Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/epiphany-browser-3.38.1/embed/contrib/gd-tagged-entry.c
Examining data/epiphany-browser-3.38.1/embed/contrib/gd-tagged-entry.h
Examining data/epiphany-browser-3.38.1/embed/ephy-about-handler.c
Examining data/epiphany-browser-3.38.1/embed/ephy-about-handler.h
Examining data/epiphany-browser-3.38.1/embed/ephy-download.c
Examining data/epiphany-browser-3.38.1/embed/ephy-download.h
Examining data/epiphany-browser-3.38.1/embed/ephy-downloads-manager.c
Examining data/epiphany-browser-3.38.1/embed/ephy-downloads-manager.h
Examining data/epiphany-browser-3.38.1/embed/ephy-embed-container.c
Examining data/epiphany-browser-3.38.1/embed/ephy-embed-container.h
Examining data/epiphany-browser-3.38.1/embed/ephy-embed-event.c
Examining data/epiphany-browser-3.38.1/embed/ephy-embed-event.h
Examining data/epiphany-browser-3.38.1/embed/ephy-embed-prefs.c
Examining data/epiphany-browser-3.38.1/embed/ephy-embed-prefs.h
Examining data/epiphany-browser-3.38.1/embed/ephy-embed-shell.c
Examining data/epiphany-browser-3.38.1/embed/ephy-embed-shell.h
Examining data/epiphany-browser-3.38.1/embed/ephy-embed-utils.c
Examining data/epiphany-browser-3.38.1/embed/ephy-embed-utils.h
Examining data/epiphany-browser-3.38.1/embed/ephy-embed.c
Examining data/epiphany-browser-3.38.1/embed/ephy-embed.h
Examining data/epiphany-browser-3.38.1/embed/ephy-encoding.c
Examining data/epiphany-browser-3.38.1/embed/ephy-encoding.h
Examining data/epiphany-browser-3.38.1/embed/ephy-encodings.c
Examining data/epiphany-browser-3.38.1/embed/ephy-encodings.h
Examining data/epiphany-browser-3.38.1/embed/ephy-file-monitor.c
Examining data/epiphany-browser-3.38.1/embed/ephy-file-monitor.h
Examining data/epiphany-browser-3.38.1/embed/ephy-filters-manager.c
Examining data/epiphany-browser-3.38.1/embed/ephy-filters-manager.h
Examining data/epiphany-browser-3.38.1/embed/ephy-find-toolbar.c
Examining data/epiphany-browser-3.38.1/embed/ephy-find-toolbar.h
Examining data/epiphany-browser-3.38.1/embed/ephy-pdf-handler.c
Examining data/epiphany-browser-3.38.1/embed/ephy-pdf-handler.h
Examining data/epiphany-browser-3.38.1/embed/ephy-reader-handler.c
Examining data/epiphany-browser-3.38.1/embed/ephy-reader-handler.h
Examining data/epiphany-browser-3.38.1/embed/ephy-view-source-handler.c
Examining data/epiphany-browser-3.38.1/embed/ephy-view-source-handler.h
Examining data/epiphany-browser-3.38.1/embed/ephy-web-view.c
Examining data/epiphany-browser-3.38.1/embed/ephy-web-view.h
Examining data/epiphany-browser-3.38.1/embed/web-process-extension/ephy-web-overview-model.c
Examining data/epiphany-browser-3.38.1/embed/web-process-extension/ephy-web-overview-model.h
Examining data/epiphany-browser-3.38.1/embed/web-process-extension/ephy-web-process-extension-main.c
Examining data/epiphany-browser-3.38.1/embed/web-process-extension/ephy-web-process-extension.c
Examining data/epiphany-browser-3.38.1/embed/web-process-extension/ephy-web-process-extension.h
Examining data/epiphany-browser-3.38.1/lib/contrib/eggtreemultidnd.c
Examining data/epiphany-browser-3.38.1/lib/contrib/eggtreemultidnd.h
Examining data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c
Examining data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.h
Examining data/epiphany-browser-3.38.1/lib/ephy-debug.c
Examining data/epiphany-browser-3.38.1/lib/ephy-debug.h
Examining data/epiphany-browser-3.38.1/lib/ephy-dnd.c
Examining data/epiphany-browser-3.38.1/lib/ephy-dnd.h
Examining data/epiphany-browser-3.38.1/lib/ephy-favicon-helpers.c
Examining data/epiphany-browser-3.38.1/lib/ephy-favicon-helpers.h
Examining data/epiphany-browser-3.38.1/lib/ephy-file-helpers.c
Examining data/epiphany-browser-3.38.1/lib/ephy-file-helpers.h
Examining data/epiphany-browser-3.38.1/lib/ephy-flatpak-utils.h
Examining data/epiphany-browser-3.38.1/lib/ephy-gui.c
Examining data/epiphany-browser-3.38.1/lib/ephy-gui.h
Examining data/epiphany-browser-3.38.1/lib/ephy-langs.c
Examining data/epiphany-browser-3.38.1/lib/ephy-langs.h
Examining data/epiphany-browser-3.38.1/lib/ephy-notification-container.c
Examining data/epiphany-browser-3.38.1/lib/ephy-notification-container.h
Examining data/epiphany-browser-3.38.1/lib/ephy-notification.c
Examining data/epiphany-browser-3.38.1/lib/ephy-notification.h
Examining data/epiphany-browser-3.38.1/lib/ephy-permissions-manager.c
Examining data/epiphany-browser-3.38.1/lib/ephy-permissions-manager.h
Examining data/epiphany-browser-3.38.1/lib/ephy-prefs.h
Examining data/epiphany-browser-3.38.1/lib/ephy-profile-utils.c
Examining data/epiphany-browser-3.38.1/lib/ephy-profile-utils.h
Examining data/epiphany-browser-3.38.1/lib/ephy-search-engine-manager.c
Examining data/epiphany-browser-3.38.1/lib/ephy-search-engine-manager.h
