Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/guile-gnome-platform-2.16.5/gtk/gnome/gw/guile-gtk-tree-model.h
Examining data/guile-gnome-platform-2.16.5/gtk/gnome/gw/gdk-support.h
Examining data/guile-gnome-platform-2.16.5/gtk/gnome/gw/guile-gtk-tree-model.c
Examining data/guile-gnome-platform-2.16.5/gtk/gnome/gw/gdk-pixbuf-support.c
Examining data/guile-gnome-platform-2.16.5/gtk/gnome/gw/gdk-pixbuf-support.h
Examining data/guile-gnome-platform-2.16.5/gtk/gnome/gw/gtk-support.h
Examining data/guile-gnome-platform-2.16.5/gtk/gnome/gw/gdk-support.c
Examining data/guile-gnome-platform-2.16.5/gtk/gnome/gw/gtk-support.c
Examining data/guile-gnome-platform-2.16.5/pango/gnome/gw/pango-support.h
Examining data/guile-gnome-platform-2.16.5/pango/gnome/gw/pango-support.c
Examining data/guile-gnome-platform-2.16.5/libglade/gnome/gw/glade-support.h
Examining data/guile-gnome-platform-2.16.5/libglade/gnome/gw/glade-support.c
Examining data/guile-gnome-platform-2.16.5/libgnome/gnome/gw/gnome-support.h
Examining data/guile-gnome-platform-2.16.5/libgnome/gnome/gw/gnome-support.c
Examining data/guile-gnome-platform-2.16.5/libgnomecanvas/gnome/gw/libgnomecanvas-support.h
Examining data/guile-gnome-platform-2.16.5/libgnomecanvas/gnome/gw/libgnomecanvas-support.c
Examining data/guile-gnome-platform-2.16.5/glib/test-suite/test-glib.h
Examining data/guile-gnome-platform-2.16.5/glib/test-suite/test-gobject.h
Examining data/guile-gnome-platform-2.16.5/glib/test-suite/test-glib.c
Examining data/guile-gnome-platform-2.16.5/glib/test-suite/test-gobject.c
Examining data/guile-gnome-platform-2.16.5/glib/gnome/gw/glib-support.h
Examining data/guile-gnome-platform-2.16.5/glib/gnome/gw/glib-support.c
Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gutil.h
Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gclosure.c
Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/guile-support.h
Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gsignal.c
Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gc.c
Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gclosure.h
Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gtype.c
Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gparameter.c
Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/guile-support.c
Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/private.h
Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gparameter.h
Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/guile-gnome-gobject.h
Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gvalue.c
Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gobject.h
Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gc.h
Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gobject.c
Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gvalue.h
Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gutil.c
Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gsignal.h
Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gtype.h
Examining data/guile-gnome-platform-2.16.5/gconf/gnome/gw/gconf-support.h
Examining data/guile-gnome-platform-2.16.5/gconf/gnome/gw/gconf-support.c
FINAL RESULTS:
data/guile-gnome-platform-2.16.5/gtk/gnome/gw/guile-gtk-tree-model.c:114:25: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
tree_model->stamp = g_random_int ();
data/guile-gnome-platform-2.16.5/glib/gnome/gw/glib-support.c:46:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return g_bookmark_file_load_from_data (bookmark, data, strlen (data),
data/guile-gnome-platform-2.16.5/gtk/gnome/gw/gtk-support.c:275:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_clipboard_set_text (clipboard, text, strlen (text));
data/guile-gnome-platform-2.16.5/gtk/gnome/gw/gtk-support.c:281:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_editable_insert_text (editable, text, strlen (text), &pos);
data/guile-gnome-platform-2.16.5/libglade/gnome/gw/glade-support.c:38:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return glade_xml_new_from_buffer (buffer, strlen (buffer), root, domain);
ANALYSIS SUMMARY:
Hits = 5
Lines analyzed = 8402 in approximately 0.92 seconds (9117 lines/second)
Physical Source Lines of Code (SLOC) = 5850
Hits@level = [0] 0 [1] 4 [2] 0 [3] 1 [4] 0 [5] 0
Hits@level+ = [0+] 5 [1+] 5 [2+] 1 [3+] 1 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.854701 [1+] 0.854701 [2+] 0.17094 [3+] 0.17094 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.