Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/clinfo-3.0.20.11.20/src/clinfo.c
Examining data/clinfo-3.0.20.11.20/src/ctx_prop.h
Examining data/clinfo-3.0.20.11.20/src/error.h
Examining data/clinfo-3.0.20.11.20/src/ext.h
Examining data/clinfo-3.0.20.11.20/src/fmtmacros.h
Examining data/clinfo-3.0.20.11.20/src/info_loc.h
Examining data/clinfo-3.0.20.11.20/src/info_ret.h
Examining data/clinfo-3.0.20.11.20/src/memory.h
Examining data/clinfo-3.0.20.11.20/src/ms_support.h
Examining data/clinfo-3.0.20.11.20/src/opt_out.h
Examining data/clinfo-3.0.20.11.20/src/strbuf.h

FINAL RESULTS:

data/clinfo-3.0.20.11.20/src/clinfo.c:568:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			szval += snprintf(str->buf + szval,
data/clinfo-3.0.20.11.20/src/clinfo.c:1267:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	return sprintf(str->buf + szval, " (%.4lg%s)",
data/clinfo-3.0.20.11.20/src/clinfo.c:1332:13:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
			szval += sprintf(ret->str.buf + szval, "%" PRIuS, val[cursor]);
data/clinfo-3.0.20.11.20/src/clinfo.c:1372:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			szval += snprintf(ret->str.buf + szval, ret->str.sz - szval - 1, "%" PRIuS, val[counter]);
data/clinfo-3.0.20.11.20/src/clinfo.c:1576:14:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
				szval += snprintf(ret->str.buf + szval, ret->str.sz - szval - 1, "%#" PRIx64, extra);
data/clinfo-3.0.20.11.20/src/clinfo.c:1635:14:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
				szval += snprintf(ret->str.buf + szval, ret->str.sz - szval - 1, "%#" PRIx64, extra);
data/clinfo-3.0.20.11.20/src/clinfo.c:1667:14:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
				szval += snprintf(ret->str.buf + szval, ret->str.sz - szval - 1, "%#" PRIx64, extra);
data/clinfo-3.0.20.11.20/src/clinfo.c:2004:14:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
				szval += snprintf(ret->str.buf + szval, ret->str.sz - szval - 1, "%#" PRIx64, extra);
data/clinfo-3.0.20.11.20/src/clinfo.c:2085:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(ret->str.buf + szval, " (%s)", *ext ? ext : na);
data/clinfo-3.0.20.11.20/src/clinfo.c:2151:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					szval += sprintf(ret->str.buf + szval, "\n%s" I2_STR "%s",
data/clinfo-3.0.20.11.20/src/clinfo.c:2178:14:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				szval += sprintf(ret->str.buf + szval, "\n%s" I2_STR "%s",
data/clinfo-3.0.20.11.20/src/clinfo.c:2187:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(ret->str.buf + szval, "\n%s" I2_STR "%s",
data/clinfo-3.0.20.11.20/src/clinfo.c:2208:14:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				szval += sprintf(ret->str.buf + szval, "\n%s" I2_STR "%s",
data/clinfo-3.0.20.11.20/src/clinfo.c:2263:14:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				szval += sprintf(ret->str.buf + szval, "\n%s" I2_STR "%s",
data/clinfo-3.0.20.11.20/src/clinfo.c:2304:14:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
				szval += snprintf(ret->str.buf + szval, ret->str.sz - szval - 1, "%#" PRIx64, extra);
data/clinfo-3.0.20.11.20/src/clinfo.c:2381:15:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
					szval += snprintf(ret->str.buf + szval, ret->str.sz - szval - 1, "%#" PRIx32, val[cursor]);
data/clinfo-3.0.20.11.20/src/clinfo.c:2985:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(line_pfx, "%*s", prefix_width, str->buf);
data/clinfo-3.0.20.11.20/src/clinfo.c:3023:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(line_pfx, " +-- %sDevice #%" PRIu32 ": ",
data/clinfo-3.0.20.11.20/src/clinfo.c:3031:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(line_pfx, "%*s", -line_pfx_len, str->buf);
data/clinfo-3.0.20.11.20/src/clinfo.c:3128:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(I1_STR "%s\n",
data/clinfo-3.0.20.11.20/src/clinfo.c:3241:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(I1_STR "%s\n",
data/clinfo-3.0.20.11.20/src/clinfo.c:3308:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		sprintf(def, I1_STR, ret.str.buf);