Examining data/epiphany-browser-3.38.1/lib/ephy-security-levels.c
Examining data/epiphany-browser-3.38.1/lib/ephy-security-levels.h
Examining data/epiphany-browser-3.38.1/lib/ephy-settings.c
Examining data/epiphany-browser-3.38.1/lib/ephy-settings.h
Examining data/epiphany-browser-3.38.1/lib/ephy-signal-accumulator.c
Examining data/epiphany-browser-3.38.1/lib/ephy-signal-accumulator.h
Examining data/epiphany-browser-3.38.1/lib/ephy-smaps.c
Examining data/epiphany-browser-3.38.1/lib/ephy-smaps.h
Examining data/epiphany-browser-3.38.1/lib/ephy-snapshot-service.c
Examining data/epiphany-browser-3.38.1/lib/ephy-snapshot-service.h
Examining data/epiphany-browser-3.38.1/lib/ephy-sqlite-connection.c
Examining data/epiphany-browser-3.38.1/lib/ephy-sqlite-connection.h
Examining data/epiphany-browser-3.38.1/lib/ephy-sqlite-statement.c
Examining data/epiphany-browser-3.38.1/lib/ephy-sqlite-statement.h
Examining data/epiphany-browser-3.38.1/lib/ephy-sqlite.h
Examining data/epiphany-browser-3.38.1/lib/ephy-string.c
Examining data/epiphany-browser-3.38.1/lib/ephy-string.h
Examining data/epiphany-browser-3.38.1/lib/ephy-suggestion.c
Examining data/epiphany-browser-3.38.1/lib/ephy-suggestion.h
Examining data/epiphany-browser-3.38.1/lib/ephy-sync-utils.c
Examining data/epiphany-browser-3.38.1/lib/ephy-sync-utils.h
Examining data/epiphany-browser-3.38.1/lib/ephy-time-helpers.c
Examining data/epiphany-browser-3.38.1/lib/ephy-time-helpers.h
Examining data/epiphany-browser-3.38.1/lib/ephy-uri-helpers.c
Examining data/epiphany-browser-3.38.1/lib/ephy-uri-helpers.h
Examining data/epiphany-browser-3.38.1/lib/ephy-user-agent.c
Examining data/epiphany-browser-3.38.1/lib/ephy-user-agent.h
Examining data/epiphany-browser-3.38.1/lib/ephy-web-app-utils.c
Examining data/epiphany-browser-3.38.1/lib/ephy-web-app-utils.h
Examining data/epiphany-browser-3.38.1/lib/ephy-zoom.c
Examining data/epiphany-browser-3.38.1/lib/ephy-zoom.h
Examining data/epiphany-browser-3.38.1/lib/history/ephy-history-service-hosts-table.c
Examining data/epiphany-browser-3.38.1/lib/history/ephy-history-service-private.h
Examining data/epiphany-browser-3.38.1/lib/history/ephy-history-service-urls-table.c
Examining data/epiphany-browser-3.38.1/lib/history/ephy-history-service-visits-table.c
Examining data/epiphany-browser-3.38.1/lib/history/ephy-history-service.c
Examining data/epiphany-browser-3.38.1/lib/history/ephy-history-service.h
Examining data/epiphany-browser-3.38.1/lib/history/ephy-history-types.c
Examining data/epiphany-browser-3.38.1/lib/history/ephy-history-types.h
Examining data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-service.c
Examining data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-service.h
Examining data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-storage.c
Examining data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-storage.h
Examining data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-utils.c
Examining data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-utils.h
Examining data/epiphany-browser-3.38.1/lib/sync/debug/ephy-sync-debug.c
Examining data/epiphany-browser-3.38.1/lib/sync/debug/ephy-sync-debug.h
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-history-manager.c
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-history-manager.h
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-history-record.c
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-history-record.h
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-open-tabs-manager.c
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-open-tabs-manager.h
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-open-tabs-record.c
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-open-tabs-record.h
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-password-import.c
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-password-import.h
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-password-manager.c
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-password-manager.h
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-password-record.c
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-password-record.h
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.h
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-sync-service.c
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-sync-service.h
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-synchronizable-manager.c
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-synchronizable-manager.h
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-synchronizable.c
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-synchronizable.h
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-tabs-catalog.c
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-tabs-catalog.h
