Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gummi-0.8.1/src/biblio.c
Examining data/gummi-0.8.1/src/biblio.h
Examining data/gummi-0.8.1/src/compile/latexmk.c
Examining data/gummi-0.8.1/src/compile/latexmk.h
Examining data/gummi-0.8.1/src/compile/rubber.c
Examining data/gummi-0.8.1/src/compile/rubber.h
Examining data/gummi-0.8.1/src/compile/texlive.c
Examining data/gummi-0.8.1/src/compile/texlive.h
Examining data/gummi-0.8.1/src/configfile.c
Examining data/gummi-0.8.1/src/configfile.h
Examining data/gummi-0.8.1/src/editor.c
Examining data/gummi-0.8.1/src/editor.h
Examining data/gummi-0.8.1/src/environment.c
Examining data/gummi-0.8.1/src/environment.h
Examining data/gummi-0.8.1/src/external.c
Examining data/gummi-0.8.1/src/external.h
Examining data/gummi-0.8.1/src/gui/gui-import.c
Examining data/gummi-0.8.1/src/gui/gui-import.h
Examining data/gummi-0.8.1/src/gui/gui-infoscreen.c
Examining data/gummi-0.8.1/src/gui/gui-infoscreen.h
Examining data/gummi-0.8.1/src/gui/gui-main.c
Examining data/gummi-0.8.1/src/gui/gui-main.h
Examining data/gummi-0.8.1/src/gui/gui-menu.c
Examining data/gummi-0.8.1/src/gui/gui-menu.h
Examining data/gummi-0.8.1/src/gui/gui-prefs.c
Examining data/gummi-0.8.1/src/gui/gui-prefs.h
Examining data/gummi-0.8.1/src/gui/gui-preview.c
Examining data/gummi-0.8.1/src/gui/gui-preview.h
Examining data/gummi-0.8.1/src/gui/gui-project.c
Examining data/gummi-0.8.1/src/gui/gui-project.h
Examining data/gummi-0.8.1/src/gui/gui-search.c
Examining data/gummi-0.8.1/src/gui/gui-search.h
Examining data/gummi-0.8.1/src/gui/gui-snippets.c
Examining data/gummi-0.8.1/src/gui/gui-snippets.h
Examining data/gummi-0.8.1/src/gui/gui-tabmanager.c
Examining data/gummi-0.8.1/src/gui/gui-tabmanager.h
Examining data/gummi-0.8.1/src/importer.c
Examining data/gummi-0.8.1/src/importer.h
Examining data/gummi-0.8.1/src/iofunctions.c
Examining data/gummi-0.8.1/src/iofunctions.h
Examining data/gummi-0.8.1/src/latex.c
Examining data/gummi-0.8.1/src/latex.h
Examining data/gummi-0.8.1/src/main.c
Examining data/gummi-0.8.1/src/motion.c
Examining data/gummi-0.8.1/src/motion.h
Examining data/gummi-0.8.1/src/project.c
Examining data/gummi-0.8.1/src/project.h
Examining data/gummi-0.8.1/src/signals.c
Examining data/gummi-0.8.1/src/signals.h
Examining data/gummi-0.8.1/src/snippets.h
Examining data/gummi-0.8.1/src/tabmanager.c
Examining data/gummi-0.8.1/src/tabmanager.h
Examining data/gummi-0.8.1/src/template.c
Examining data/gummi-0.8.1/src/template.h
Examining data/gummi-0.8.1/src/utils.c
Examining data/gummi-0.8.1/src/utils.h
Examining data/gummi-0.8.1/src/constants.h
Examining data/gummi-0.8.1/src/snippets.c
FINAL RESULTS:
data/gummi-0.8.1/src/motion.c:114:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(command);
data/gummi-0.8.1/src/utils.c:113:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf (message, BUFSIZ, fmt, vap);
data/gummi-0.8.1/src/gui/gui-main.c:785:55: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
gtk_file_chooser_set_current_folder (chooser, g_get_home_dir ());
data/gummi-0.8.1/src/gui/gui-main.c:820:51: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
gtk_file_chooser_set_current_folder (chooser, g_get_home_dir ());
data/gummi-0.8.1/src/utils.c:305:18: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
(C_DIRSEP, g_get_home_dir(), "gtmp", NULL);
data/gummi-0.8.1/src/gui/gui-menu.c:432:58: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (!utils_copy_file (g_active_editor->workfile, tmpfile, &err)) {
data/gummi-0.8.1/src/gui/gui-menu.c:434:21: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
g_free (tmpfile);
data/gummi-0.8.1/src/gui/gui-menu.c:439:49: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
cmd = g_strdup_printf ("texcount '%s'", tmpfile);
data/gummi-0.8.1/src/gui/gui-menu.c:445:25: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
g_free (tmpfile);
data/gummi-0.8.1/src/gui/gui-menu.c:464:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
g_free (tmpfile);
data/gummi-0.8.1/src/gui/gui-preview.c:1562:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gint newpage = atoi (gtk_entry_get_text (entry));
data/gummi-0.8.1/src/gui/gui-snippets.c:296:63: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
snippetsgui_move_cursor_to_row (gui->snippetsgui, atoi (path_str));
data/gummi-0.8.1/src/gui/gui-snippets.c:298:62: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
