Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/guile-gnome-platform-2.16.5/gtk/gnome/gw/guile-gtk-tree-model.h Examining data/guile-gnome-platform-2.16.5/gtk/gnome/gw/gdk-support.h Examining data/guile-gnome-platform-2.16.5/gtk/gnome/gw/guile-gtk-tree-model.c Examining data/guile-gnome-platform-2.16.5/gtk/gnome/gw/gdk-pixbuf-support.c Examining data/guile-gnome-platform-2.16.5/gtk/gnome/gw/gdk-pixbuf-support.h Examining data/guile-gnome-platform-2.16.5/gtk/gnome/gw/gtk-support.h Examining data/guile-gnome-platform-2.16.5/gtk/gnome/gw/gdk-support.c Examining data/guile-gnome-platform-2.16.5/gtk/gnome/gw/gtk-support.c Examining data/guile-gnome-platform-2.16.5/pango/gnome/gw/pango-support.h Examining data/guile-gnome-platform-2.16.5/pango/gnome/gw/pango-support.c Examining data/guile-gnome-platform-2.16.5/libglade/gnome/gw/glade-support.h Examining data/guile-gnome-platform-2.16.5/libglade/gnome/gw/glade-support.c Examining data/guile-gnome-platform-2.16.5/libgnome/gnome/gw/gnome-support.h Examining data/guile-gnome-platform-2.16.5/libgnome/gnome/gw/gnome-support.c Examining data/guile-gnome-platform-2.16.5/libgnomecanvas/gnome/gw/libgnomecanvas-support.h Examining data/guile-gnome-platform-2.16.5/libgnomecanvas/gnome/gw/libgnomecanvas-support.c Examining data/guile-gnome-platform-2.16.5/glib/test-suite/test-glib.h Examining data/guile-gnome-platform-2.16.5/glib/test-suite/test-gobject.h Examining data/guile-gnome-platform-2.16.5/glib/test-suite/test-glib.c Examining data/guile-gnome-platform-2.16.5/glib/test-suite/test-gobject.c Examining data/guile-gnome-platform-2.16.5/glib/gnome/gw/glib-support.h Examining data/guile-gnome-platform-2.16.5/glib/gnome/gw/glib-support.c Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gutil.h Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gclosure.c Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/guile-support.h Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gsignal.c Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gc.c Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gclosure.h Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gtype.c Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gparameter.c Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/guile-support.c Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/private.h Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gparameter.h Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/guile-gnome-gobject.h Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gvalue.c Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gobject.h Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gc.h Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gobject.c Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gvalue.h Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gutil.c Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gsignal.h Examining data/guile-gnome-platform-2.16.5/glib/gnome/gobject/gtype.h Examining data/guile-gnome-platform-2.16.5/gconf/gnome/gw/gconf-support.h Examining data/guile-gnome-platform-2.16.5/gconf/gnome/gw/gconf-support.c FINAL RESULTS: data/guile-gnome-platform-2.16.5/gtk/gnome/gw/guile-gtk-tree-model.c:114:25: [3] (random) g_random_int: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. tree_model->stamp = g_random_int (); data/guile-gnome-platform-2.16.5/glib/gnome/gw/glib-support.c:46:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return g_bookmark_file_load_from_data (bookmark, data, strlen (data), data/guile-gnome-platform-2.16.5/gtk/gnome/gw/gtk-support.c:275:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gtk_clipboard_set_text (clipboard, text, strlen (text)); data/guile-gnome-platform-2.16.5/gtk/gnome/gw/gtk-support.c:281:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gtk_editable_insert_text (editable, text, strlen (text), &pos); data/guile-gnome-platform-2.16.5/libglade/gnome/gw/glade-support.c:38:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return glade_xml_new_from_buffer (buffer, strlen (buffer), root, domain); ANALYSIS SUMMARY: Hits = 5 Lines analyzed = 8402 in approximately 0.92 seconds (9117 lines/second) Physical Source Lines of Code (SLOC) = 5850 Hits@level = [0] 0 [1] 4 [2] 0 [3] 1 [4] 0 [5] 0 Hits@level+ = [0+] 5 [1+] 5 [2+] 1 [3+] 1 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0.854701 [1+] 0.854701 [2+] 0.17094 [3+] 0.17094 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.