stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/xfce4-mount-plugin-1.1.3/panel-plugin/helpers.c
Examining data/xfce4-mount-plugin-1.1.3/panel-plugin/helpers.h
Examining data/xfce4-mount-plugin-1.1.3/panel-plugin/mount-plugin.c
Examining data/xfce4-mount-plugin-1.1.3/panel-plugin/devices.c
Examining data/xfce4-mount-plugin-1.1.3/panel-plugin/mount-plugin.h
Examining data/xfce4-mount-plugin-1.1.3/panel-plugin/devices.h

FINAL RESULTS:

data/xfce4-mount-plugin-1.1.3/panel-plugin/mount-plugin.c:94:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    logvol = atoi(disk_device+i+1);
data/xfce4-mount-plugin-1.1.3/panel-plugin/mount-plugin.c:103:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    volume = atoi(disk_device+i+1);
data/xfce4-mount-plugin-1.1.3/panel-plugin/mount-plugin.c:417:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        mt->message_dialog = atoi(xfce_rc_read_entry(rc, "message_dialog", NULL));
data/xfce4-mount-plugin-1.1.3/panel-plugin/mount-plugin.c:422:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        mt->include_NFSs = atoi(xfce_rc_read_entry(rc, "include_NFSs", NULL));
data/xfce4-mount-plugin-1.1.3/panel-plugin/mount-plugin.c:430:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        mt->trim_devicename_count = atoi(xfce_rc_read_entry(rc, "td_count", NULL));
data/xfce4-mount-plugin-1.1.3/panel-plugin/mount-plugin.c:434:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        mt->exclude_FSs = atoi(xfce_rc_read_entry(rc, "exclude_FSs", NULL));
data/xfce4-mount-plugin-1.1.3/panel-plugin/mount-plugin.c:439:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        mt->exclude_devicenames = atoi(xfce_rc_read_entry(rc, "exclude_devicenames", NULL));
data/xfce4-mount-plugin-1.1.3/panel-plugin/mount-plugin.c:444:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        mt->eject_drives = atoi(xfce_rc_read_entry(rc, "eject_drives", NULL));
data/xfce4-mount-plugin-1.1.3/panel-plugin/mount-plugin.c:458:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *file, tmp[4];
data/xfce4-mount-plugin-1.1.3/panel-plugin/devices.c:190:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if (strlen(dev)>len) // len cannot be set lower than 9
data/xfce4-mount-plugin-1.1.3/panel-plugin/devices.c:193:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        lastchars = (char *) (dev + strlen(dev) - 5);
data/xfce4-mount-plugin-1.1.3/panel-plugin/devices.c:262:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            tmp = g_strstr_len(pdisk->device, strlen(pdisk->device), "/dev/cd");
data/xfce4-mount-plugin-1.1.3/panel-plugin/devices.c:303:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (on_mount_cmd != NULL && strlen(on_mount_cmd)!=0) {
data/xfce4-mount-plugin-1.1.3/panel-plugin/devices.c:425:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  stringlength1 = strlen(pdisk->device);
data/xfce4-mount-plugin-1.1.3/panel-plugin/devices.c:426:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  stringlength3 = strlen(pdisk->mount_point);
data/xfce4-mount-plugin-1.1.3/panel-plugin/devices.c:431:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    stringlength2 = strlen(disk->device);
data/xfce4-mount-plugin-1.1.3/panel-plugin/devices.c:432:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    stringlength4 = strlen(disk->mount_point);
data/xfce4-mount-plugin-1.1.3/panel-plugin/devices.c:596:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        device_len = strlen(device);
data/xfce4-mount-plugin-1.1.3/panel-plugin/devices.c:638:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        mountp_len = strlen(mountp);
data/xfce4-mount-plugin-1.1.3/panel-plugin/devices.c:720:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        excluded_FS_i_len = strlen(excluded_FS_i);
data/xfce4-mount-plugin-1.1.3/panel-plugin/helpers.c:45:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    while ( q < p+strlen(p) && q!=NULL)
data/xfce4-mount-plugin-1.1.3/panel-plugin/mount-plugin.c:89:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    i = strlen(disk_device) - 1;
data/xfce4-mount-plugin-1.1.3/panel-plugin/mount-plugin.c:119:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        tmp = strlen(gtk_label_get_text(GTK_LABEL(disk_display->label_mount_info)));
data/xfce4-mount-plugin-1.1.3/panel-plugin/mount-plugin.c:123:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        tmp = strlen(gtk_label_get_text(GTK_LABEL(disk_display->label_disk)));
data/xfce4-mount-plugin-1.1.3/panel-plugin/mount-plugin.c:600:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        || strlen(mt->excluded_filesystems)!=0) {

ANALYSIS SUMMARY:

Hits = 25
Lines analyzed = 2557 in approximately 0.08 seconds (30890 lines/second)
Physical Source Lines of Code (SLOC) = 1654
Hits@level = [0]  11 [1]  16 [2]   9 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  36 [1+]  25 [2+]   9 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 21.7654 [1+] 15.1149 [2+] 5.44135 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.