Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/mate-utils-1.24.0/baobab/src/baobab-cell-renderer-progress.c Examining data/mate-utils-1.24.0/baobab/src/baobab-cell-renderer-progress.h Examining data/mate-utils-1.24.0/baobab/src/baobab-chart.c Examining data/mate-utils-1.24.0/baobab/src/baobab-chart.h Examining data/mate-utils-1.24.0/baobab/src/baobab-prefs.c Examining data/mate-utils-1.24.0/baobab/src/baobab-prefs.h Examining data/mate-utils-1.24.0/baobab/src/baobab-remote-connect-dialog.c Examining data/mate-utils-1.24.0/baobab/src/baobab-remote-connect-dialog.h Examining data/mate-utils-1.24.0/baobab/src/baobab-ringschart.c Examining data/mate-utils-1.24.0/baobab/src/baobab-ringschart.h Examining data/mate-utils-1.24.0/baobab/src/baobab-scan.c Examining data/mate-utils-1.24.0/baobab/src/baobab-scan.h Examining data/mate-utils-1.24.0/baobab/src/baobab-treemap.c Examining data/mate-utils-1.24.0/baobab/src/baobab-treemap.h Examining data/mate-utils-1.24.0/baobab/src/baobab-treeview.c Examining data/mate-utils-1.24.0/baobab/src/baobab-treeview.h Examining data/mate-utils-1.24.0/baobab/src/baobab-utils.c Examining data/mate-utils-1.24.0/baobab/src/baobab-utils.h Examining data/mate-utils-1.24.0/baobab/src/baobab.c Examining data/mate-utils-1.24.0/baobab/src/baobab.h Examining data/mate-utils-1.24.0/baobab/src/callbacks.c Examining data/mate-utils-1.24.0/baobab/src/callbacks.h Examining data/mate-utils-1.24.0/gsearchtool/libeggsmclient/eggdesktopfile.c Examining data/mate-utils-1.24.0/gsearchtool/libeggsmclient/eggdesktopfile.h Examining data/mate-utils-1.24.0/gsearchtool/libeggsmclient/eggsmclient-private.h Examining data/mate-utils-1.24.0/gsearchtool/libeggsmclient/eggsmclient-xsmp.c Examining data/mate-utils-1.24.0/gsearchtool/libeggsmclient/eggsmclient.c Examining data/mate-utils-1.24.0/gsearchtool/libeggsmclient/eggsmclient.h Examining data/mate-utils-1.24.0/gsearchtool/libmateui-deprecated/gsearchtool-entry.c Examining data/mate-utils-1.24.0/gsearchtool/libmateui-deprecated/gsearchtool-entry.h Examining data/mate-utils-1.24.0/gsearchtool/src/gsearchtool-callbacks.c Examining data/mate-utils-1.24.0/gsearchtool/src/gsearchtool-callbacks.h Examining data/mate-utils-1.24.0/gsearchtool/src/gsearchtool-support.c Examining data/mate-utils-1.24.0/gsearchtool/src/gsearchtool-support.h Examining data/mate-utils-1.24.0/gsearchtool/src/gsearchtool.c Examining data/mate-utils-1.24.0/gsearchtool/src/gsearchtool.h Examining data/mate-utils-1.24.0/logview/src/logview-about.h Examining data/mate-utils-1.24.0/logview/src/logview-app.c Examining data/mate-utils-1.24.0/logview/src/logview-app.h Examining data/mate-utils-1.24.0/logview/src/logview-filter-manager.c Examining data/mate-utils-1.24.0/logview/src/logview-filter-manager.h Examining data/mate-utils-1.24.0/logview/src/logview-filter.c Examining data/mate-utils-1.24.0/logview/src/logview-filter.h Examining data/mate-utils-1.24.0/logview/src/logview-findbar.c Examining data/mate-utils-1.24.0/logview/src/logview-findbar.h Examining data/mate-utils-1.24.0/logview/src/logview-log.c Examining data/mate-utils-1.24.0/logview/src/logview-log.h Examining data/mate-utils-1.24.0/logview/src/logview-loglist.c Examining data/mate-utils-1.24.0/logview/src/logview-loglist.h Examining data/mate-utils-1.24.0/logview/src/logview-main.c Examining data/mate-utils-1.24.0/logview/src/logview-manager.c Examining data/mate-utils-1.24.0/logview/src/logview-manager.h Examining data/mate-utils-1.24.0/logview/src/logview-prefs.c Examining data/mate-utils-1.24.0/logview/src/logview-prefs.h Examining data/mate-utils-1.24.0/logview/src/logview-utils.c Examining data/mate-utils-1.24.0/logview/src/logview-utils.h Examining data/mate-utils-1.24.0/logview/src/logview-window.c Examining data/mate-utils-1.24.0/logview/src/logview-window.h Examining data/mate-utils-1.24.0/logview/src/tests/test-reader.c Examining data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-client-context.c Examining data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-client-context.h Examining data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-context-private.h Examining data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-context.c Examining data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-context.h Examining data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-database-chooser.c