Examining data/epiphany-browser-3.38.1/lib/widgets/contrib/nautilus-floating-bar.c
Examining data/epiphany-browser-3.38.1/lib/widgets/contrib/nautilus-floating-bar.h
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-certificate-dialog.c
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-certificate-dialog.h
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-download-widget.c
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-download-widget.h
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-downloads-popover.c
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-downloads-popover.h
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-downloads-progress-icon.c
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-downloads-progress-icon.h
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-file-chooser.c
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-file-chooser.h
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-location-entry.c
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-location-entry.h
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-security-popover.c
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-security-popover.h
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-title-box.c
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-title-box.h
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-title-widget.c
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-title-widget.h
Examining data/epiphany-browser-3.38.1/lib/ephy-flatpak-utils.c
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-add-bookmark-popover.c
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-add-bookmark-popover.h
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmark-properties-grid.c
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmark-properties-grid.h
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmark-row.c
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmark-row.h
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmark.c
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmark.h
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmarks-export.c
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmarks-export.h
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmarks-import.c
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmarks-import.h
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmarks-manager.c
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmarks-manager.h
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmarks-popover.c
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmarks-popover.h
Examining data/epiphany-browser-3.38.1/src/ephy-action-bar-end.c
Examining data/epiphany-browser-3.38.1/src/ephy-action-bar-end.h
Examining data/epiphany-browser-3.38.1/src/ephy-action-bar-start.c
Examining data/epiphany-browser-3.38.1/src/ephy-action-bar-start.h
Examining data/epiphany-browser-3.38.1/src/ephy-action-bar.c
Examining data/epiphany-browser-3.38.1/src/ephy-action-bar.h
Examining data/epiphany-browser-3.38.1/src/ephy-action-helper.c
Examining data/epiphany-browser-3.38.1/src/ephy-action-helper.h
Examining data/epiphany-browser-3.38.1/src/ephy-adaptive-mode.h
Examining data/epiphany-browser-3.38.1/src/ephy-desktop-utils.c
Examining data/epiphany-browser-3.38.1/src/ephy-desktop-utils.h
Examining data/epiphany-browser-3.38.1/src/ephy-encoding-dialog.c
Examining data/epiphany-browser-3.38.1/src/ephy-encoding-dialog.h
Examining data/epiphany-browser-3.38.1/src/ephy-encoding-row.c
Examining data/epiphany-browser-3.38.1/src/ephy-encoding-row.h
Examining data/epiphany-browser-3.38.1/src/ephy-header-bar.c
Examining data/epiphany-browser-3.38.1/src/ephy-header-bar.h
Examining data/epiphany-browser-3.38.1/src/ephy-history-dialog.c
Examining data/epiphany-browser-3.38.1/src/ephy-history-dialog.h
Examining data/epiphany-browser-3.38.1/src/ephy-link.c
Examining data/epiphany-browser-3.38.1/src/ephy-link.h
Examining data/epiphany-browser-3.38.1/src/ephy-location-controller.c
Examining data/epiphany-browser-3.38.1/src/ephy-location-controller.h
Examining data/epiphany-browser-3.38.1/src/ephy-lockdown.c
Examining data/epiphany-browser-3.38.1/src/ephy-lockdown.h
Examining data/epiphany-browser-3.38.1/src/ephy-main.c
Examining data/epiphany-browser-3.38.1/src/ephy-mouse-gesture-controller.c
Examining data/epiphany-browser-3.38.1/src/ephy-mouse-gesture-controller.h
Examining data/epiphany-browser-3.38.1/src/ephy-notebook.c
Examining data/epiphany-browser-3.38.1/src/ephy-notebook.h
Examining data/epiphany-browser-3.38.1/src/ephy-page-row.c
Examining data/epiphany-browser-3.38.1/src/ephy-page-row.h
Examining data/epiphany-browser-3.38.1/src/ephy-pages-button.c
Examining data/epiphany-browser-3.38.1/src/ephy-pages-button.h
