Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gtksourceview4-4.8.0/gtksourceview/completion-providers/words/gtksourcecompletionwords.c
Examining data/gtksourceview4-4.8.0/gtksourceview/completion-providers/words/gtksourcecompletionwords.h
Examining data/gtksourceview4-4.8.0/gtksourceview/completion-providers/words/gtksourcecompletionwordsbuffer.c
Examining data/gtksourceview4-4.8.0/gtksourceview/completion-providers/words/gtksourcecompletionwordsbuffer.h
Examining data/gtksourceview4-4.8.0/gtksourceview/completion-providers/words/gtksourcecompletionwordslibrary.c
Examining data/gtksourceview4-4.8.0/gtksourceview/completion-providers/words/gtksourcecompletionwordslibrary.h
Examining data/gtksourceview4-4.8.0/gtksourceview/completion-providers/words/gtksourcecompletionwordsproposal.c
Examining data/gtksourceview4-4.8.0/gtksourceview/completion-providers/words/gtksourcecompletionwordsproposal.h
Examining data/gtksourceview4-4.8.0/gtksourceview/completion-providers/words/gtksourcecompletionwordsutils.c
Examining data/gtksourceview4-4.8.0/gtksourceview/completion-providers/words/gtksourcecompletionwordsutils.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksource.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceautocleanups.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcebuffer-private.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcebuffer.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcebuffer.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcebufferinputstream.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcebufferinputstream.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcebufferinternal.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcebufferinternal.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcebufferoutputstream.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcebufferoutputstream.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcecompletion-private.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcecompletion.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcecompletion.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcecompletioncontainer.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcecompletioncontainer.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcecompletioncontext.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcecompletioncontext.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcecompletioninfo.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcecompletioninfo.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcecompletionitem.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcecompletionitem.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcecompletionmodel.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcecompletionmodel.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcecompletionproposal.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcecompletionproposal.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcecompletionprovider.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcecompletionprovider.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcecontextengine.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcecontextengine.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceencoding-private.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceencoding.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceencoding.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceengine.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceengine.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcefile.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcefile.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcefileloader.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcefileloader.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcefilesaver.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcefilesaver.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcegutter-private.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcegutter.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcegutter.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcegutterrenderer-private.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcegutterrenderer.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcegutterrenderer.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcegutterrendererlines.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcegutterrendererlines.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcegutterrenderermarks.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcegutterrenderermarks.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcegutterrendererpixbuf.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcegutterrendererpixbuf.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcegutterrenderertext.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcegutterrenderertext.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceinit.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceinit.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceiter.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceiter.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcelanguage-parser-2.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcelanguage-private.