Examining data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-database-chooser.h Examining data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-debug.h Examining data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-defbox.c Examining data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-defbox.h Examining data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-private.h Examining data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-source-chooser.c Examining data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-source-chooser.h Examining data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-source-loader.c Examining data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-source-loader.h Examining data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-source.c Examining data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-source.h Examining data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-speller.c Examining data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-speller.h Examining data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-strategy-chooser.c Examining data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-strategy-chooser.h Examining data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-utils.c Examining data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-utils.h Examining data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict.h Examining data/mate-utils-1.24.0/mate-dictionary/src/gdict-about.c Examining data/mate-utils-1.24.0/mate-dictionary/src/gdict-about.h Examining data/mate-utils-1.24.0/mate-dictionary/src/gdict-aligned-window.c Examining data/mate-utils-1.24.0/mate-dictionary/src/gdict-aligned-window.h Examining data/mate-utils-1.24.0/mate-dictionary/src/gdict-app.c Examining data/mate-utils-1.24.0/mate-dictionary/src/gdict-app.h Examining data/mate-utils-1.24.0/mate-dictionary/src/gdict-applet.c Examining data/mate-utils-1.24.0/mate-dictionary/src/gdict-applet.h Examining data/mate-utils-1.24.0/mate-dictionary/src/gdict-common.c Examining data/mate-utils-1.24.0/mate-dictionary/src/gdict-common.h Examining data/mate-utils-1.24.0/mate-dictionary/src/gdict-pref-dialog.c Examining data/mate-utils-1.24.0/mate-dictionary/src/gdict-pref-dialog.h Examining data/mate-utils-1.24.0/mate-dictionary/src/gdict-print.c Examining data/mate-utils-1.24.0/mate-dictionary/src/gdict-print.h Examining data/mate-utils-1.24.0/mate-dictionary/src/gdict-sidebar.c Examining data/mate-utils-1.24.0/mate-dictionary/src/gdict-sidebar.h Examining data/mate-utils-1.24.0/mate-dictionary/src/gdict-source-dialog.c Examining data/mate-utils-1.24.0/mate-dictionary/src/gdict-source-dialog.h Examining data/mate-utils-1.24.0/mate-dictionary/src/gdict-window.c Examining data/mate-utils-1.24.0/mate-dictionary/src/gdict-window.h Examining data/mate-utils-1.24.0/mate-dictionary/src/main.c Examining data/mate-utils-1.24.0/mate-disk-image-mounter/src/main.c Examining data/mate-utils-1.24.0/mate-screenshot/src/mate-screenshot.c Examining data/mate-utils-1.24.0/mate-screenshot/src/screenshot-dialog.c Examining data/mate-utils-1.24.0/mate-screenshot/src/screenshot-dialog.h Examining data/mate-utils-1.24.0/mate-screenshot/src/screenshot-save.c Examining data/mate-utils-1.24.0/mate-screenshot/src/screenshot-save.h Examining data/mate-utils-1.24.0/mate-screenshot/src/screenshot-shadow.c Examining data/mate-utils-1.24.0/mate-screenshot/src/screenshot-shadow.h Examining data/mate-utils-1.24.0/mate-screenshot/src/screenshot-utils.c Examining data/mate-utils-1.24.0/mate-screenshot/src/screenshot-utils.h Examining data/mate-utils-1.24.0/mate-screenshot/src/screenshot-xfer.c Examining data/mate-utils-1.24.0/mate-screenshot/src/screenshot-xfer.h FINAL RESULTS: data/mate-utils-1.24.0/baobab/src/baobab-chart.c:1729:40: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. g_get_home_dir ()); data/mate-utils-1.24.0/baobab/src/baobab-scan.c:159:32: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. dot_gvfs = g_build_filename (g_get_home_dir (), ".gvfs", NULL); data/mate-utils-1.24.0/baobab/src/baobab-treeview.c:120:36: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. home_file = g_file_new_for_path (g_get_home_dir ()); data/mate-utils-1.24.0/baobab/src/baobab-utils.c:116:11: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. g_get_home_dir ()); data/mate-utils-1.24.0/baobab/src/baobab.c:269:30: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. file = g_file_new_for_path (g_get_home_dir ()); data/mate-utils-1.24.0/baobab/src/baobab.c:589:31: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. file = g_file_new_for_path (g_get_home_dir ()); data/mate-utils-1.24.0/gsearchtool/src/gsearchtool.c:319:33: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (g_spawn_async_with_pipes (g_get_home_dir (), argv, NULL, data/mate-utils-1.24.0/gsearchtool/src/gsearchtool.c:358:34: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (g_spawn_async_with_pipes (g_get_home_dir (), argv, NULL, data/mate-utils-1.24.0/gsearchtool/src/gsearchtool.c:620:37: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. look_in_folder_locale = g_strdup (g_get_home_dir ()); data/mate-utils-1.24.0/gsearchtool/src/gsearchtool.c:1873:33: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!g_spawn_async_with_pipes (g_get_home_dir (), argv, NULL, data/mate-utils-1.24.0/mate-dictionary/src/gdict-applet.c:213:67: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. gtk_file_chooser_set_current_folder (GTK_FILE_CHOOSER (dialog), g_get_home_dir ()); data/mate-utils-1.24.0/mate-dictionary/src/gdict-window.c:971:67: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. gtk_file_chooser_set_current_folder (GTK_FILE_CHOOSER (dialog), g_get_home_dir ()); data/mate-utils-1.24.0/mate-screenshot/src/mate-screenshot.c:1062:47: [3] (buffer) g_get_tmp_dir: This function is synonymous with 'getenv("TMP")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. job->base_uris[2] = g_strconcat ("file://", g_get_tmp_dir (), NULL); data/mate-utils-1.24.0/mate-screenshot/src/mate-screenshot.c:1139:43: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. desktop_dir = g_strconcat ("file://", g_get_home_dir (), NULL); data/mate-utils-1.24.0/mate-screenshot/src/mate-screenshot.c:1154:25: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. return g_strconcat (g_get_home_dir (), &path[1], NULL); data/mate-utils-1.24.0/mate-screenshot/src/screenshot-save.c:149:36: [3] (buffer) g_get_tmp_dir: This function is synonymous with 'getenv("TMP")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. dir_name = g_build_filename (g_get_tmp_dir (), data/mate-utils-1.24.0/baobab/src/baobab-treeview.c:188:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (textperc, "-.- %"); data/mate-utils-1.24.0/baobab/src/baobab-treeview.c:190:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (textperc, "100 %"); data/mate-utils-1.24.0/gsearchtool/libeggsmclient/eggsmclient-xsmp.c:208:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pid_str[64]; data/mate-utils-1.24.0/gsearchtool/libeggsmclient/eggsmclient-xsmp.c:319:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_string_ret[256]; data/mate-utils-1.24.0/gsearchtool/libeggsmclient/eggsmclient-xsmp.c:869:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (state_file_path, O_WRONLY | O_CREAT | O_EXCL, 0644); data/mate-utils-1.24.0/gsearchtool/src/gsearchtool-callbacks.c:1798:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen (gsearch->save_results_as_default_filename, "w")) != NULL) { data/mate-utils-1.24.0/gsearchtool/src/gsearchtool-support.c:470:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[4], buffer[512]; data/mate-utils-1.24.0/gsearchtool/src/gsearchtool.c:1995:57: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gtk_spin_button_set_value (GTK_SPIN_BUTTON (entry), atoi (value)); data/mate-utils-1.24.0/gsearchtool/src/gsearchtool.c:1996:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). opt->data.time = atoi (value); data/mate-utils-1.24.0/gsearchtool/src/gsearchtool.c:1997:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). opt->data.number = atoi (value); data/mate-utils-1.24.0/logview/src/logview-app.c:99:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuf[BUFSIZ]; data/mate-utils-1.24.0/logview/src/logview-app.c:104:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((cf = fopen ("/etc/syslog.conf", "r")) == NULL) { data/mate-utils-1.24.0/logview/src/logview-log.c:607:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * parse_data[2]; data/mate-utils-1.24.0/logview/src/logview-loglist.c:79:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date[200]; data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-client-context.c:1060:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&((struct