data/clinfo-3.0.20.11.20/src/clinfo.c:3375:14:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
				szval += snprintf(ret.str.buf + szval, ret.str.sz - szval, "\n" I2_STR, devname_prop);
data/clinfo-3.0.20.11.20/src/clinfo.c:3439:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(I1_STR "%s\n", "clCreateContext(NULL, ...) [default]", RET_BUF(ret)->buf);
data/clinfo-3.0.20.11.20/src/clinfo.c:3453:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		printf(I1_STR "%s\n", "clCreateContext(NULL, ...) [other]", RET_BUF(ret)->buf);
data/clinfo-3.0.20.11.20/src/clinfo.c:3579:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(line_pfx, "%*s", -line_pfx_len, ret.str.buf);
data/clinfo-3.0.20.11.20/src/clinfo.c:3736:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		printf(I0_STR "%" PRIu32 "\n",
data/clinfo-3.0.20.11.20/src/error.h:45:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(str->buf, str->sz, full_fmt, loc->sname);
data/clinfo-3.0.20.11.20/src/ms_support.h:61:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf c99_snprintf
data/clinfo-3.0.20.11.20/src/strbuf.h:33:33:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define strbuf_printf(str, ...) snprintf((str)->buf, (str)->sz, __VA_ARGS__)
data/clinfo-3.0.20.11.20/src/clinfo.c:415:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *value[5][2];
data/clinfo-3.0.20.11.20/src/clinfo.c:548:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	return sprintf(str->buf + szval, " (%" PRIu32 ".%" PRIu32 ".%" PRIu32 ")",
data/clinfo-3.0.20.11.20/src/clinfo.c:792:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(pdata->pname, ret.str.buf, len);
data/clinfo-3.0.20.11.20/src/clinfo.c:810:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(pdata->sname, ret.str.buf, len);
data/clinfo-3.0.20.11.20/src/clinfo.c:866:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_half[12];
data/clinfo-3.0.20.11.20/src/clinfo.c:867:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_double[24];
data/clinfo-3.0.20.11.20/src/clinfo.c:868:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_nv[29];
data/clinfo-3.0.20.11.20/src/clinfo.c:869:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_amd[30];
data/clinfo-3.0.20.11.20/src/clinfo.c:870:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_amd_svm[11];
data/clinfo-3.0.20.11.20/src/clinfo.c:871:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_arm_svm[29];
data/clinfo-3.0.20.11.20/src/clinfo.c:872:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_arm_core_id[15];
data/clinfo-3.0.20.11.20/src/clinfo.c:873:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_arm_job_slots[26];
data/clinfo-3.0.20.11.20/src/clinfo.c:874:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_fission[22];
data/clinfo-3.0.20.11.20/src/clinfo.c:875:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_atomic_counters[26];
data/clinfo-3.0.20.11.20/src/clinfo.c:876:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_image2d_buffer[27];
data/clinfo-3.0.20.11.20/src/clinfo.c:877:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_il_program[18];
data/clinfo-3.0.20.11.20/src/clinfo.c:878:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_intel_local_thread[30];
data/clinfo-3.0.20.11.20/src/clinfo.c:879:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_intel_AME[36];
data/clinfo-3.0.20.11.20/src/clinfo.c:880:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_intel_AVC_ME[43];
data/clinfo-3.0.20.11.20/src/clinfo.c:881:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_intel_planar_yuv[20];
data/clinfo-3.0.20.11.20/src/clinfo.c:882:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_intel_required_subgroup_size[32];
data/clinfo-3.0.20.11.20/src/clinfo.c:883:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_altera_dev_temp[29];
data/clinfo-3.0.20.11.20/src/clinfo.c:884:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_p2p[23];
data/clinfo-3.0.20.11.20/src/clinfo.c:885:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_spir[12];