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcelanguage.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcelanguage.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcelanguagemanager.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcelanguagemanager.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcemap.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcemap.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcemark.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcemark.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcemarkattributes.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcemarkattributes.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcemarkssequence.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcemarkssequence.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcepixbufhelper.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcepixbufhelper.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceprintcompositor.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceprintcompositor.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceregex.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceregex.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceregion.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceregion.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcesearchcontext.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcesearchcontext.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcesearchsettings.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcesearchsettings.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcespacedrawer-private.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcespacedrawer.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcespacedrawer.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcestyle-private.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcestyle.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcestyle.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcestylescheme.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcestylescheme.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcestyleschemechooser.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcestyleschemechooser.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcestyleschemechooserbutton.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcestyleschemechooserbutton.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcestyleschemechooserwidget.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcestyleschemechooserwidget.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcestyleschememanager.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcestyleschememanager.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcetag.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcetag.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcetypes-private.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourcetypes.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceundomanager.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceundomanager.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceundomanagerdefault.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceundomanagerdefault.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceutils-private.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceutils.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceutils.h
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceversion.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceview.c
Examining data/gtksourceview4-4.8.0/gtksourceview/gtksourceview.h
Examining data/gtksourceview4-4.8.0/msvc/math.h
Examining data/gtksourceview4-4.8.0/tests/syntax-highlighting/file.c
Examining data/gtksourceview4-4.8.0/tests/syntax-highlighting/file.cc
Examining data/gtksourceview4-4.8.0/tests/syntax-highlighting/file.h
Examining data/gtksourceview4-4.8.0/tests/test-completion.c
Examining data/gtksourceview4-4.8.0/tests/test-int2str.c
Examining data/gtksourceview4-4.8.0/tests/test-search-performances.c
Examining data/gtksourceview4-4.8.0/tests/test-search.c
Examining data/gtksourceview4-4.8.0/tests/test-space-drawing.c
Examining data/gtksourceview4-4.8.0/tests/test-undo-manager-performances.c
Examining data/gtksourceview4-4.8.0/tests/test-widget.c
Examining data/gtksourceview4-4.8.0/testsuite/test-buffer-input-stream.c
Examining data/gtksourceview4-4.8.0/testsuite/test-buffer-output-stream.c
Examining data/gtksourceview4-4.8.0/testsuite/test-buffer.c
Examining data/gtksourceview4-4.8.0/testsuite/test-completion-model.c
Examining data/gtksourceview4-4.8.0/testsuite/test-completion-words.c
Examining data/gtksourceview4-4.8.0/testsuite/test-encoding.c
Examining data/gtksourceview4-4.8.0/testsuite/test-file-loader.c
Examining data/gtksourceview4-4.8.0/testsuite/test-file-saver.c
Examining data/gtksourceview4-4.8.0/testsuite/test-iter.c
Examining data/gtksourceview4-4.8.0/testsuite/test-language.c
Examining data/gtksourceview4-4.8.0/testsuite/test-languagemanager.c
Examining data/gtksourceview4-4.8.0/testsuite/test-mark.c
Examining data/gtksourceview4-4.8.0/testsuite/test-printcompositor.c
Examining data/gtksourceview4-4.8.0/testsuite/test-regex.c
Examining data/gtksourceview4-4.8.0/testsuite/test-region.c
