Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gtkhotkey-0.2.1/test/test-interactive-multi.c
Examining data/gtkhotkey-0.2.1/test/test-interactive.c
Examining data/gtkhotkey-0.2.1/test/test-registry.c
Examining data/gtkhotkey-0.2.1/src/gtk-hotkey-x11-listener.h
Examining data/gtkhotkey-0.2.1/src/gtk-hotkey-private.h
Examining data/gtkhotkey-0.2.1/src/gtk-hotkey-utils.h
Examining data/gtkhotkey-0.2.1/src/gtk-hotkey-listener.c
Examining data/gtkhotkey-0.2.1/src/gtk-hotkey-marshal.c
Examining data/gtkhotkey-0.2.1/src/gtk-hotkey-x11-listener.c
Examining data/gtkhotkey-0.2.1/src/x11/eggaccelerators.c
Examining data/gtkhotkey-0.2.1/src/x11/eggaccelerators.h
Examining data/gtkhotkey-0.2.1/src/x11/tomboykeybinder.c
Examining data/gtkhotkey-0.2.1/src/x11/tomboykeybinder.h
Examining data/gtkhotkey-0.2.1/src/gtk-hotkey-marshal.h
Examining data/gtkhotkey-0.2.1/src/gtk-hotkey-listener.h
Examining data/gtkhotkey-0.2.1/src/gtk-hotkey-error.c
Examining data/gtkhotkey-0.2.1/src/gtkhotkey.h
Examining data/gtkhotkey-0.2.1/src/gtk-hotkey-key-file-registry.c
Examining data/gtkhotkey-0.2.1/src/gtk-hotkey-utils.c
Examining data/gtkhotkey-0.2.1/src/gtk-hotkey-key-file-registry.h
Examining data/gtkhotkey-0.2.1/src/gtk-hotkey-info.c
Examining data/gtkhotkey-0.2.1/src/gtk-hotkey-registry.h
Examining data/gtkhotkey-0.2.1/src/gtk-hotkey-registry.c
Examining data/gtkhotkey-0.2.1/src/gtk-hotkey-info.h
Examining data/gtkhotkey-0.2.1/src/gtk-hotkey-error.h
FINAL RESULTS:
data/gtkhotkey-0.2.1/src/x11/eggaccelerators.c:404:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (accelerator + l, text_release);
data/gtkhotkey-0.2.1/src/x11/eggaccelerators.c:409:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (accelerator + l, text_shift);
data/gtkhotkey-0.2.1/src/x11/eggaccelerators.c:414:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (accelerator + l, text_control);
data/gtkhotkey-0.2.1/src/x11/eggaccelerators.c:419:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (accelerator + l, text_mod1);
data/gtkhotkey-0.2.1/src/x11/eggaccelerators.c:424:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (accelerator + l, text_mod2);
data/gtkhotkey-0.2.1/src/x11/eggaccelerators.c:429:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (accelerator + l, text_mod3);
data/gtkhotkey-0.2.1/src/x11/eggaccelerators.c:434:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (accelerator + l, text_mod4);
data/gtkhotkey-0.2.1/src/x11/eggaccelerators.c:439:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (accelerator + l, text_mod5);
data/gtkhotkey-0.2.1/src/x11/eggaccelerators.c:444:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (accelerator + l, text_meta);
data/gtkhotkey-0.2.1/src/x11/eggaccelerators.c:449:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (accelerator + l, text_hyper);
data/gtkhotkey-0.2.1/src/x11/eggaccelerators.c:454:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (accelerator + l, text_super);
data/gtkhotkey-0.2.1/src/x11/eggaccelerators.c:458:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (accelerator + l, keyval_name);
data/gtkhotkey-0.2.1/src/x11/eggaccelerators.c:224:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (accelerator);
data/gtkhotkey-0.2.1/src/x11/eggaccelerators.c:396:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l += strlen (keyval_name);
ANALYSIS SUMMARY:
Hits = 14
Lines analyzed = 4706 in approximately 0.22 seconds (21702 lines/second)
Physical Source Lines of Code (SLOC) = 3013
Hits@level = [0] 0 [1] 2 [2] 0 [3] 0 [4] 12 [5] 0
Hits@level+ = [0+] 14 [1+] 14 [2+] 12 [3+] 12 [4+] 12 [5+] 0
Hits/KSLOC@level+ = [0+] 4.64653 [1+] 4.64653 [2+] 3.98274 [3+] 3.98274 [4+] 3.98274 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.