Examining data/epiphany-browser-3.38.1/src/ephy-pages-popover.c
Examining data/epiphany-browser-3.38.1/src/ephy-pages-popover.h
Examining data/epiphany-browser-3.38.1/src/ephy-pages-view.c
Examining data/epiphany-browser-3.38.1/src/ephy-pages-view.h
Examining data/epiphany-browser-3.38.1/src/ephy-session.c
Examining data/epiphany-browser-3.38.1/src/ephy-session.h
Examining data/epiphany-browser-3.38.1/src/ephy-shell.c
Examining data/epiphany-browser-3.38.1/src/ephy-shell.h
Examining data/epiphany-browser-3.38.1/src/ephy-suggestion-model.c
Examining data/epiphany-browser-3.38.1/src/ephy-suggestion-model.h
Examining data/epiphany-browser-3.38.1/src/ephy-tab-header-bar.c
Examining data/epiphany-browser-3.38.1/src/ephy-tab-header-bar.h
Examining data/epiphany-browser-3.38.1/src/ephy-tab-label.c
Examining data/epiphany-browser-3.38.1/src/ephy-tab-label.h
Examining data/epiphany-browser-3.38.1/src/ephy-window.c
Examining data/epiphany-browser-3.38.1/src/ephy-window.h
Examining data/epiphany-browser-3.38.1/src/popup-commands.c
Examining data/epiphany-browser-3.38.1/src/popup-commands.h
Examining data/epiphany-browser-3.38.1/src/preferences/clear-data-view.c
Examining data/epiphany-browser-3.38.1/src/preferences/clear-data-view.h
Examining data/epiphany-browser-3.38.1/src/preferences/ephy-data-view.c
Examining data/epiphany-browser-3.38.1/src/preferences/ephy-data-view.h
Examining data/epiphany-browser-3.38.1/src/preferences/ephy-prefs-dialog.c
Examining data/epiphany-browser-3.38.1/src/preferences/ephy-prefs-dialog.h
Examining data/epiphany-browser-3.38.1/src/preferences/ephy-search-engine-dialog.c
Examining data/epiphany-browser-3.38.1/src/preferences/ephy-search-engine-dialog.h
Examining data/epiphany-browser-3.38.1/src/preferences/passwords-view.c
Examining data/epiphany-browser-3.38.1/src/preferences/passwords-view.h
Examining data/epiphany-browser-3.38.1/src/preferences/prefs-appearance-page.c
Examining data/epiphany-browser-3.38.1/src/preferences/prefs-appearance-page.h
Examining data/epiphany-browser-3.38.1/src/preferences/prefs-general-page.c
Examining data/epiphany-browser-3.38.1/src/preferences/prefs-general-page.h
Examining data/epiphany-browser-3.38.1/src/preferences/prefs-privacy-page.c
Examining data/epiphany-browser-3.38.1/src/preferences/prefs-privacy-page.h
Examining data/epiphany-browser-3.38.1/src/preferences/prefs-sync-page.c
Examining data/epiphany-browser-3.38.1/src/preferences/prefs-sync-page.h
Examining data/epiphany-browser-3.38.1/src/preferences/synced-tabs-dialog.c
Examining data/epiphany-browser-3.38.1/src/preferences/synced-tabs-dialog.h
Examining data/epiphany-browser-3.38.1/src/preferences/webapp-additional-urls-dialog.c
Examining data/epiphany-browser-3.38.1/src/preferences/webapp-additional-urls-dialog.h
Examining data/epiphany-browser-3.38.1/src/profile-migrator/ephy-profile-migrator.c
Examining data/epiphany-browser-3.38.1/src/search-provider/ephy-search-provider-main.c
Examining data/epiphany-browser-3.38.1/src/search-provider/ephy-search-provider.c
Examining data/epiphany-browser-3.38.1/src/search-provider/ephy-search-provider.h
Examining data/epiphany-browser-3.38.1/src/window-commands.c
Examining data/epiphany-browser-3.38.1/src/window-commands.h
Examining data/epiphany-browser-3.38.1/tests/ephy-download-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-embed-shell-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-embed-utils-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-encodings-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-file-helpers-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-gsb-service-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-history-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-location-entry-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-migration-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-session-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-shell-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-snapshot-service-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-sqlite-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-string-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-test-utils.c
Examining data/epiphany-browser-3.38.1/tests/ephy-test-utils.h
Examining data/epiphany-browser-3.38.1/tests/ephy-web-app-utils-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-web-view-test.c
Examining data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-builder.c
Examining data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-builder.h
Examining data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-format.h
Examining data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-reader.c
Examining data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-reader.h

