Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkspell.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtk.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gvaluecaml.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtksourceview.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkrange.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkaction.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_domain.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gnomedruid.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gnomecanvas.c
Examining data/lablgtk2-2.18.8+dfsg/src/gdkprivate-win32.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtktree.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkmisc.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkbin.c
Examining data/lablgtk2-2.18.8+dfsg/src/absvalue/caml/mlvalues.h
Examining data/lablgtk2-2.18.8+dfsg/src/absvalue/caml/callback.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtknew.c
Examining data/lablgtk2-2.18.8+dfsg/src/win32.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtktext.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_glib.h
Examining data/lablgtk2-2.18.8+dfsg/src/wrappers.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtktree.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gobject.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gobject.h
Examining data/lablgtk2-2.18.8+dfsg/src/wrappers.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtksourceview2.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkpack.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkxmhtml.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gdk.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_glade.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkbroken.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_pango.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkfile.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkmenu.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkbutton.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_panel.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gdk.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_pango.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtk.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtklist.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkgl.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_glib.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gpointer.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gpointer.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gvaluecaml.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtktext.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_rsvg.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkassistant.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gdkpixbuf.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gdkpixbuf.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkedit.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkstock.c
FINAL RESULTS:
data/lablgtk2-2.18.8+dfsg/src/ml_gtktree.c:958:82: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define PATH_STRING(path) (buf1 = (path) ? gtk_tree_path_to_string(path) : "[]", strcpy(buf2,buf1), (path) ? g_free(buf1) : 0, buf2)
data/lablgtk2-2.18.8+dfsg/src/ml_gtktree.c:959:21: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define debug_print printf
data/lablgtk2-2.18.8+dfsg/src/ml_glib.c:610:19: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
const char *s = g_get_home_dir();
data/lablgtk2-2.18.8+dfsg/src/ml_glib.c:613:7: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
ML_0 (g_get_tmp_dir, copy_string)
data/lablgtk2-2.18.8+dfsg/src/ml_gtksourceview.c:416:59: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
n = g_strdup_printf ("%s_%u_%u", name, d, g_random_int ());
data/lablgtk2-2.18.8+dfsg/src/ml_gtksourceview2.c:801:59: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
n = g_strdup_printf ("%s_%u_%u", name, d, g_random_int());
data/lablgtk2-2.18.8+dfsg/src/ml_gtktree.c:1114:29: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
custom_model->stamp = g_random_int ();
data/lablgtk2-2.18.8+dfsg/src/absvalue/caml/mlvalues.h:158:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define Tag_val(val) (((unsigned char *) (val)) [-1])
data/lablgtk2-2.18.8+dfsg/src/absvalue/caml/mlvalues.h:160:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define Tag_hp(hp) (((unsigned char *) (hp)) [sizeof(value)-1])
data/lablgtk2-2.18.8+dfsg/src/absvalue/caml/mlvalues.h:163:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define Tag_val(val) (((unsigned char *) (val)) [-sizeof(value)])
data/lablgtk2-2.18.8+dfsg/src/absvalue/caml/mlvalues.h:165:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define Tag_hp(hp) (((unsigned char *) (hp)) [0])
data/lablgtk2-2.18.8+dfsg/src/absvalue/caml/mlvalues.h:228:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define Byte(x, i) (((char *) (x)) [i]) /* Also an l-value. */
data/lablgtk2-2.18.8+dfsg/src/absvalue/caml/mlvalues.h:229:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define Byte_u(x, i) (((unsigned char *) (x)) [i]) /* Also an l-value. */
data/lablgtk2-2.18.8+dfsg/src/ml_gdk.c:481:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (String_val(data), xdata, sizeof(char) * nitems);
data/lablgtk2-2.18.8+dfsg/src/ml_gdkpixbuf.c:348:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (String_val(s), buf, count);
data/lablgtk2-2.18.8+dfsg/src/ml_glib.c:466:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (String_val(v), str, len);
data/lablgtk2-2.18.8+dfsg/src/ml_gnomecanvas.c:153:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Bp_val(v), coords, sizeof coords);
data/lablgtk2-2.18.8+dfsg/src/ml_gnomecanvas.c:230:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Bp_val(arr), item->xform, len * sizeof (double));
data/lablgtk2-2.18.8+dfsg/src/ml_gnomecanvas.c:264:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(coords, Bp_val(a), sizeof coords);
data/lablgtk2-2.18.8+dfsg/src/ml_gnomecanvas.c:275:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(coords, Bp_val(a), sizeof coords);
data/lablgtk2-2.18.8+dfsg/src/ml_gnomecanvas.c:339:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Bp_val(v), coords, sizeof coords);
data/lablgtk2-2.18.8+dfsg/src/ml_gnomecanvas.c:349:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Bp_val(v), coords, sizeof coords);
data/lablgtk2-2.18.8+dfsg/src/ml_gnomecanvas.c:383:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->coords, Bp_val(arr), Bosize_val(arr));
data/lablgtk2-2.18.8+dfsg/src/ml_gnomecanvas.c:390:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Bp_val(ret), p->coords, p->num_points * 2 * sizeof(double));
data/lablgtk2-2.18.8+dfsg/src/ml_gnomecanvas.c:404:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->dash, Bp_val(dash), Bosize_val(dash));
data/lablgtk2-2.18.8+dfsg/src/ml_gnomecanvas.c:413:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Bp_val(dashes), d->dash, d->n_dash * sizeof (double));
data/lablgtk2-2.18.8+dfsg/src/ml_gpointer.c:54:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((char*)ret, start, length);
data/lablgtk2-2.18.8+dfsg/src/ml_gpointer.c:109:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (base2, base1, RegLength_val(region1));
data/lablgtk2-2.18.8+dfsg/src/ml_gtk.c:517:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (data->length) memcpy ((void*)ret, data->data, data->length);
data/lablgtk2-2.18.8+dfsg/src/ml_gtktree.c:952:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[1000];
data/lablgtk2-2.18.8+dfsg/src/ml_panel.c:186:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prog_name, *argv[ argc ];
data/lablgtk2-2.18.8+dfsg/src/wrappers.c:42:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((value *) ret + 2, src, size);
data/lablgtk2-2.18.8+dfsg/src/ml_glib.c:369:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gsize read;
data/lablgtk2-2.18.8+dfsg/src/ml_glib.c:373:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
&read)) {
data/lablgtk2-2.18.8+dfsg/src/ml_glib.c:375:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return Val_int( read );
data/lablgtk2-2.18.8+dfsg/src/ml_glib.c:389:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gsize read;
data/lablgtk2-2.18.8+dfsg/src/ml_glib.c:395:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
&read,
data/lablgtk2-2.18.8+dfsg/src/ml_glib.c:400:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return Val_int( read );
data/lablgtk2-2.18.8+dfsg/src/ml_gpointer.c:52:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = Option_val(len, Int_val, strlen(start));
ANALYSIS SUMMARY:
Hits = 39
Lines analyzed = 13995 in approximately 1.20 seconds (11671 lines/second)
Physical Source Lines of Code (SLOC) = 10206
Hits@level = [0] 2 [1] 7 [2] 25 [3] 5 [4] 2 [5] 0
Hits@level+ = [0+] 41 [1+] 39 [2+] 32 [3+] 7 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 4.01724 [1+] 3.82128 [2+] 3.13541 [3+] 0.685871 [4+] 0.195963 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.