stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/xfce4-taskmanager-1.2.3/src/task-manager.h
Examining data/xfce4-taskmanager-1.2.3/src/settings.h
Examining data/xfce4-taskmanager-1.2.3/src/process-window-gtk3_ui.h
Examining data/xfce4-taskmanager-1.2.3/src/settings-dialog.c
Examining data/xfce4-taskmanager-1.2.3/src/process-tree-model.c
Examining data/xfce4-taskmanager-1.2.3/src/settings-dialog-gtk3_ui.h
Examining data/xfce4-taskmanager-1.2.3/src/process-statusbar.h
Examining data/xfce4-taskmanager-1.2.3/src/task-manager-skel.c
Examining data/xfce4-taskmanager-1.2.3/src/task-manager.c
Examining data/xfce4-taskmanager-1.2.3/src/process-tree-view.c
Examining data/xfce4-taskmanager-1.2.3/src/exec-tool-button.h
Examining data/xfce4-taskmanager-1.2.3/src/exec-tool-button.c
Examining data/xfce4-taskmanager-1.2.3/src/process-monitor.h
Examining data/xfce4-taskmanager-1.2.3/src/process-tree-view.h
Examining data/xfce4-taskmanager-1.2.3/src/task-manager-linux.c
Examining data/xfce4-taskmanager-1.2.3/src/task-manager-solaris.c
Examining data/xfce4-taskmanager-1.2.3/src/process-tree-model.h
Examining data/xfce4-taskmanager-1.2.3/src/app-manager.h
Examining data/xfce4-taskmanager-1.2.3/src/settings-dialog_ui.h
Examining data/xfce4-taskmanager-1.2.3/src/task-manager-bsd.c
Examining data/xfce4-taskmanager-1.2.3/src/settings-tool-button.h
Examining data/xfce4-taskmanager-1.2.3/src/settings-tool-button.c
Examining data/xfce4-taskmanager-1.2.3/src/process-monitor.c
Examining data/xfce4-taskmanager-1.2.3/src/process-window.h
Examining data/xfce4-taskmanager-1.2.3/src/process-window.c
Examining data/xfce4-taskmanager-1.2.3/src/process-statusbar.c
Examining data/xfce4-taskmanager-1.2.3/src/settings.c
Examining data/xfce4-taskmanager-1.2.3/src/app-manager.c
Examining data/xfce4-taskmanager-1.2.3/src/process-window_ui.h
Examining data/xfce4-taskmanager-1.2.3/src/settings-dialog.h
Examining data/xfce4-taskmanager-1.2.3/src/main.c
Examining data/xfce4-taskmanager-1.2.3/src/task-manager-freebsd.c

FINAL RESULTS:

data/xfce4-taskmanager-1.2.3/src/task-manager-linux.c:81:62:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	sscanf (buffer, "cpu\t%lu %lu %lu %lu", &user, &user_nice, &system, &idle);
data/xfce4-taskmanager-1.2.3/src/task-manager-linux.c:102:19:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	jiffies_system = system;
data/xfce4-taskmanager-1.2.3/src/process-tree-model.c:141:27:  [3] (random) g_random_int:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	treemodel->stamp = (gint)g_random_int ();
data/xfce4-taskmanager-1.2.3/src/task-manager-freebsd.c:134:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024], *p;
data/xfce4-taskmanager-1.2.3/src/task-manager-linux.c:32:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((file = fopen (filename, "r")) == NULL)
data/xfce4-taskmanager-1.2.3/src/task-manager-linux.c:73:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((file = fopen (filename, "r")) == NULL)
data/xfce4-taskmanager-1.2.3/src/task-manager-linux.c:138:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((file = fopen (filename, "r")) == NULL)
data/xfce4-taskmanager-1.2.3/src/task-manager-linux.c:202:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((file = fopen (filename, "r")) == NULL)
data/xfce4-taskmanager-1.2.3/src/task-manager-linux.c:299:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((file = fopen (filename, "r")) == NULL)
data/xfce4-taskmanager-1.2.3/src/task-manager-linux.c:355:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((file = fopen (filename, "r")) == NULL)
data/xfce4-taskmanager-1.2.3/src/task-manager-solaris.c:178:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((file = fopen (filename, "r")) == NULL)
data/xfce4-taskmanager-1.2.3/src/task-manager-solaris.c:240:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((file = fopen (filename, "r")) == NULL)
data/xfce4-taskmanager-1.2.3/src/task-manager.c:468:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(task, task_new, sizeof(Task));
data/xfce4-taskmanager-1.2.3/src/task-manager.c:515:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[4096];
data/xfce4-taskmanager-1.2.3/src/task-manager-bsd.c:111:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		g_strlcpy(t.name, p.p_comm, strlen(p.p_comm) + 1);
data/xfce4-taskmanager-1.2.3/src/task-manager-freebsd.c:175:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			p += (strlen(p) + 1);
data/xfce4-taskmanager-1.2.3/src/task-manager-linux.c:142:19:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	for (i = 0; (c = fgetc (file)) != EOF && i < (gint)sizeof (task->cmdline) - 1; i++)
data/xfce4-taskmanager-1.2.3/src/task-manager-linux.c:152:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t len = strlen (task->name);
data/xfce4-taskmanager-1.2.3/src/task-manager-linux.c:238:3:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
		sscanf(buffer, "%i %255s %1s %i %i %i %i %i %255s %255s %255s %255s %255s %lu %lu %i %i %i %d %i %i %i %llu %llu %255s %255s %255s %i %255s %255s %255s %255s %255s %255s %255s %255s %255s %255s %i %255s %255s",
data/xfce4-taskmanager-1.2.3/src/task-manager-linux.c:360:7:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
		if (sscanf (buffer, "State:\t%1s", state) > 0)
data/xfce4-taskmanager-1.2.3/src/task-manager.c:131:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	gsize csize, text_size = (gsize)strlen (text);

ANALYSIS SUMMARY:

Hits = 21
Lines analyzed = 7361 in approximately 0.21 seconds (34772 lines/second)
Physical Source Lines of Code (SLOC) = 5857
Hits@level = [0]  20 [1]   7 [2]  11 [3]   1 [4]   2 [5]   0
Hits@level+ = [0+]  41 [1+]  21 [2+]  14 [3+]   3 [4+]   2 [5+]   0
Hits/KSLOC@level+ = [0+] 7.00017 [1+] 3.58545 [2+] 2.3903 [3+] 0.512208 [4+] 0.341472 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.