Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/xdg-desktop-portal-gtk-1.8.0/src/testappchooser.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/appchooserrow.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/appchooserrow.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/appchooserdialog.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/appchooserdialog.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/xdg-desktop-portal-gtk.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/utils.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/utils.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/request.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/request.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/session.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/session.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/filechooser.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/filechooser.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/appchooser.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/appchooser.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/notification.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/notification.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/fdonotification.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/fdonotification.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/inhibit.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/inhibit.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/screenshot.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/screenshot.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/screenshotdialog.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/screenshotdialog.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/print.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/print.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/access.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/access.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/account.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/account.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/accountdialog.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/accountdialog.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/email.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/email.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/gtkbackports.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/gtkbackports.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/externalwindow.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/externalwindow.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/screencast.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/screencast.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/screencastwidget.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/screencastwidget.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/screencastdialog.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/screencastdialog.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/gnomescreencast.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/gnomescreencast.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/remotedesktop.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/remotedesktop.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/remotedesktopdialog.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/remotedesktopdialog.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/displaystatetracker.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/displaystatetracker.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/shellintrospect.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/shellintrospect.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/lockdown.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/lockdown.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/background.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/background.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/fc-monitor.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/fc-monitor.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/settings.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/settings.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/wallpaperdialog.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/wallpaperdialog.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/wallpaperpreview.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/wallpaperpreview.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/wallpaper.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/wallpaper.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/externalwindow-x11.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/externalwindow-x11.c Examining data/xdg-desktop-portal-gtk-1.8.0/src/externalwindow-wayland.h Examining data/xdg-desktop-portal-gtk-1.8.0/src/externalwindow-wayland.c FINAL RESULTS: data/xdg-desktop-portal-gtk-1.8.0/src/print.c:109:9: [3] (random) g_random_int: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. r = g_random_int (); data/xdg-desktop-portal-gtk-1.8.0/src/email.c:133:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *no_att[1] = { NULL }; data/xdg-desktop-portal-gtk-1.8.0/src/email.c:161:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (addrs + 1, addresses, sizeof (char *) * (len + 1)); data/xdg-desktop-portal-gtk-1.8.0/src/appchooser.c:110:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). handle->chosen = g_strndup (desktop_id, strlen (desktop_id) - strlen (".desktop")); data/xdg-desktop-portal-gtk-1.8.0/src/appchooser.c:110:69: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). handle->chosen = g_strndup (desktop_id, strlen (desktop_id) - strlen (".desktop")); data/xdg-desktop-portal-gtk-1.8.0/src/externalwindow.c:56:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char *x11_handle_str = handle_str + strlen (x11_prefix); data/xdg-desktop-portal-gtk-1.8.0/src/externalwindow.c:69:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char *wayland_handle_str = handle_str + strlen (wayland_prefix); data/xdg-desktop-portal-gtk-1.8.0/src/screencastwidget.c:148:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). processed_app_id[strlen (processed_app_id) - data/xdg-desktop-portal-gtk-1.8.0/src/screencastwidget.c:149:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (".desktop")] = '\0'; data/xdg-desktop-portal-gtk-1.8.0/src/settings.c:81:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pattern_len = strlen (pattern); ANALYSIS SUMMARY: Hits = 10 Lines analyzed = 14576 in approximately 0.30 seconds (48866 lines/second) Physical Source Lines of Code (SLOC) = 10704 Hits@level = [0] 3 [1] 7 [2] 2 [3] 1 [4] 0 [5] 0 Hits@level+ = [0+] 13 [1+] 10 [2+] 3 [3+] 1 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.2145 [1+] 0.93423 [2+] 0.280269 [3+] 0.093423 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.