Examining data/gtksourceview4-4.8.0/testsuite/test-search-context.c
Examining data/gtksourceview4-4.8.0/testsuite/test-space-drawer.c
Examining data/gtksourceview4-4.8.0/testsuite/test-stylescheme.c
Examining data/gtksourceview4-4.8.0/testsuite/test-styleschememanager.c
Examining data/gtksourceview4-4.8.0/testsuite/test-undo-manager.c
Examining data/gtksourceview4-4.8.0/testsuite/test-utils.c
Examining data/gtksourceview4-4.8.0/testsuite/test-view.c
FINAL RESULTS:
data/gtksourceview4-4.8.0/tests/test-completion.c:84:7: [3] (random) g_random_boolean:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (g_random_boolean ())
data/gtksourceview4-4.8.0/testsuite/test-file-saver.c:273:40: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
default_local_uri = g_build_filename (g_get_tmp_dir (),
data/gtksourceview4-4.8.0/testsuite/test-file-saver.c:285:40: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
default_local_uri = g_build_filename (g_get_tmp_dir (),
data/gtksourceview4-4.8.0/testsuite/test-file-saver.c:428:40: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
default_local_uri = g_build_filename (g_get_tmp_dir (),
data/gtksourceview4-4.8.0/testsuite/test-file-saver.c:444:40: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
unowned_local_uri = g_build_filename (g_get_tmp_dir (),
data/gtksourceview4-4.8.0/testsuite/test-file-saver.c:526:46: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
unowned_group_local_uri = g_build_filename (g_get_tmp_dir (),
data/gtksourceview4-4.8.0/testsuite/test-file-saver.c:557:46: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
unowned_local_directory = g_build_filename (g_get_tmp_dir (),
data/gtksourceview4-4.8.0/testsuite/test-file-saver.c:590:40: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
unowned_local_uri = g_build_filename (g_get_tmp_dir (),
data/gtksourceview4-4.8.0/testsuite/test-file-saver.c:636:46: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
unowned_group_local_uri = g_build_filename (g_get_tmp_dir (),
data/gtksourceview4-4.8.0/gtksourceview/gtksourcebufferinputstream.c:199:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (outbuf, buf, written);
data/gtksourceview4-4.8.0/gtksourceview/gtksourcebufferinputstream.c:209:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (outbuf, buf, bytes);
data/gtksourceview4-4.8.0/gtksourceview/gtksourcebufferinputstream.c:214:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (outbuf + bytes, newline, newline_size);
data/gtksourceview4-4.8.0/gtksourceview/gtksourcebufferinputstream.c:303:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((gchar *)buffer + read, newline, newline_size);
data/gtksourceview4-4.8.0/gtksourceview/gtksourcebufferoutputstream.c:672:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (free_text, buffer, len);
data/gtksourceview4-4.8.0/gtksourceview/gtksourcebufferoutputstream.c:967:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (text, ostream->priv->buffer, ostream->priv->buflen);
data/gtksourceview4-4.8.0/gtksourceview/gtksourcebufferoutputstream.c:968:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (text + ostream->priv->buflen, buffer, count);
data/gtksourceview4-4.8.0/gtksourceview/gtksourcebufferoutputstream.c:1014:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (text2, ostream->priv->iconv_buffer, ostream->priv->iconv_buflen);
data/gtksourceview4-4.8.0/gtksourceview/gtksourcebufferoutputstream.c:1015:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (text2 + ostream->priv->iconv_buflen, text, len);
data/gtksourceview4-4.8.0/gtksourceview/gtksourcecontextengine.c:6348:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/gtksourceview4-4.8.0/gtksourceview/gtksourcestyleschememanager.c:498:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_search_path + 1, manager->priv->search_path, (len + 1) * sizeof (gchar*));
data/gtksourceview4-4.8.0/testsuite/test-buffer-output-stream.c:209:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (out + *bytes_written_aux, out_aux, bytes_written);
data/gtksourceview4-4.8.0/gtksourceview/completion-providers/words/gtksourcecompletionwords.c:255:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
words->priv->word_len = strlen (word);
data/gtksourceview4-4.8.0/gtksourceview/completion-providers/words/gtksourcecompletionwordslibrary.c:134:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (word);
data/gtksourceview4-4.8.0/gtksourceview/completion-providers/words/gtksourcecompletionwordslibrary.c:167:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (word);
data/gtksourceview4-4.8.0/gtksourceview/completion-providers/words/gtksourcecompletionwordsutils.c:143:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gchar *cur_char = text + strlen (text);
data/gtksourceview4-4.8.0/gtksourceview/gtksourcebuffer.c:2465:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const gsize prefix_len = strlen (CONTEXT_CLASSES_PREFIX);
data/gtksourceview4-4.8.0/gtksourceview/gtksourcebufferinputstream.c:112:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gsize bytes_to_write, newline_size, read;
data/gtksourceview4-4.8.0/gtksourceview/gtksourcebufferinputstream.c:227:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/gtksourceview4-4.8.0/gtksourceview/gtksourcebufferinputstream.c:239:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gssize space_left, read, n;
