Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libxfce4ui-4.15.5/libxfce4kbd-private/xfce-shortcuts-provider.c
Examining data/libxfce4ui-4.15.5/libxfce4kbd-private/xfce-shortcut-dialog.c
Examining data/libxfce4ui-4.15.5/libxfce4kbd-private/xfce-shortcuts-grabber.h
Examining data/libxfce4ui-4.15.5/libxfce4kbd-private/xfce-shortcuts-marshal.c
Examining data/libxfce4ui-4.15.5/libxfce4kbd-private/xfce-shortcuts-xfwm4.h
Examining data/libxfce4ui-4.15.5/libxfce4kbd-private/xfce-shortcuts-xfwm4.c
Examining data/libxfce4ui-4.15.5/libxfce4kbd-private/xfce-shortcuts-marshal.h
Examining data/libxfce4ui-4.15.5/libxfce4kbd-private/xfce-shortcut-dialog.h
Examining data/libxfce4ui-4.15.5/libxfce4kbd-private/xfce-shortcuts.h
Examining data/libxfce4ui-4.15.5/libxfce4kbd-private/xfce-shortcuts-provider.h
Examining data/libxfce4ui-4.15.5/libxfce4kbd-private/xfce-shortcuts-grabber.c
Examining data/libxfce4ui-4.15.5/libxfce4kbd-private/xfce-shortcuts.c
Examining data/libxfce4ui-4.15.5/xfce4-about/about-dialog-ui.h
Examining data/libxfce4ui-4.15.5/xfce4-about/translators.h
Examining data/libxfce4ui-4.15.5/xfce4-about/system-info.c
Examining data/libxfce4ui-4.15.5/xfce4-about/contributors.h
Examining data/libxfce4ui-4.15.5/xfce4-about/system-info.h
Examining data/libxfce4ui-4.15.5/xfce4-about/main.c
Examining data/libxfce4ui-4.15.5/tests/test-ui.c
Examining data/libxfce4ui-4.15.5/glade/libxfce4ui-glade.c
Examining data/libxfce4ui-4.15.5/libxfce4ui/xfce-sm-client.h
Examining data/libxfce4ui-4.15.5/libxfce4ui/xfce-sm-client.c
Examining data/libxfce4ui-4.15.5/libxfce4ui/libxfce4ui-config.h
Examining data/libxfce4ui-4.15.5/libxfce4ui/xfce-gdk-extensions.h
Examining data/libxfce4ui-4.15.5/libxfce4ui/xfce-dialogs.h
Examining data/libxfce4ui-4.15.5/libxfce4ui/libxfce4ui-enum-types.h
Examining data/libxfce4ui-4.15.5/libxfce4ui/xfce-titled-dialog.h
Examining data/libxfce4ui-4.15.5/libxfce4ui/libxfce4ui-config.c
Examining data/libxfce4ui-4.15.5/libxfce4ui/libxfce4ui.h
Examining data/libxfce4ui-4.15.5/libxfce4ui/libxfce4ui-aliasdef.c
Examining data/libxfce4ui-4.15.5/libxfce4ui/xfce-spawn.h
Examining data/libxfce4ui-4.15.5/libxfce4ui/libxfce4ui-resources.h
Examining data/libxfce4ui-4.15.5/libxfce4ui/libxfce4ui-enum-types.c
Examining data/libxfce4ui-4.15.5/libxfce4ui/xfce-gtk-extensions.h
Examining data/libxfce4ui-4.15.5/libxfce4ui/xfce-spawn.c
Examining data/libxfce4ui-4.15.5/libxfce4ui/xfce-gdk-extensions.c
Examining data/libxfce4ui-4.15.5/libxfce4ui/libxfce4ui-marshal.c
Examining data/libxfce4ui-4.15.5/libxfce4ui/xfce-dialogs.c
Examining data/libxfce4ui-4.15.5/libxfce4ui/libxfce4ui-resources.c
Examining data/libxfce4ui-4.15.5/libxfce4ui/libxfce4ui-alias.h
Examining data/libxfce4ui-4.15.5/libxfce4ui/xfce-filename-input.c
Examining data/libxfce4ui-4.15.5/libxfce4ui/libxfce4ui-private.h
Examining data/libxfce4ui-4.15.5/libxfce4ui/xfce-titled-dialog.c
Examining data/libxfce4ui-4.15.5/libxfce4ui/xfce-gtk-extensions.c
Examining data/libxfce4ui-4.15.5/libxfce4ui/libxfce4ui-marshal.h
Examining data/libxfce4ui-4.15.5/libxfce4ui/xfce-filename-input.h
FINAL RESULTS:
data/libxfce4ui-4.15.5/libxfce4ui/xfce-sm-client.c:1566:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256] = "";
data/libxfce4ui-4.15.5/libxfce4ui/xfce-sm-client.c:1572:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pid[32];
data/libxfce4ui-4.15.5/libxfce4kbd-private/xfce-shortcuts-provider.c:305:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shortcut = property + strlen (provider->priv->custom_base_property) + strlen ("/");
data/libxfce4ui-4.15.5/libxfce4kbd-private/xfce-shortcuts-provider.c:305:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shortcut = property + strlen (provider->priv->custom_base_property) + strlen ("/");
data/libxfce4ui-4.15.5/libxfce4kbd-private/xfce-shortcuts-provider.c:415:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shortcut = property + strlen (provider->priv->default_base_property) + strlen ("/");
data/libxfce4ui-4.15.5/libxfce4kbd-private/xfce-shortcuts-provider.c:415:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shortcut = property + strlen (provider->priv->default_base_property) + strlen ("/");
data/libxfce4ui-4.15.5/libxfce4kbd-private/xfce-shortcuts-provider.c:481:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shortcut = property + strlen (context->provider->priv->custom_base_property) + strlen ("/");
data/libxfce4ui-4.15.5/libxfce4kbd-private/xfce-shortcuts-provider.c:481:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shortcut = property + strlen (context->provider->priv->custom_base_property) + strlen ("/");
data/libxfce4ui-4.15.5/libxfce4kbd-private/xfce-shortcuts-provider.c:609:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