snippetsgui_move_cursor_to_row(gui->snippetsgui, atoi(path_str) -1);
data/gummi-0.8.1/src/latex.c:147:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lc->errorlines[count++] = atoi (result);
data/gummi-0.8.1/src/snippets.c:101:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! (fh = fopen (sc->filename, "r"))) {
data/gummi-0.8.1/src/snippets.c:146:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! (fh = fopen (sc->filename, "w")))
data/gummi-0.8.1/src/snippets.c:372:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
snippet_info_append_holder (info, atoi (result[1]), start,
data/gummi-0.8.1/src/biblio.c:79:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!STR_EQU (result[1] +strlen (result[1]) -4, ".bib"))
data/gummi-0.8.1/src/biblio.c:101:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
auxname[strlen (auxname) -4] = 0;
data/gummi-0.8.1/src/configfile.c:179:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (default_config),
data/gummi-0.8.1/src/configfile.c:196:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (default_config),
data/gummi-0.8.1/src/configfile.c:213:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (default_config),
data/gummi-0.8.1/src/configfile.c:249:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_key_file_load_from_data (key_file, default_config, strlen(default_config),
data/gummi-0.8.1/src/editor.c:360:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_set_text (ec_buffer, text, strlen (text));
data/gummi-0.8.1/src/editor.c:471:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (result[1]) == 0 && strlen (result[3]) == 0) {
data/gummi-0.8.1/src/editor.c:471:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (result[1]) == 0 && strlen (result[3]) == 0) {
data/gummi-0.8.1/src/editor.c:474:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen (result[1]) != 0 || strlen (result[3]) != 0) {
data/gummi-0.8.1/src/editor.c:474:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen (result[1]) != 0 || strlen (result[3]) != 0) {
data/gummi-0.8.1/src/editor.c:490:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_iter_backward_chars (&start, strlen (outtext));
data/gummi-0.8.1/src/editor.c:582:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_iter_forward_chars (¤t, strlen (ec->term));
data/gummi-0.8.1/src/gui/gui-import.c:154:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert (g_e_buffer, ¤t, text, strlen (text));
data/gummi-0.8.1/src/gui/gui-import.c:171:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != strlen (imagefile)) {
data/gummi-0.8.1/src/gui/gui-import.c:182:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert (g_e_buffer, ¤t,text,strlen (text));
data/gummi-0.8.1/src/gui/gui-import.c:204:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert (g_e_buffer, ¤t, text, strlen (text));
data/gummi-0.8.1/src/gui/gui-import.c:218:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((filename) && (strlen(filename) != 0)) {
data/gummi-0.8.1/src/gui/gui-main.c:382:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!STR_EQU (filename + strlen (filename) -4, ".tex")) {
data/gummi-0.8.1/src/gui/gui-main.c:429:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pdfname[strlen (pdfname) -4] = 0;
data/gummi-0.8.1/src/gui/gui-main.c:650:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert_at_cursor (g_e_buffer, out, strlen (out));
data/gummi-0.8.1/src/gui/gui-main.c:661:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(data) == 0) return TRUE;
data/gummi-0.8.1/src/gui/gui-main.c:829:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
basename[strlen (basename) -4] = 0;
data/gummi-0.8.1/src/gui/gui-snippets.c:185:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (new_accel)) {
data/gummi-0.8.1/src/gui/gui-snippets.c:338:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen (gtk_entry_get_text (s->accelerator_entry)))
data/gummi-0.8.1/src/gui/gui-snippets.c:436:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (name)) {
data/gummi-0.8.1/src/importer.c:60:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat (begin_tabular, "|", BUFSIZ - strlen (begin_tabular) -1);
data/gummi-0.8.1/src/importer.c:60:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (begin_tabular, "|", BUFSIZ - strlen (begin_tabular) -1);
data/gummi-0.8.1/src/importer.c:62:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (begin_tabular, align_type[alignment], BUFSIZ