data/gtksourceview4-4.8.0/gtksourceview/gtksourcebufferinputstream.c:277:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read_line (stream, (gchar *)buffer + read, space_left);
data/gtksourceview4-4.8.0/gtksourceview/gtksourcebufferinputstream.c:303:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
memcpy ((gchar *)buffer + read, newline, newline_size);
data/gtksourceview4-4.8.0/gtksourceview/gtksourcebufferinputstream.c:310:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/gtksourceview4-4.8.0/gtksourceview/gtksourcecompletionproposal.c:323:66: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return GTK_SOURCE_COMPLETION_PROPOSAL_GET_INTERFACE (proposal)->equal (proposal, other);
data/gtksourceview4-4.8.0/gtksourceview/gtksourcecompletionproposal.h:83:14: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
gboolean (*equal) (GtkSourceCompletionProposal *proposal,
data/gtksourceview4-4.8.0/gtksourceview/gtksourcecontextengine.c:4553:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line->byte_length = strlen (line->text);
data/gtksourceview4-4.8.0/gtksourceview/gtksourcelanguage-parser-2.c:616:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ref_id [strlen (ref_id) - 2] = '\0';
data/gtksourceview4-4.8.0/gtksourceview/gtksourceprintcompositor.c:1904:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
eval = g_string_new_len (NULL, strlen (format));
data/gtksourceview4-4.8.0/gtksourceview/gtksourcesearchcontext.c:587:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*start_pos = strlen (text);
data/gtksourceview4-4.8.0/gtksourceview/gtksourcesearchcontext.c:726:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
subject_length = strlen (subject);
data/gtksourceview4-4.8.0/gtksourceview/gtksourcesearchcontext.c:1882:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
subject_length = strlen (subject);
data/gtksourceview4-4.8.0/gtksourceview/gtksourcesearchcontext.c:2563:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (text);
data/gtksourceview4-4.8.0/gtksourceview/gtksourcesearchcontext.c:3628:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
subject_replaced[strlen (subject_replaced) - strlen (suffix)] = '\0';
data/gtksourceview4-4.8.0/gtksourceview/gtksourcesearchcontext.c:3628:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
subject_replaced[strlen (subject_replaced) - strlen (suffix)] = '\0';
data/gtksourceview4-4.8.0/gtksourceview/gtksourcesearchcontext.c:3629:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_return_val_if_fail (strlen (subject_replaced) >= (guint)start_pos, FALSE);
data/gtksourceview4-4.8.0/gtksourceview/gtksourceundomanagerdefault.c:588:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = g_utf8_find_prev_char (text, text + strlen (text));
data/gtksourceview4-4.8.0/gtksourceview/gtksourceutils.c:74:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (text);
data/gtksourceview4-4.8.0/gtksourceview/gtksourceutils.c:172:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (text);
data/gtksourceview4-4.8.0/gtksourceview/gtksourceview.c:4109:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert (buf, &cur, indent, strlen (indent));
data/gtksourceview4-4.8.0/gtksourceview/gtksourceview.c:4389:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (string));
data/gtksourceview4-4.8.0/tests/test-widget.c:102:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (text),
data/gtksourceview4-4.8.0/tests/test-widget.c:157:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lang_string += strlen (LANG_STRING);
data/gtksourceview4-4.8.0/testsuite/test-buffer-input-stream.c:48:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outlen = strlen (outbuf);
data/gtksourceview4-4.8.0/testsuite/test-buffer-output-stream.c:53:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = MIN (write_chunk_len, strlen (inbuf + n));
data/gtksourceview4-4.8.0/testsuite/test-buffer-output-stream.c:195:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nread = strlen (text);
data/gtksourceview4-4.8.0/testsuite/test-buffer-output-stream.c:308:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aux = do_test (TEXT_TO_CONVERT, "UTF-8", NULL, strlen (TEXT_TO_CONVERT), strlen (TEXT_TO_CONVERT), NULL);
data/gtksourceview4-4.8.0/testsuite/test-buffer-output-stream.c:308:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aux = do_test (TEXT_TO_CONVERT, "UTF-8", NULL, strlen (TEXT_TO_CONVERT), strlen (TEXT_TO_CONVERT), NULL);
data/gtksourceview4-4.8.0/testsuite/test-file-saver.c:67:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gsize read;
data/gtksourceview4-4.8.0/testsuite/test-file-saver.c:73:65: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
g_input_stream_read_all (stream, buffer, sizeof (buffer) - 1, &read, NULL, &error);
data/gtksourceview4-4.8.0/testsuite/test-file-saver.c:76:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buffer[read] = '\0';
ANALYSIS SUMMARY:
Hits = 59
Lines analyzed = 76450 in approximately 1.62 seconds (47190 lines/second)
Physical Source Lines of Code (SLOC) = 50066
Hits@level = [0] 2 [1] 38 [2] 12 [3] 9 [4] 0 [5] 0
Hits@level+ = [0+] 61 [1+] 59 [2+] 21 [3+] 9 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.21839 [1+] 1.17844 [2+] 0.419446 [3+] 0.179763 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.