Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/gtksourceview3-3.24.11/testsuite/test-stylescheme.c Examining data/gtksourceview3-3.24.11/testsuite/test-view.c Examining data/gtksourceview3-3.24.11/testsuite/test-completion-words.c Examining data/gtksourceview3-3.24.11/testsuite/test-file-saver.c Examining data/gtksourceview3-3.24.11/testsuite/test-undo-manager.c Examining data/gtksourceview3-3.24.11/testsuite/test-regex.c Examining data/gtksourceview3-3.24.11/testsuite/test-mark.c Examining data/gtksourceview3-3.24.11/testsuite/test-styleschememanager.c Examining data/gtksourceview3-3.24.11/testsuite/test-buffer-input-stream.c Examining data/gtksourceview3-3.24.11/testsuite/test-buffer-output-stream.c Examining data/gtksourceview3-3.24.11/testsuite/test-region.c Examining data/gtksourceview3-3.24.11/testsuite/test-printcompositor.c Examining data/gtksourceview3-3.24.11/testsuite/test-file-loader.c Examining data/gtksourceview3-3.24.11/testsuite/test-encoding.c Examining data/gtksourceview3-3.24.11/testsuite/test-utils.c Examining data/gtksourceview3-3.24.11/testsuite/test-language.c Examining data/gtksourceview3-3.24.11/testsuite/test-search-context.c Examining data/gtksourceview3-3.24.11/testsuite/test-completion-model.c Examining data/gtksourceview3-3.24.11/testsuite/test-iter.c Examining data/gtksourceview3-3.24.11/testsuite/test-space-drawer.c Examining data/gtksourceview3-3.24.11/testsuite/test-languagemanager.c Examining data/gtksourceview3-3.24.11/testsuite/test-buffer.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceutils.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcecompletionproposal.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcecompletioninfo.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcecompletionprovider.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcetag.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcegutterrendererpixbuf.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcestyleschemechooser.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceengine.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcecompletion.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcegutterrendererpixbuf.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcebufferoutputstream.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceundomanagerdefault.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceversion.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcestylescheme.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcebufferinputstream.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceprintcompositor.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceutils.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceautocleanups.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceiter.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceregion.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcemark.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcecompletionitem.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcefilesaver.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcestyleschemechooserbutton.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceview-utils.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcegutterrenderer.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcecompletioncontext.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcelanguagemanager.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcecompletionmodel.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceengine.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcetag.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcepixbufhelper.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcesearchsettings.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceregion.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceview.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcesearchsettings.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcelanguage.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcegutterrenderer.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcegutterrendererlines.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcebuffer.h Examining data/gtksourceview3-3.24.11/gtksourceview/gconstructor.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcestyleschemechooserwidget.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcebuffer-private.h Examining data/gtksourceview3-3.24.11/gtksourceview/completion-providers/words/gtksourcecompletionwordslibrary.h Examining data/gtksourceview3-3.24.11/gtksourceview/completion-providers/words/gtksourcecompletionwords.c Examining data/gtksourceview3-3.24.11/gtksourceview/completion-providers/words/gtksourcecompletionwordslibrary.c Examining data/gtksourceview3-3.24.11/gtksourceview/completion-providers/words/gtksourcecompletionwordsproposal.c Examining data/gtksourceview3-3.24.11/gtksourceview/completion-providers/words/gtksourcecompletionwords.h Examining data/gtksourceview3-3.24.11/gtksourceview/completion-providers/words/gtksourcecompletionwordsproposal.h Examining data/gtksourceview3-3.24.11/gtksourceview/completion-providers/words/gtksourcecompletionwordsutils.c Examining data/gtksourceview3-3.24.11/gtksourceview/completion-providers/words/gtksourcecompletionwordsutils.h Examining data/gtksourceview3-3.24.11/gtksourceview/completion-providers/words/gtksourcecompletionwordsbuffer.h Examining data/gtksourceview3-3.24.11/gtksourceview/completion-providers/words/gtksourcecompletionwordsbuffer.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceview-init.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcegutterrenderertext.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcecompletion-private.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcegutterrenderermarks.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceregex.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcecompletioncontainer.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcefileloader.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcegutter.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcebufferinternal.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcecompletionproposal.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceiter.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcecompletioncontext.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcecompletion.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcebufferinternal.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcesearchcontext.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcelanguage-parser-1.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcecontextengine.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcegutter-private.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcelanguagemanager.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcebufferoutputstream.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcetypes.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcefile.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcestyle-private.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcegutterrenderermarks.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceundomanagerdefault.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcestyle.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcebuffer.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcestylescheme.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceundomanager.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcefile.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcegutterrenderer-private.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcegutterrendererlines.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcelanguage.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcemarkattributes.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcefileloader.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcestyleschemechooserbutton.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcestyleschememanager.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcestyleschemechooser.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcegutterrenderertext.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcemarkattributes.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcemark.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcelanguage-parser-2.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcecompletionmodel.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceprintcompositor.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceencoding.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcestyleschememanager.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcelanguage-private.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcetypes-private.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcemarkssequence.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcestyle.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcecontextengine.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcepixbufhelper.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcegutter.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcecompletionitem.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcespacedrawer.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceview-i18n.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcecompletionprovider.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceview-utils.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcemap.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcecompletioninfo.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcespacedrawer.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceencoding.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcebufferinputstream.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcefilesaver.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceundomanager.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceview-typebuiltins.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcecompletioncontainer.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceregex.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceview.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcespacedrawer-private.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceencoding-private.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcemap.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourceview-i18n.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcestyleschemechooserwidget.h Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcemarkssequence.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksourcesearchcontext.c Examining data/gtksourceview3-3.24.11/gtksourceview/gtksource.h Examining data/gtksourceview3-3.24.11/tests/syntax-highlighting/file.c Examining data/gtksourceview3-3.24.11/tests/syntax-highlighting/file.cc Examining data/gtksourceview3-3.24.11/tests/syntax-highlighting/file.h Examining data/gtksourceview3-3.24.11/tests/test-undo-manager-performances.c Examining data/gtksourceview3-3.24.11/tests/test-widget.c Examining data/gtksourceview3-3.24.11/tests/test-space-drawing.c Examining data/gtksourceview3-3.24.11/tests/test-search-performances.c Examining data/gtksourceview3-3.24.11/tests/test-completion.c Examining data/gtksourceview3-3.24.11/tests/test-search.c Examining data/gtksourceview3-3.24.11/win32/vs10/math.h Examining data/gtksourceview3-3.24.11/win32/vs11/math.h Examining data/gtksourceview3-3.24.11/win32/vs9/math.h FINAL RESULTS: data/gtksourceview3-3.24.11/gtksourceview/gtksourceview-utils.c:54:10: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. home = g_get_home_dir (); data/gtksourceview3-3.24.11/tests/test-completion.c:85:7: [3] (random) g_random_boolean: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (g_random_boolean ()) data/gtksourceview3-3.24.11/testsuite/test-file-saver.c:274:40: [3] (buffer) g_get_tmp_dir: This function is synonymous with 'getenv("TMP")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. default_local_uri = g_build_filename (g_get_tmp_dir (), data/gtksourceview3-3.24.11/testsuite/test-file-saver.c:286:40: [3] (buffer) g_get_tmp_dir: This function is synonymous with 'getenv("TMP")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. default_local_uri = g_build_filename (g_get_tmp_dir (), data/gtksourceview3-3.24.11/testsuite/test-file-saver.c:429:40: [3] (buffer) g_get_tmp_dir: This function is synonymous with 'getenv("TMP")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. default_local_uri = g_build_filename (g_get_tmp_dir (), data/gtksourceview3-3.24.11/testsuite/test-file-saver.c:445:40: [3] (buffer) g_get_tmp_dir: This function is synonymous with 'getenv("TMP")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. unowned_local_uri = g_build_filename (g_get_tmp_dir (), data/gtksourceview3-3.24.11/testsuite/test-file-saver.c:527:46: [3] (buffer) g_get_tmp_dir: This function is synonymous with 'getenv("TMP")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. unowned_group_local_uri = g_build_filename (g_get_tmp_dir (), data/gtksourceview3-3.24.11/testsuite/test-file-saver.c:558:46: [3] (buffer) g_get_tmp_dir: This function is synonymous with 'getenv("TMP")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. unowned_local_directory = g_build_filename (g_get_tmp_dir (), data/gtksourceview3-3.24.11/testsuite/test-file-saver.c:591:40: [3] (buffer) g_get_tmp_dir: This function is synonymous with 'getenv("TMP")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. unowned_local_uri = g_build_filename (g_get_tmp_dir (), data/gtksourceview3-3.24.11/testsuite/test-file-saver.c:637:46: [3] (buffer) g_get_tmp_dir: This function is synonymous with 'getenv("TMP")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. unowned_group_local_uri = g_build_filename (g_get_tmp_dir (), data/gtksourceview3-3.24.11/gtksourceview/gtksourcebufferinputstream.c:200:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (outbuf, buf, written); data/gtksourceview3-3.24.11/gtksourceview/gtksourcebufferinputstream.c:210:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (outbuf, buf, bytes); data/gtksourceview3-3.24.11/gtksourceview/gtksourcebufferinputstream.c:215:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (outbuf + bytes, newline, newline_size); data/gtksourceview3-3.24.11/gtksourceview/gtksourcebufferinputstream.c:304:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((gchar *)buffer + read, newline, newline_size); data/gtksourceview3-3.24.11/gtksourceview/gtksourcebufferoutputstream.c:673:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (free_text, buffer, len); data/gtksourceview3-3.24.11/gtksourceview/gtksourcebufferoutputstream.c:968:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (text, ostream->priv->buffer, ostream->priv->buflen); data/gtksourceview3-3.24.11/gtksourceview/gtksourcebufferoutputstream.c:969:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (text + ostream->priv->buflen, buffer, count); data/gtksourceview3-3.24.11/gtksourceview/gtksourcebufferoutputstream.c:1015:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (text2, ostream->priv->iconv_buffer, ostream->priv->iconv_buflen); data/gtksourceview3-3.24.11/gtksourceview/gtksourcebufferoutputstream.c:1016:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (text2 + ostream->priv->iconv_buflen, text, len); data/gtksourceview3-3.24.11/gtksourceview/gtksourcecontextengine.c:6340:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10]; data/gtksourceview3-3.24.11/gtksourceview/gtksourcestyleschememanager.c:500:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (new_search_path + 1, manager->priv->search_path, (len + 1) * sizeof (gchar*)); data/gtksourceview3-3.24.11/testsuite/test-buffer-output-stream.c:209:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (out + *bytes_written_aux, out_aux, bytes_written); data/gtksourceview3-3.24.11/gtksourceview/completion-providers/words/gtksourcecompletionwords.c:257:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). words->priv->word_len = strlen (word); data/gtksourceview3-3.24.11/gtksourceview/completion-providers/words/gtksourcecompletionwordslibrary.c:130:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (word); data/gtksourceview3-3.24.11/gtksourceview/completion-providers/words/gtksourcecompletionwordslibrary.c:163:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (word); data/gtksourceview3-3.24.11/gtksourceview/completion-providers/words/gtksourcecompletionwordsutils.c:140:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gchar *cur_char = text + strlen (text); data/gtksourceview3-3.24.11/gtksourceview/gconstructor.h:60:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). __pragma(section(".CRT$XCU",read)) \ data/gtksourceview3-3.24.11/gtksourceview/gconstructor.h:68:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). __pragma(section(".CRT$XCU",read)) \ data/gtksourceview3-3.24.11/gtksourceview/gconstructor.h:80:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). section(".CRT$XCU",read) data/gtksourceview3-3.24.11/gtksourceview/gconstructor.h:87:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). section(".CRT$XCU",read) data/gtksourceview3-3.24.11/gtksourceview/gtksourcebuffer.c:2379:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const gsize prefix_len = strlen (CONTEXT_CLASSES_PREFIX); data/gtksourceview3-3.24.11/gtksourceview/gtksourcebufferinputstream.c:113:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). gsize bytes_to_write, newline_size, read; data/gtksourceview3-3.24.11/gtksourceview/gtksourcebufferinputstream.c:228:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read; data/gtksourceview3-3.24.11/gtksourceview/gtksourcebufferinputstream.c:240:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). gssize