replaced = g_string_sized_new (strlen (shortcut));
data/libxfce4ui-4.15.5/libxfce4ui/libxfce4ui-resources.c:549:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/libxfce4ui-4.15.5/libxfce4ui/libxfce4ui-resources.c:557:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/libxfce4ui-4.15.5/libxfce4ui/libxfce4ui-resources.c:569:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/libxfce4ui-4.15.5/libxfce4ui/libxfce4ui-resources.c:576:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/libxfce4ui-4.15.5/libxfce4ui/xfce-gtk-extensions.c:582:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (stock_id != NULL && strlen(stock_id) > 0)
data/libxfce4ui-4.15.5/libxfce4ui/xfce-sm-client.c:689:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strncmp(argv[i], SM_ID_ARG, strlen(SM_ID_ARG))) {
data/libxfce4ui-4.15.5/libxfce4ui/xfce-sm-client.c:690:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(argv[i][strlen(SM_ID_ARG)] == '=')
data/libxfce4ui-4.15.5/libxfce4ui/xfce-sm-client.c:691:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
client_id = &(argv[i][strlen(SM_ID_ARG)+1]);
data/libxfce4ui-4.15.5/libxfce4ui/xfce-sm-client.c:694:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if(!strncmp(argv[i], DPY_ARG, strlen(DPY_ARG))) {
data/libxfce4ui-4.15.5/libxfce4ui/xfce-sm-client.c:696:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(argv[i][strlen(DPY_ARG)] != '=')
data/libxfce4ui-4.15.5/libxfce4ui/xfce-sm-client.c:1272:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& !strncmp(command[argc], SM_ID_ARG, strlen(SM_ID_ARG)))
data/libxfce4ui-4.15.5/libxfce4ui/xfce-sm-client.c:1278:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(command[argc][strlen(SM_ID_ARG)] == '=')
data/libxfce4ui-4.15.5/libxfce4ui/xfce-sm-client.c:1279:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur_client_id = &(command[argc][strlen(SM_ID_ARG)+1]);
data/libxfce4ui-4.15.5/libxfce4ui/xfce-sm-client.c:1308:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& !strncmp(*command, SM_ID_ARG, strlen(SM_ID_ARG)))
data/libxfce4ui-4.15.5/libxfce4ui/xfce-sm-client.c:1310:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((*command)[strlen(SM_ID_ARG)] != '=' && *(command+1)) {
data/libxfce4ui-4.15.5/libxfce4ui/xfce-sm-client.c:1315:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vals[i].length = strlen(*command);
data/libxfce4ui-4.15.5/libxfce4ui/xfce-sm-client.c:1322:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vals[i].length = strlen(SM_ID_ARG);
data/libxfce4ui-4.15.5/libxfce4ui/xfce-sm-client.c:1324:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vals[i].length = strlen(sm_client->client_id);
data/libxfce4ui-4.15.5/libxfce4ui/xfce-sm-client.c:1647:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prop1val.length = strlen(prop1val.value);
data/libxfce4ui-4.15.5/libxfce4ui/xfce-sm-client.c:1655:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prop2val.length = strlen(prop2val.value);
data/libxfce4ui-4.15.5/libxfce4ui/xfce-sm-client.c:1672:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prop4val.length = strlen(prop4val.value);
data/libxfce4ui-4.15.5/libxfce4ui/xfce-sm-client.c:1680:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prop5val.length = strlen(prop5val.value);
data/libxfce4ui-4.15.5/libxfce4ui/xfce-sm-client.c:1697:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prop7val.length = strlen(sm_client->desktop_file);
data/libxfce4ui-4.15.5/libxfce4ui/xfce-sm-client.c:1900:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
propval.length = strlen(sm_client->desktop_file);
data/libxfce4ui-4.15.5/libxfce4ui/xfce-sm-client.c:2060:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
propval.length = strlen(propval.value);
data/libxfce4ui-4.15.5/xfce4-about/system-info.c:276:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize length = strlen (renderer);
data/libxfce4ui-4.15.5/xfce4-about/system-info.c:354:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
delimiter += strlen ("=");
data/libxfce4ui-4.15.5/xfce4-about/system-info.c:358:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
delimiter += strlen ("\"");
data/libxfce4ui-4.15.5/xfce4-about/system-info.c:360:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (delimiter);
data/libxfce4ui-4.15.5/xfce4-about/system-info.c:364:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size -= strlen ("\"");
ANALYSIS SUMMARY:
Hits = 39
Lines analyzed = 14374 in approximately 0.68 seconds (21008 lines/second)
Physical Source Lines of Code (SLOC) = 9510
Hits@level = [0] 0 [1] 37 [2] 2 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 39 [1+] 39 [2+] 2 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 4.10095 [1+] 4.10095 [2+] 0.210305 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.