data/gummi-0.8.1/src/importer.c:63:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
-strlen (begin_tabular) -1);
data/gummi-0.8.1/src/importer.c:65:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat (begin_tabular, "|", BUFSIZ -strlen (begin_tabular) -1);
data/gummi-0.8.1/src/importer.c:65:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (begin_tabular, "|", BUFSIZ -strlen (begin_tabular) -1);
data/gummi-0.8.1/src/importer.c:67:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat (begin_tabular, "}", BUFSIZ -strlen (begin_tabular) -1);
data/gummi-0.8.1/src/importer.c:67:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (begin_tabular, "}", BUFSIZ -strlen (begin_tabular) -1);
data/gummi-0.8.1/src/importer.c:69:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (table, line, BUFSIZ * 2 -strlen (table) -1);
data/gummi-0.8.1/src/importer.c:69:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (table, line, BUFSIZ * 2 -strlen (table) -1);
data/gummi-0.8.1/src/importer.c:71:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat (table, "\n\t", BUFSIZ * 2 -strlen (table) -1);
data/gummi-0.8.1/src/importer.c:71:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (table, "\n\t", BUFSIZ * 2 -strlen (table) -1);
data/gummi-0.8.1/src/importer.c:74:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (table, tmp, BUFSIZ * 2 -strlen (table) -1);
data/gummi-0.8.1/src/importer.c:74:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (table, tmp, BUFSIZ * 2 -strlen (table) -1);
data/gummi-0.8.1/src/importer.c:76:17: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat (table, " & ", BUFSIZ * 2 -strlen (table) -1);
data/gummi-0.8.1/src/importer.c:76:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (table, " & ", BUFSIZ * 2 -strlen (table) -1);
data/gummi-0.8.1/src/importer.c:78:17: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat (table, "\\\\", BUFSIZ * 2 -strlen (table) -1);
data/gummi-0.8.1/src/importer.c:78:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (table, "\\\\", BUFSIZ * 2 -strlen (table) -1);
data/gummi-0.8.1/src/importer.c:81:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (table, line, BUFSIZ * 2 -strlen (table) -1);
data/gummi-0.8.1/src/importer.c:81:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (table, line, BUFSIZ * 2 -strlen (table) -1);
data/gummi-0.8.1/src/importer.c:83:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (result, begin_tabular, BUFSIZ *2 -strlen (result) -1);
data/gummi-0.8.1/src/importer.c:83:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (result, begin_tabular, BUFSIZ *2 -strlen (result) -1);
data/gummi-0.8.1/src/importer.c:84:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (result, table, BUFSIZ *2 -strlen (result) -1);
data/gummi-0.8.1/src/importer.c:84:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (result, table, BUFSIZ *2 -strlen (result) -1);
data/gummi-0.8.1/src/importer.c:85:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (result, end_tabular, BUFSIZ *2 -strlen (result) -1);
data/gummi-0.8.1/src/importer.c:85:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (result, end_tabular, BUFSIZ *2 -strlen (result) -1);
data/gummi-0.8.1/src/importer.c:97:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat (result, "$\\begin{", BUFSIZ * 2 -strlen (result) -1);
data/gummi-0.8.1/src/importer.c:97:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (result, "$\\begin{", BUFSIZ * 2 -strlen (result) -1);
data/gummi-0.8.1/src/importer.c:98:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (result, bracket_type[bracket], BUFSIZ * 2 -strlen (result) -1);
data/gummi-0.8.1/src/importer.c:98:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (result, bracket_type[bracket], BUFSIZ * 2 -strlen (result) -1);
data/gummi-0.8.1/src/importer.c:99:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat (result, "}", BUFSIZ * 2 - strlen (result) -1);
data/gummi-0.8.1/src/importer.c:99:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (result, "}", BUFSIZ * 2 - strlen (result) -1);
data/gummi-0.8.1/src/importer.c:102:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat (result, "\n\t", BUFSIZ * 2 -strlen (result) -1);
data/gummi-0.8.1/src/importer.c:102:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (result, "\n\t", BUFSIZ * 2 -strlen (result) -1);