data/clinfo-3.0.20.11.20/src/clinfo.c:886:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_qcom_ext_host_ptr[21];
data/clinfo-3.0.20.11.20/src/clinfo.c:887:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_simultaneous_sharing[30];
data/clinfo-3.0.20.11.20/src/clinfo.c:888:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_subgroup_named_barrier[30];
data/clinfo-3.0.20.11.20/src/clinfo.c:889:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_terminate_context[25];
data/clinfo-3.0.20.11.20/src/clinfo.c:890:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_extended_versioning[27];
data/clinfo-3.0.20.11.20/src/clinfo.c:891:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_cxx_for_opencl[22];
data/clinfo-3.0.20.11.20/src/clinfo.c:892:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char has_device_uuid[19];
data/clinfo-3.0.20.11.20/src/clinfo.c:2811:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(extensions + 1, msg, ext_len);
data/clinfo-3.0.20.11.20/src/clinfo.c:2821:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(versioned_extensions, msg, len);
data/clinfo-3.0.20.11.20/src/clinfo.c:3018:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(line_pfx, "%" PRIu32 "%c%" PRIu32 ": ",
data/clinfo-3.0.20.11.20/src/clinfo.c:3279:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char def[1024];
data/clinfo-3.0.20.11.20/src/error.h:41:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char full_fmt[1024];
data/clinfo-3.0.20.11.20/src/ext.h:166:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                    name[CL_NAME_VERSION_MAX_NAME_SIZE];
data/clinfo-3.0.20.11.20/src/strbuf.h:78:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(str->buf + str->sz - 4, ellip, 4);
data/clinfo-3.0.20.11.20/src/strbuf.h:102:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst, src, len);
data/clinfo-3.0.20.11.20/src/clinfo.c:788:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen(ret.str.buf);
data/clinfo-3.0.20.11.20/src/clinfo.c:806:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen(ret.str.buf);
data/clinfo-3.0.20.11.20/src/clinfo.c:829:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = (cl_int)strlen(pdata->sname);
data/clinfo-3.0.20.11.20/src/clinfo.c:1071:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(chk->has_##what, has+1, sizeof(ext)); \
data/clinfo-3.0.20.11.20/src/clinfo.c:1907:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				slen = strlen(ptstr[str_idx]);
data/clinfo-3.0.20.11.20/src/clinfo.c:1956:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				slen = strlen(ptstr[str_idx]);
data/clinfo-3.0.20.11.20/src/clinfo.c:1957:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
				strncpy(ret->str.buf + szval, ptstr[str_idx], slen);
data/clinfo-3.0.20.11.20/src/clinfo.c:2046:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				slen = strlen(str);
data/clinfo-3.0.20.11.20/src/clinfo.c:2047:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
				strncpy(ret->str.buf + szval, str, slen);
data/clinfo-3.0.20.11.20/src/clinfo.c:2804:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ext_len = strlen(msg);
data/clinfo-3.0.20.11.20/src/clinfo.c:3071:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		line_pfx_len = (int)(strlen(str.buf) + 1);
data/clinfo-3.0.20.11.20/src/clinfo.c:3576:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			line_pfx_len = (int)(strlen(oclicdl_pfx) + 5);
data/clinfo-3.0.20.11.20/src/strbuf.h:114:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return bufcpy_len(str, offset, src, strlen(src));
data/clinfo-3.0.20.11.20/src/strbuf.h:130:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	sepsz = strlen(sep);

ANALYSIS SUMMARY:

Hits = 83
Lines analyzed = 4663 in approximately 0.16 seconds (29366 lines/second)
Physical Source Lines of Code (SLOC) = 3553
Hits@level = [0]  35 [1]  14 [2]  39 [3]   0 [4]  30 [5]   0
Hits@level+ = [0+] 118 [1+]  83 [2+]  69 [3+]  30 [4+]  30 [5+]   0
Hits/KSLOC@level+ = [0+] 33.2114 [1+] 23.3605 [2+] 19.4202 [3+] 8.44357 [4+] 8.44357 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.