:1481:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map_buff[PA_CHANNEL_MAP_SNPRINT_MAX];
data/gnome-shell-xrdesktop-3.36.1/subprojects/gvc/test-audio-device-selection.c:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *args[G_N_ELEMENTS (audio_selection_choices) + 1];
data/gnome-shell-xrdesktop-3.36.1/src/run-js-test.c:84:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (script);
data/gnome-shell-xrdesktop-3.36.1/src/run-js-test.c:88:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (script);
data/gnome-shell-xrdesktop-3.36.1/src/shell-app-cache.c:119:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stripped_name = g_strndup (name, strlen (name) - strlen (".directory"));
data/gnome-shell-xrdesktop-3.36.1/src/shell-app-cache.c:119:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stripped_name = g_strndup (name, strlen (name) - strlen (".directory"));
data/gnome-shell-xrdesktop-3.36.1/src/shell-global.c:1206:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (buf_p = buf; buf_p < buf_end; buf_p = buf_p + strlen (buf_p) + 1)
data/gnome-shell-xrdesktop-3.36.1/src/shell-global.c:1251:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (buf_p = buf; buf_p < buf_end; buf_p = buf_p + strlen (buf_p) + 1)
data/gnome-shell-xrdesktop-3.36.1/src/shell-keyring-prompt.c:122:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stripped_label = temp = g_new (gchar, strlen(label) + 1);
data/gnome-shell-xrdesktop-3.36.1/src/shell-keyring-prompt.c:573:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (password);
data/gnome-shell-xrdesktop-3.36.1/src/shell-network-agent.c:685:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (secret && strlen (secret))
data/gnome-shell-xrdesktop-3.36.1/src/shell-network-agent.c:730:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (secret && strlen (secret))
data/gnome-shell-xrdesktop-3.36.1/src/shell-perf-log.c:462:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(const guchar *)arg, strlen (arg) + 1);
data/gnome-shell-xrdesktop-3.36.1/src/shell-perf-log.c:757:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen ((char *)(block->buffer + pos)) + 1;
data/gnome-shell-xrdesktop-3.36.1/src/shell-perf-log.c:792:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return g_output_stream_write_all (out, str, strlen (str),
data/gnome-shell-xrdesktop-3.36.1/src/shell-util.c:258:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return g_output_stream_write_all (stream, str, strlen (str),
data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-declaration.c:133:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser = cr_parser_new_from_buf ((guchar*)a_str, strlen ((const char *) a_str), a_enc, FALSE);
data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-declaration.c:197:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser = cr_parser_new_from_buf ((guchar*)a_str, strlen ((const char *) a_str), a_enc, FALSE);
data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-rgb.c:435:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen ((const char *) a_hex) == 3) {
data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-rgb.c:450:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen ((const char *) a_hex) == 6) {
data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-rgb.c:576:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser = cr_parser_new_from_buf ((guchar *) a_str, strlen ((const char *) a_str), a_enc, FALSE);
data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-selector.c:60:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser = cr_parser_new_from_buf ((guchar*)a_char_buf, strlen ((const char *) a_char_buf),
data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-statement.c:938:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser = cr_parser_new_from_buf ((guchar*)a_buf, strlen ((const char *) a_buf),
data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-statement.c:1058:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser = cr_parser_new_from_buf ((guchar*)a_buf, strlen ((const char *) a_buf),
data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-statement.c:1195:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser = cr_parser_new_from_buf ((guchar*)a_buf, strlen ((const char *) a_buf),
data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-statement.c:1381:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser = cr_parser_new_from_buf ((guchar*)a_buf, strlen ((const char *) a_buf),
data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-statement.c:1508:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser = cr_parser_new_from_buf ((guchar*)a_buf, strlen ((const char *) a_buf),
data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-statement.c:1624:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser = cr_parser_new_from_buf ((guchar*)a_buf, strlen ((const char *) a_buf),
data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-statement.c:1721:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser = cr_parser_new_from_buf ((guchar*)a_buf, strlen ((const char *) a_buf),
data/gnome-shell-xrdesktop-3.36.1/src/st/croco/cr-term.c:115:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser = cr_parser_new_from_buf ((guchar*)a_buf, strlen ((const char *) a_buf),
data/gnome-shell-xrdesktop-3.36.1/src/st/st-clipboard.c:246:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes = g_bytes_new_take (g_strdup (text), strlen (text));
data/gnome-shell-xrdesktop-3.36.1/src/st/st-entry.c:674:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (text && strlen (text))
data/gnome-shell-xrdesktop-3.36.1/src/st/st-entry.c:695:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (text && strlen (text))
data/gnome-shell-xrdesktop-3.36.1/src/st/st-theme.c:95:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (str) != (lit_len) || memcmp (str, lit, lit_len))
data/gnome-shell-xrdesktop-3.36.1/src/st/st-widget.c:1026:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint len = strlen (class_name);
data/gnome-shell-xrdesktop-3.36.1/src/st/st-widget.c:1097:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = match + strlen (class_name);
data/gnome-shell-xrdesktop-3.36.1/subprojects/extensions-tool/src/command-pack.c:243:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lang = g_strndup (name, strlen (name) - 3 /* strlen (".po") */);
data/gnome-shell-xrdesktop-3.36.1/subprojects/shew/src/shew-external-window.c:50:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *x11_handle_str = handle_str + strlen (x11_prefix);
data/gnome-shell-xrdesktop-3.36.1/subprojects/shew/src/shew-external-window.c:63:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *wayland_handle_str = handle_str + strlen (wayland_prefix);
ANALYSIS SUMMARY:
Hits = 82
Lines analyzed = 91591 in approximately 1.93 seconds (47422 lines/second)
Physical Source Lines of Code (SLOC) = 60588
Hits@level = [0] 24 [1] 37 [2] 24 [3] 1 [4] 20 [5] 0
Hits@level+ = [0+] 106 [1+] 82 [2+] 45 [3+] 21 [4+] 20 [5+] 0
Hits/KSLOC@level+ = [0+] 1.74952 [1+] 1.3534 [2+] 0.742721 [3+] 0.346603 [4+] 0.330098 [5+] 0
Symlinks skipped = 1 (--allowlink overrides but see doc for security issue)
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.