Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/xfwm4-4.15.3/src/terminate.c Examining data/xfwm4-4.15.3/src/menu.c Examining data/xfwm4-4.15.3/src/focus.h Examining data/xfwm4-4.15.3/src/keyboard.c Examining data/xfwm4-4.15.3/src/stacking.c Examining data/xfwm4-4.15.3/src/settings.h Examining data/xfwm4-4.15.3/src/misc.h Examining data/xfwm4-4.15.3/src/menu.h Examining data/xfwm4-4.15.3/src/placement.c Examining data/xfwm4-4.15.3/src/display.c Examining data/xfwm4-4.15.3/src/terminate.h Examining data/xfwm4-4.15.3/src/session.h Examining data/xfwm4-4.15.3/src/ui_style.h Examining data/xfwm4-4.15.3/src/xpm-color-table.h Examining data/xfwm4-4.15.3/src/startup_notification.h Examining data/xfwm4-4.15.3/src/events.h Examining data/xfwm4-4.15.3/src/parserc.h Examining data/xfwm4-4.15.3/src/xsync.c Examining data/xfwm4-4.15.3/src/transients.c Examining data/xfwm4-4.15.3/src/stacking.h Examining data/xfwm4-4.15.3/src/parserc.c Examining data/xfwm4-4.15.3/src/ui_style.c Examining data/xfwm4-4.15.3/src/screen.h Examining data/xfwm4-4.15.3/src/compositor.c Examining data/xfwm4-4.15.3/src/session.c Examining data/xfwm4-4.15.3/src/screen.c Examining data/xfwm4-4.15.3/src/cycle.h Examining data/xfwm4-4.15.3/src/mypixmap.c Examining data/xfwm4-4.15.3/src/tabwin.c Examining data/xfwm4-4.15.3/src/hints.h Examining data/xfwm4-4.15.3/src/client.c Examining data/xfwm4-4.15.3/src/spinning_cursor.h Examining data/xfwm4-4.15.3/src/icons.c Examining data/xfwm4-4.15.3/src/settings.c Examining data/xfwm4-4.15.3/src/transients.h Examining data/xfwm4-4.15.3/src/hints.c Examining data/xfwm4-4.15.3/src/xsync.h Examining data/xfwm4-4.15.3/src/keyboard.h Examining data/xfwm4-4.15.3/src/mywindow.h Examining data/xfwm4-4.15.3/src/device.c Examining data/xfwm4-4.15.3/src/main.c Examining data/xfwm4-4.15.3/src/poswin.h Examining data/xfwm4-4.15.3/src/event_filter.c Examining data/xfwm4-4.15.3/src/compositor.h Examining data/xfwm4-4.15.3/src/workspaces.c Examining data/xfwm4-4.15.3/src/placement.h Examining data/xfwm4-4.15.3/src/focus.c Examining data/xfwm4-4.15.3/src/client.h Examining data/xfwm4-4.15.3/src/misc.c Examining data/xfwm4-4.15.3/src/mywindow.c Examining data/xfwm4-4.15.3/src/netwm.h Examining data/xfwm4-4.15.3/src/mypixmap.h Examining data/xfwm4-4.15.3/src/spinning_cursor.c Examining data/xfwm4-4.15.3/src/startup_notification.c Examining data/xfwm4-4.15.3/src/netwm.c Examining data/xfwm4-4.15.3/src/tabwin.h Examining data/xfwm4-4.15.3/src/wireframe.c Examining data/xfwm4-4.15.3/src/display.h Examining data/xfwm4-4.15.3/src/event_filter.h Examining data/xfwm4-4.15.3/src/events.c Examining data/xfwm4-4.15.3/src/workspaces.h Examining data/xfwm4-4.15.3/src/frame.c Examining data/xfwm4-4.15.3/src/moveresize.h Examining data/xfwm4-4.15.3/src/cycle.c Examining data/xfwm4-4.15.3/src/moveresize.c Examining data/xfwm4-4.15.3/src/frame.h Examining data/xfwm4-4.15.3/src/icons.h Examining data/xfwm4-4.15.3/src/poswin.c Examining data/xfwm4-4.15.3/src/device.h Examining data/xfwm4-4.15.3/src/wireframe.h Examining data/xfwm4-4.15.3/settings-dialogs/xfwm4-settings.h Examining data/xfwm4-4.15.3/settings-dialogs/range-debouncer.c Examining data/xfwm4-4.15.3/settings-dialogs/workspace-resource.h Examining data/xfwm4-4.15.3/settings-dialogs/workspace-resource.c Examining data/xfwm4-4.15.3/settings-dialogs/workspace-settings.c Examining data/xfwm4-4.15.3/settings-dialogs/tweaks-settings.c Examining data/xfwm4-4.15.3/settings-dialogs/xfwm4-workspace-dialog_ui.h Examining data/xfwm4-4.15.3/settings-dialogs/xfwm4-dialog_ui.h Examining data/xfwm4-4.15.3/settings-dialogs/xfwm4-settings.c Examining data/xfwm4-4.15.3/settings-dialogs/xfwm4-tweaks-dialog_ui.h Examining data/xfwm4-4.15.3/settings-dialogs/range-debouncer.h Examining data/xfwm4-4.15.3/common/xfwm-common.h Examining data/xfwm4-4.15.3/common/xfwm-common.c Examining data/xfwm4-4.15.3/helper-dialog/helper-dialog.c FINAL RESULTS: data/xfwm4-4.15.3/src/mypixmap.c:163:13: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf (spec + 1, fmt, &red, &green, &blue) != 3) data/xfwm4-4.15.3/src/compositor.c:913:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&pixmap, prop, 4); data/xfwm4-4.15.3/src/compositor.c:1730:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/xfwm4-4.15.3/src/display.c:68:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/xfwm4-4.15.3/src/hints.c:159:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (hints, data, sizeof (PropMwmHints)); data/xfwm4-4.15.3/src/main.c:224:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *new, *old, path[PATH_MAX]; data/xfwm4-4.15.3/src/main.c:263:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). r = fopen (old, "r"); data/xfwm4-4.15.3/src/main.c:264:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). w = fopen (new, "w"); data/xfwm4-4.15.3/src/main.c:312:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). r = fopen (path, "r"); data/xfwm4-4.15.3/src/main.c:315:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). w = fopen (path, "w"); data/xfwm4-4.15.3/src/mypixmap.c:152:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[16]; data/xfwm4-4.15.3/src/mypixmap.c:205:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char instr[1024]; data/xfwm4-4.15.3/src/parserc.c:38:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define TOINT(x) (x ? atoi(x) : 0) data/xfwm4-4.15.3/src/parserc.c:60:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen (filename, "r"); data/xfwm4-4.15.3/src/session.c:384:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen (filename, "w"))) data/xfwm4-4.15.3/src/session.c:412:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen (filename, "r"))) data/xfwm4-4.15.3/src/terminate.c:108:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[4]; data/xfwm4-4.15.3/settings-dialogs/workspace-resource.c:12711:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). __pragma(section(".CRT$XCU",read)) \ data/xfwm4-4.15.3/settings-dialogs/workspace-resource.c:12719:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). __pragma(section(".CRT$XCU",read)) \ data/xfwm4-4.15.3/settings-dialogs/workspace-resource.c:12731:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). section(".CRT$XCU",read) data/xfwm4-4.15.3/settings-dialogs/workspace-resource.c:12738:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). section(".CRT$XCU",read) data/xfwm4-4.15.3/settings-dialogs/xfwm4-settings.c:422:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (name[strlen (name) - 1] == '|') data/xfwm4-4.15.3/settings-dialogs/xfwm4-settings.c:430:76: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_object_set_data (G_OBJECT (button), "key_char", (gpointer) &name[strlen (name) - 1]); data/xfwm4-4.15.3/settings-dialogs/xfwm4-settings.c:453:76: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_object_set_data (G_OBJECT (button), "key_char", (gpointer) &name[strlen (name) - 1]); data/xfwm4-4.15.3/settings-dialogs/xfwm4-settings.c:1210:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (const guchar *)name, strlen (name)); data/xfwm4-4.15.3/src/client.c:204:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (hostname) && (display_info->hostname) && (g_ascii_strcasecmp (display_info->hostname, hostname))) data/xfwm4-4.15.3/src/frame.c:817:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen (screen_info->params->button_layout); i++) data/xfwm4-4.15.3/src/frame.c:852:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (j = strlen (screen_info->params->button_layout) - 1; j >= i; j--) data/xfwm4-4.15.3/src/hints.c:687:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (unsigned char *) val, strlen (val)); data/xfwm4-4.15.3/src/hints.c:905:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen (ptr) + 1; data/xfwm4-4.15.3/src/main.c:272:25: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc (r)) != EOF) data/xfwm4-4.15.3/src/main.c:321:29: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc (r)) != EOF) data/xfwm4-4.15.3/src/mypixmap.c:155:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((i = strlen (spec + 1)) % 3) data/xfwm4-4.15.3/src/mypixmap.c:209:13: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (fscanf (infile, "%1023s", instr) < 0) data/xfwm4-4.15.3/src/mypixmap.c:227:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((b = getc (infile)) != EOF) data/xfwm4-4.15.3/src/mypixmap.c:231:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b = getc (infile); data/xfwm4-4.15.3/src/mypixmap.c:242:26: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b = getc (infile); data/xfwm4-4.15.3/src/mypixmap.c:279:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc (infile); data/xfwm4-4.15.3/src/mypixmap.c:287:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc (infile)) != EOF) data/xfwm4-4.15.3/src/mypixmap.c:428:17: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat (color, " ", space); data/xfwm4-4.15.3/src/mypixmap.c:431:13: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat (color, word, space); data/xfwm4-4.15.3/src/mypixmap.c:432:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). space -= MIN (space, (gint) strlen (word)); data/xfwm4-4.15.3/src/mypixmap.c:441:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (current_color, new_color, sizeof (current_color) - 1); data/xfwm4-4.15.3/src/mypixmap.c:456:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (current_color, color, sizeof (current_color) - 1); data/xfwm4-4.15.3/src/mypixmap.c:594:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (color->color_string, buffer, cpp); data/xfwm4-4.15.3/src/mypixmap.c:596:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer += strlen (color->color_string); data/xfwm4-4.15.3/src/mypixmap.c:638:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((!buffer) || (wbytes > (gint) strlen (buffer))) data/xfwm4-4.15.3/src/mypixmap.c:645:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (pixel_str, &buffer[n], cpp); data/xfwm4-4.15.3/src/session.c:120:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lg = strlen (s); data/xfwm4-4.15.3/src/session.c:174:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lg = strlen (s); data/xfwm4-4.15.3/src/session.c:416:13: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf (s, "%4000s", s1); data/xfwm4-4.15.3/src/settings.c:469:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (font && strlen (font)) data/xfwm4-4.15.3/src/settings.c:542:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (screen_info->params->button_layout, getStringValue ("button_layout", rc), BUTTON_STRING_COUNT); ANALYSIS SUMMARY: Hits = 53 Lines analyzed = 59726 in approximately 1.85 seconds (32334 lines/second) Physical Source Lines of Code (SLOC) = 50977 Hits@level = [0] 33 [1] 36 [2] 16 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 86 [1+] 53 [2+] 17 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 1.68704 [1+] 1.03968 [2+] 0.333484 [3+] 0.0196167 [4+] 0.0196167 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.