space_left, read, n; data/gtksourceview3-3.24.11/gtksourceview/gtksourcebufferinputstream.c:278:44: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n = read_line (stream, (gchar *)buffer + read, space_left); data/gtksourceview3-3.24.11/gtksourceview/gtksourcebufferinputstream.c:304:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). memcpy ((gchar *)buffer + read, newline, newline_size); data/gtksourceview3-3.24.11/gtksourceview/gtksourcebufferinputstream.c:311:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read; data/gtksourceview3-3.24.11/gtksourceview/gtksourcecompletionproposal.c:320:66: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return GTK_SOURCE_COMPLETION_PROPOSAL_GET_INTERFACE (proposal)->equal (proposal, other); data/gtksourceview3-3.24.11/gtksourceview/gtksourcecompletionproposal.h:88:14: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. gboolean (*equal) (GtkSourceCompletionProposal *proposal, data/gtksourceview3-3.24.11/gtksourceview/gtksourcecontextengine.c:4545:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line->byte_length = strlen (line->text); data/gtksourceview3-3.24.11/gtksourceview/gtksourcelanguage-parser-1.c:62:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_string_append_len (str, pattern, strlen(pattern) - 2); data/gtksourceview3-3.24.11/gtksourceview/gtksourcelanguage-parser-1.c:72:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return g_strndup (pattern, strlen (pattern) - 2); data/gtksourceview3-3.24.11/gtksourceview/gtksourcelanguage-parser-2.c:617:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ref_id [strlen (ref_id) - 2] = '\0'; data/gtksourceview3-3.24.11/gtksourceview/gtksourceprintcompositor.c:1906:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). eval = g_string_new_len (NULL, strlen (format)); data/gtksourceview3-3.24.11/gtksourceview/gtksourcesearchcontext.c:590:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *start_pos = strlen (text); data/gtksourceview3-3.24.11/gtksourceview/gtksourcesearchcontext.c:729:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). subject_length = strlen (subject); data/gtksourceview3-3.24.11/gtksourceview/gtksourcesearchcontext.c:1885:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). subject_length = strlen (subject); data/gtksourceview3-3.24.11/gtksourceview/gtksourcesearchcontext.c:2566:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (text); data/gtksourceview3-3.24.11/gtksourceview/gtksourcesearchcontext.c:3784:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). subject_replaced[strlen (subject_replaced) - strlen (suffix)] = '\0'; data/gtksourceview3-3.24.11/gtksourceview/gtksourcesearchcontext.c:3784:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). subject_replaced[strlen (subject_replaced) - strlen (suffix)] = '\0'; data/gtksourceview3-3.24.11/gtksourceview/gtksourcesearchcontext.c:3785:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_return_val_if_fail (strlen (subject_replaced) >= (guint)start_pos, FALSE); data/gtksourceview3-3.24.11/gtksourceview/gtksourceundomanagerdefault.c:586:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pos = g_utf8_find_prev_char (text, text + strlen (text)); data/gtksourceview3-3.24.11/gtksourceview/gtksourceutils.c:69:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen (text); data/gtksourceview3-3.24.11/gtksourceview/gtksourceutils.c:167:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen (text); data/gtksourceview3-3.24.11/gtksourceview/gtksourceview.c:4086:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gtk_text_buffer_insert (buf, &cur, indent, strlen (indent)); data/gtksourceview3-3.24.11/gtksourceview/gtksourceview.c:4344:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (string)); data/gtksourceview3-3.24.11/tests/test-widget.c:103:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (text), data/gtksourceview3-3.24.11/tests/test-widget.c:158:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lang_string += strlen (LANG_STRING); data/gtksourceview3-3.24.11/testsuite/test-buffer-input-stream.c:48:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). outlen = strlen (outbuf); data/gtksourceview3-3.24.11/testsuite/test-buffer-output-stream.c:53:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = MIN (write_chunk_len, strlen (inbuf + n)); data/gtksourceview3-3.24.11/testsuite/test-buffer-output-stream.c:195:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nread = strlen (text); data/gtksourceview3-3.24.11/testsuite/test-buffer-output-stream.c:308:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). aux = do_test (TEXT_TO_CONVERT, "UTF-8", NULL, strlen (TEXT_TO_CONVERT), strlen (TEXT_TO_CONVERT), NULL); data/gtksourceview3-3.24.11/testsuite/test-buffer-output-stream.c:308:75: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). aux = do_test (TEXT_TO_CONVERT, "UTF-8", NULL, strlen (TEXT_TO_CONVERT), strlen (TEXT_TO_CONVERT), NULL); data/gtksourceview3-3.24.11/testsuite/test-file-saver.c:68:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). gsize read; data/gtksourceview3-3.24.11/testsuite/test-file-saver.c:74:65: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). g_input_stream_read_all (stream, buffer, sizeof (buffer) - 1, &read, NULL, &error); data/gtksourceview3-3.24.11/testsuite/test-file-saver.c:77:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). buffer[read] = '\0'; ANALYSIS SUMMARY: Hits = 66 Lines analyzed = 78684 in approximately 1.85 seconds (42644 lines/second) Physical Source Lines of Code (SLOC) = 51438 Hits@level = [0] 1 [1] 44 [2] 12 [3] 10 [4] 0 [5] 0 Hits@level+ = [0+] 67 [1+] 66 [2+] 22 [3+] 10 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.30254 [1+] 1.2831 [2+] 0.427699 [3+] 0.194409 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.