sockaddr_in6 *) &priv->sockaddr)->sin6_addr, data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-client-context.c:1065:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&((struct sockaddr_in *) &priv->sockaddr)->sin_addr, data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-client-context.c:1102:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&((struct sockaddr_in *) &(priv->sockaddr))->sin_addr, data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-client-context.c:1389:67: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). GDICT_NOTE (DICT, "server replied: %d databases found", atoi (p)); data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-client-context.c:1439:68: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). GDICT_NOTE (DICT, "server replied: %d strategies found", atoi (p)); data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-client-context.c:1487:69: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). GDICT_NOTE (DICT, "server replied: %d definitions found", atoi (p)); data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-client-context.c:1489:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). def = _gdict_definition_new (atoi (p)); data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-client-context.c:1599:65: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). GDICT_NOTE (DICT, "server replied: %d matches found", atoi (p)); data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-client-context.c:1663:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). possible_status = atoi (status); data/mate-utils-1.24.0/mate-dictionary/src/gdict-source-dialog.c:323:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). "port", atoi (port), data/mate-utils-1.24.0/mate-dictionary/src/gdict-source-dialog.c:416:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). "port", atoi (port), data/mate-utils-1.24.0/mate-disk-image-mounter/src/main.c:233:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (filename, opt_writable ? O_RDWR : O_RDONLY); data/mate-utils-1.24.0/mate-screenshot/src/mate-screenshot.c:84:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *base_uris[3]; data/mate-utils-1.24.0/mate-screenshot/src/mate-screenshot.c:570:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char * groups[2] = { "Graphics", NULL }; data/mate-utils-1.24.0/baobab/src/baobab-remote-connect-dialog.c:237:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (server) == 0) { data/mate-utils-1.24.0/baobab/src/baobab-remote-connect-dialog.c:296:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (domain) != 0) { data/mate-utils-1.24.0/baobab/src/baobab-remote-connect-dialog.c:568:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_text_length = strlen (new_text); data/mate-utils-1.24.0/gsearchtool/libeggsmclient/eggsmclient-xsmp.c:1147:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pv.length = strlen (value); data/mate-utils-1.24.0/gsearchtool/libeggsmclient/eggsmclient-xsmp.c:1181:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pv.length = strlen (values->pdata[i]); data/mate-utils-1.24.0/gsearchtool/libeggsmclient/eggsmclient-xsmp.c:1210:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prop->vals[0].length = strlen (value); data/mate-utils-1.24.0/gsearchtool/src/gsearchtool-callbacks.c:1599:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (uri_list)); data/mate-utils-1.24.0/gsearchtool/src/gsearchtool-support.c:63:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sub_str = g_strstr_len (path, strlen (path), hidden_path_substr); data/mate-utils-1.24.0/gsearchtool/src/gsearchtool-support.c:71:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp (sub_str, mate_desktop_str, strlen (mate_desktop_str)) == 0) { data/mate-utils-1.24.0/gsearchtool/src/gsearchtool-support.c:73:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). results = (g_strstr_len (sub_str, strlen (sub_str), hidden_path_substr) != NULL); data/mate-utils-1.24.0/gsearchtool/src/gsearchtool-support.c:98:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen (dir) > 1) && (g_str_has_suffix (dir, G_DIR_SEPARATOR_S) == TRUE)) { data/mate-utils-1.24.0/gsearchtool/src/gsearchtool-support.c:99:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dir[strlen (dir) - 1] = '\0'; data/mate-utils-1.24.0/gsearchtool/src/gsearchtool-support.c:119:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (exclude_path_list[i]) == 0) { data/mate-utils-1.24.0/gsearchtool/src/gsearchtool-support.c:126:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (g_strstr_len (dir, strlen (dir), "*") != NULL) { data/mate-utils-1.24.0/gsearchtool/src/gsearchtool-support.c:175:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen (dir) > 1) && (g_str_has_suffix (dir, G_DIR_SEPARATOR_S) == TRUE)) { data/mate-utils-1.24.0/gsearchtool/src/gsearchtool-support.c:176:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dir[strlen (dir) - 1] = '\0'; data/mate-utils-1.24.0/gsearchtool/src/gsearchtool-support.c:196:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (exclude_path_list[i]) == 0) { data/mate-utils-1.24.0/gsearchtool/src/gsearchtool-support.c:203:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (g_strstr_len (dir, strlen (dir), "*") != NULL) { data/mate-utils-1.24.0/gsearchtool/src/gsearchtool-support.c:988:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_key_file_load_from_data (key_file, contents, strlen(contents), G_KEY_FILE_NONE, NULL); data/mate-utils-1.24.0/gsearchtool/src/gsearchtool-support.c:1333:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). remaining_bytes = strlen (name); data/mate-utils-1.24.0/gsearchtool/src/gsearchtool-support.c:1368:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_assert ((gint) strlen (original) >= until_substring - original); data/mate-utils-1.24.0/gsearchtool/src/gsearchtool-support.c:1372:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (result, original, until_substring - original); data/mate-utils-1.24.0/gsearchtool/src/gsearchtool.c:266:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((cmd_stderr != NULL) && (strlen (cmd_stderr) == 0)) { data/mate-utils-1.24.0/gsearchtool/src/gsearchtool.c:279:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((cmd_stderr != NULL) && (strlen (cmd_stderr) == 0)) { data/mate-utils-1.24.0/gsearchtool/src/gsearchtool.c:287:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((cmd_stderr != NULL) && (strlen (cmd_stderr) == 0)) { data/mate-utils-1.24.0/gsearchtool/src/gsearchtool.c:409:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen (file) == 0) || (file[0] != '.')) { data/mate-utils-1.24.0/gsearchtool/src/gsearchtool.c:432:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen (file) >= 1) && (file[1] == '.')) { data/mate-utils-1.24.0/gsearchtool/src/gsearchtool.c:465:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (constraint->data.text) > 0) { data/mate-utils-1.24.0/gsearchtool/src/gsearchtool.c:775:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (locale) != 0) { data/mate-utils-1.24.0/gsearchtool/src/gsearchtool.c:885:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (look_in_folder) > 1) { data/mate-utils-1.24.0/gsearchtool/src/gsearchtool.c:889:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). look_in_folder[strlen (look_in_folder) - 1] = '\0'; data/mate-utils-1.24.0/gsearchtool/src/gsearchtool.c:893:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). relative_dir_name = g_strconcat (&dir_name[strlen (path_str)], NULL); data/mate-utils-1.24.0/gsearchtool/src/gsearchtool.c:896:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). relative_dir_name = g_strconcat (&dir_name[strlen (path_str) + 1], NULL); data/mate-utils-1.24.0/gsearchtool/src/gsearchtool.c:1467:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). look_in_folder_string_length = strlen (gsearch->command_details->look_in_folder_string); data/mate-utils-1.24.0/gsearchtool/src/gsearchtool.c:1532:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (string->str) != look_in_folder_string_length) { data/mate-utils-1.24.0/logview/src/logview-filter-manager.c:86:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strlen (name)) { data/mate-utils-1.24.0/logview/src/logview-filter-manager.c:122:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strlen (regex)) { data/mate-utils-1.24.0/logview/src/logview-prefs.c:171:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (tokens[FILTER_FOREGROUND])) { data/mate-utils-1.24.0/logview/src/logview-prefs.c:177:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (tokens[FILTER_BACKGROUND])) { data/mate-utils-1.24.0/logview/src/logview-window.c:1020:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (lines[i]); data/mate-utils-1.24.0/logview/src/logview-window.c:1027:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gtk_text_buffer_insert (buffer, &iter, lines[i], strlen (lines[i])); data/mate-utils-1.24.0/logview/src/logview-window.c:1087:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gtk_text_buffer_insert (buffer, &iter, lines[i], strlen (lines[i])); data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-client-context.c:1651:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (line) < 3) data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-defbox.c:426:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). needle_len = strlen (needle); data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-defbox.c:482:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). needle_len = strlen (needle); data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-defbox.c:526:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len_s1 = strlen (normalized_s1); data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-defbox.c:527:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len_s2 = strlen (normalized_s2); data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-defbox.c:667:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (utf8_caselessnmatch (line_text, *lines, strlen (line_text), data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-defbox.c:668:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (*lines))) data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-defbox.c:765:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (utf8_caselessnmatch (line_text, *lines, strlen (line_text), data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-defbox.c:766:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (*lines))) data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-defbox.c:827:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). guint delimiter_len = strlen (delimiter); data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-defbox.c:835:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (new_string, string, len); data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-defbox.c:2164:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text, strlen (text), data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-defbox.c:2183:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str_len = strlen (str); data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-defbox.c:2207:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str_len = strlen (str); data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-defbox.c:2248:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gint w_len = strlen (w); data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-defbox.c:2391:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text, strlen (text), data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-defbox.c:2420:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). title, strlen (title), data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-defbox.c:2430:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). message, strlen (message), data/mate-utils-1.24.0/mate-dictionary/libgdict/gdict-defbox.c:2780:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *length = strlen (retval); data/mate-utils-1.24.0/mate-screenshot/src/screenshot-save.c:222:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write (pipe_from_child[1], error->message, strlen (error->message)) == -1) data/mate-utils-1.24.0/mate-screenshot/src/screenshot-save.c:226:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write (pipe_from_child[1], ERROR_MESSAGE, strlen (ERROR_MESSAGE)) == -1) data/mate-utils-1.24.0/mate-screenshot/src/screenshot-save.c:233:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read (parent_exit_notification[0], &c, 1) == -1) ANALYSIS SUMMARY: Hits = 108 Lines analyzed = 51045 in approximately 1.21 seconds (42173 lines/second) Physical Source Lines of Code (SLOC) = 35765 Hits@level = [0] 6 [1] 64 [2] 28 [3] 16 [4] 0 [5] 0 Hits@level+ = [0+] 114 [1+] 108 [2+] 44 [3+] 16 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 3.18747 [1+] 3.01971 [2+] 1.23025 [3+] 0.447365 [4+] 0 [5+] 0 Dot directories skipped = 3 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.