FINAL RESULTS:

data/epiphany-browser-3.38.1/lib/ephy-snapshot-service.c:196:3:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
  chmod (tmp_path, 0600);
data/epiphany-browser-3.38.1/src/preferences/prefs-general-page.c:572:9:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  char *system, *text;
data/epiphany-browser-3.38.1/src/preferences/prefs-general-page.c:582:62:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
                      "System languages (%s)", n_sys_langs), system);
data/epiphany-browser-3.38.1/src/preferences/prefs-general-page.c:591:11:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  g_free (system);
data/epiphany-browser-3.38.1/src/preferences/prefs-general-page.c:741:62:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
                      "System languages (%s)", n_sys_langs), system);
data/epiphany-browser-3.38.1/embed/ephy-pdf-handler.c:204:40:  [3] (buffer) g_get_tmp_dir:
  This function is synonymous with 'getenv("TMP")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
  tmp_file = g_strdup_printf ("%s/%s", g_get_tmp_dir (), g_path_get_basename (suggested_filename));
data/epiphany-browser-3.38.1/lib/ephy-file-helpers.c:95:35:  [3] (buffer) g_get_tmp_dir:
  This function is synonymous with 'getenv("TMP")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
    full_name = g_build_filename (g_get_tmp_dir (), partial_name,
data/epiphany-browser-3.38.1/lib/ephy-file-helpers.c:118:28:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
  return g_build_filename (g_get_home_dir (), _("Downloads"), NULL);
data/epiphany-browser-3.38.1/lib/ephy-file-helpers.c:175:28:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
  return g_build_filename (g_get_home_dir (), _("Desktop"), NULL);
data/epiphany-browser-3.38.1/lib/ephy-file-helpers.c:393:20:  [3] (buffer) g_get_tmp_dir:
  This function is synonymous with 'getenv("TMP")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
                   g_get_tmp_dir ());
data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-service.c:113:61:  [3] (random) g_random_double:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  duration = (1 << self->back_off_num_fails++) * 15 * 60 * (g_random_double () + 1);
data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmarks-import.c:233:32:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
  filename = g_build_filename (g_get_home_dir (),
data/epiphany-browser-3.38.1/src/window-commands.c:176:32:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
  filename = g_build_filename (g_get_home_dir (),
data/epiphany-browser-3.38.1/tests/ephy-gsb-service-test.c:234:31:  [3] (buffer) g_get_tmp_dir:
  This function is synonymous with 'getenv("TMP")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
  db_path = g_build_filename (g_get_tmp_dir (), "gsb-threats-test.db", NULL);
data/epiphany-browser-3.38.1/tests/ephy-history-test.c:34:34:  [3] (buffer) g_get_tmp_dir:
  This function is synonymous with 'getenv("TMP")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
    filename = g_build_filename (g_get_tmp_dir (), "epiphany-history-test.db", NULL);
data/epiphany-browser-3.38.1/tests/ephy-sqlite-test.c:35:38:  [3] (buffer) g_get_tmp_dir:
  This function is synonymous with 'getenv("TMP")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
  temporary_file = g_build_filename (g_get_tmp_dir (), "epiphany-sqlite-test.db", NULL);
data/epiphany-browser-3.38.1/tests/ephy-sqlite-test.c:48:38:  [3] (buffer) g_get_tmp_dir:
  This function is synonymous with 'getenv("TMP")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
  temporary_file = g_build_filename (g_get_tmp_dir (), "directory-that-does-not-exist", "epiphany_sqlite_test.db", NULL);
data/epiphany-browser-3.38.1/tests/ephy-sqlite-test.c:66:38:  [3] (buffer) g_get_tmp_dir:
  This function is synonymous with 'getenv("TMP")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
  temporary_file = g_build_filename (g_get_tmp_dir (), "epiphany-sqlite-test.db", NULL);
data/epiphany-browser-3.38.1/tests/ephy-sqlite-test.c:136:38:  [3] (buffer) g_get_tmp_dir:
  This function is synonymous with 'getenv("TMP")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
  temporary_file = g_build_filename (g_get_tmp_dir (), "epiphany-sqlite-test.db", NULL);
data/epiphany-browser-3.38.1/tests/ephy-sqlite-test.c:158:38:  [3] (buffer) g_get_tmp_dir:
  This function is synonymous with 'getenv("TMP")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
  temporary_file = g_build_filename (g_get_tmp_dir (), "epiphany-sqlite-test.db", NULL);
data/epiphany-browser-3.38.1/tests/ephy-sqlite-test.c:202:38:  [3] (buffer) g_get_tmp_dir:
  This function is synonymous with 'getenv("TMP")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