data/gummi-0.8.1/src/importer.c:105:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (result, tmp, BUFSIZ * 2 -strlen (result) -1);
data/gummi-0.8.1/src/importer.c:105:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (result, tmp, BUFSIZ * 2 -strlen (result) -1);
data/gummi-0.8.1/src/importer.c:107:17: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat (result, " & ", BUFSIZ * 2 -strlen (result) -1);
data/gummi-0.8.1/src/importer.c:107:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (result, " & ", BUFSIZ * 2 -strlen (result) -1);
data/gummi-0.8.1/src/importer.c:109:17: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat (result, "\\\\", BUFSIZ * 2 -strlen (result) -1);
data/gummi-0.8.1/src/importer.c:109:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (result, "\\\\", BUFSIZ * 2 -strlen (result) -1);
data/gummi-0.8.1/src/importer.c:112:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat (result, "\n\\end{", BUFSIZ * 2 -strlen (result) -1);
data/gummi-0.8.1/src/importer.c:112:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (result, "\n\\end{", BUFSIZ * 2 -strlen (result) -1);
data/gummi-0.8.1/src/importer.c:113:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (result, bracket_type[bracket], BUFSIZ * 2 -strlen (result) -1);
data/gummi-0.8.1/src/importer.c:113:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (result, bracket_type[bracket], BUFSIZ * 2 -strlen (result) -1);
data/gummi-0.8.1/src/importer.c:114:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat (result, "}$\n", BUFSIZ * 2 -strlen (result) -1);
data/gummi-0.8.1/src/importer.c:114:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (result, "}$\n", BUFSIZ * 2 -strlen (result) -1);
data/gummi-0.8.1/src/iofunctions.c:230:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (! (result = g_locale_to_utf8 (text, -1, &read, &written, &err))) {
data/gummi-0.8.1/src/iofunctions.c:234:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize in_size = strlen (text), out_size = in_size * 2;
data/gummi-0.8.1/src/iofunctions.c:255:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (! (result = g_locale_from_utf8 (text, -1, &read, &written, &err))) {
data/gummi-0.8.1/src/latex.c:254:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!STR_EQU (path + strlen (path) -4, ".pdf"))
data/gummi-0.8.1/src/project.c:68:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!STR_EQU (filename + strlen (filename) -6, ".gummi")) {
data/gummi-0.8.1/src/project.c:124:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (content) == 0) {
data/gummi-0.8.1/src/snippets.c:112:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen (buf) -1] = 0; /* remove trailing '\n' */
data/gummi-0.8.1/src/snippets.c:115:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ('#' == buf[0] || !strlen(buf)) {
data/gummi-0.8.1/src/snippets.c:161:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (current->second) + 1;
data/gummi-0.8.1/src/snippets.c:208:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (configs[1]) == 0) {
data/gummi-0.8.1/src/snippets.c:598:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_iter_forward_chars (&me, strlen (info->sel_text));
data/gummi-0.8.1/src/template.c:185:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_file_set_contents (filepath, text, strlen (text), NULL);
data/gummi-0.8.1/src/utils.c:262:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((len = read (pout, buf, BUFSIZ)) > 0) {
data/gummi-0.8.1/src/utils.c:295:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (root != NULL) && (0 == strncmp (target, root, strlen (root))))
data/gummi-0.8.1/src/utils.c:296:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tstr = g_strdup (target + strlen (root) + 1);
data/gummi-0.8.1/src/utils.c:346:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
return strncpy(dst, &src[start], end - start);
data/gummi-0.8.1/src/utils.c:355:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strncmp (current->first, term, strlen (term)))
ANALYSIS SUMMARY:
Hits = 106
Lines analyzed = 13366 in approximately 0.40 seconds (33644 lines/second)
Physical Source Lines of Code (SLOC) = 8894
Hits@level = [0] 9 [1] 89 [2] 12 [3] 3 [4] 2 [5] 0
Hits@level+ = [0+] 115 [1+] 106 [2+] 17 [3+] 5 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 12.9301 [1+] 11.9181 [2+] 1.9114 [3+] 0.562177 [4+] 0.224871 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.