  temporary_file = g_build_filename (g_get_tmp_dir (), "epiphany-sqlite-test.db", NULL);
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:686:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char first[8] = { 0 };
data/epiphany-browser-3.38.1/lib/ephy-permissions-manager.c:292:64:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    origin = webkit_security_origin_new (tokens[4], tokens[5], atoi (tokens[6]));
data/epiphany-browser-3.38.1/lib/ephy-profile-utils.c:100:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char *argv[8] = { PKGLIBEXECDIR "/" EPHY_PROFILE_MIGRATOR, "-v" };
data/epiphany-browser-3.38.1/lib/ephy-time-helpers.c:73:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char code[4], buffer[512];
data/epiphany-browser-3.38.1/lib/ephy-web-app-utils.h:35:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char install_date[128];
data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-storage.c:1331:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (prefixes + i * GSB_RICE_PREFIX_LEN, &items[i], GSB_RICE_PREFIX_LEN);
data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-utils.c:60:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (reader->data, data, data_len);
data/epiphany-browser-3.38.1/lib/sync/ephy-password-import.c:86:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char iv[16] = {0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20};
data/epiphany-browser-3.38.1/lib/sync/ephy-password-import.c:87:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char salt[9] = {'s', 'a', 'l', 't', 'y', 's', 'a', 'l', 't'};
data/epiphany-browser-3.38.1/lib/sync/ephy-password-import.c:88:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char key[16];
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:512:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (out, bytes, out_len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:518:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (out + out_len, next, next_len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:593:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (*token_id, out, len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:594:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (*req_hmac_key, out + len, len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:595:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (*request_key, out + 2 * len, len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:635:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (*token_id, out1, len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:636:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (*req_hmac_key, out1 + len, len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:637:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (key_request_key, out1 + 2 * len, len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:646:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (*resp_hmac_key, out2, len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:647:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (*resp_xor_key, out2 + len, 2 * len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:717:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (ciphertext, bundle, 2 * len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:718:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (resp_hmac, bundle + 2 * len, len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:734:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (*ka, xored, len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:736:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (wrap_kb, xored + len, len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:928:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (out, text, text_len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:1057:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (out, data, out_len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-service.c:75:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const secrets[LAST_SECRET] = {
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-service.c:203:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (data->req_hmac_key, req_hmac_key, 32);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-service.c:205:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (data->resp_hmac_key, resp_hmac_key, 32);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-service.c:207:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (data->resp_xor_key, resp_xor_key, 2 * 32);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-service.c:627:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  header = (char *)ephy_sync_utils_base64_urlsafe_decode (pieces[0], &len, TRUE);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-service.c:628:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  payload = (char *)ephy_sync_utils_base64_urlsafe_decode (pieces[1], &len, TRUE);
data/epiphany-browser-3.38.1/src/ephy-location-controller.c:112:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      gtk_entry_set_text (entry, (char *)uris[0]);
data/epiphany-browser-3.38.1/src/ephy-location-controller.c:161:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (atoi (split[1]) != 0) {
data/epiphany-browser-3.38.1/src/ephy-location-controller.c:171:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      window = g_list_nth_data (windows, atoi (split[1]));
data/epiphany-browser-3.38.1/src/ephy-location-controller.c:177:61:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    gtk_notebook_set_current_page (GTK_NOTEBOOK (notebook), atoi (split[0]));
data/epiphany-browser-3.38.1/src/ephy-session.c:1374:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[1024];
data/epiphany-browser-3.38.1/src/ephy-window.c:85:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char *accelerators[9];
data/epiphany-browser-3.38.1/src/ephy-window.c:2579:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  tab_number = atoi (action_name + strlen ("accel-"));
data/epiphany-browser-3.38.1/src/ephy-window.c:2600:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      int tab_number = atoi (actions[i] + strlen ("accel-"));
data/epiphany-browser-3.38.1/tests/ephy-gsb-service-test.c:93:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char *hashes_hex[64];
data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-builder.c:295:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (chunk->data, string, length);
data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-builder.c:333:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (chunk (sizeof bloom_hdr), &bloom_hdr, sizeof bloom_hdr);
data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-builder.c:334:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (chunk (sizeof table_hdr), &table_hdr, sizeof table_hdr);
data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-reader.c:287:47:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    hash_value = (hash_value * 33) + ((signed char *) key)[key_length];
data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-reader.c:445:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy (fullname, parent_name, parent_length);
data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-reader.c:446:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy (fullname + parent_length, name, name_length);
data/epiphany-browser-3.38.1/embed/ephy-about-handler.c:92:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  data_length = data_length != -1 ? data_length : (gssize)strlen (data);
data/epiphany-browser-3.38.1/embed/ephy-download.c:241:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      position = strlen (destination_filename);
data/epiphany-browser-3.38.1/embed/ephy-embed-utils.c:283:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return g_strconcat (EPHY_ABOUT_SCHEME, address + strlen ("about"), NULL);
data/epiphany-browser-3.38.1/embed/ephy-encoding.c:103:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  q = result = g_malloc (strlen (original) + 1);
data/epiphany-browser-3.38.1/embed/ephy-find-toolbar.c:219:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen (toolbar->find_string) == 0) {
data/epiphany-browser-3.38.1/embed/ephy-find-toolbar.c:650:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if (strlen (str_value))
data/epiphany-browser-3.38.1/embed/ephy-pdf-handler.c:95:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    data_length = MIN (strlen (data), G_MAXSSIZE);
data/epiphany-browser-3.38.1/embed/ephy-pdf-handler.c:225:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  modified_uri = original_uri + strlen ("ephy-pdf:");
data/epiphany-browser-3.38.1/embed/ephy-reader-handler.c:95:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    data_length = MIN (strlen (data), G_MAXSSIZE);
data/epiphany-browser-3.38.1/embed/ephy-view-source-handler.c:93:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    data_length = MIN (strlen (data), G_MAXSSIZE);
data/epiphany-browser-3.38.1/embed/ephy-web-view.c:754:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      view->display_address = ephy_uri_decode (view->address + strlen (EPHY_PDF_SCHEME) + 1);
data/epiphany-browser-3.38.1/embed/ephy-web-view.c:2817:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      return view->address + strlen (EPHY_READER_SCHEME) + 1;
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:450:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (strlen (old_locale->name) > strlen (locale->name)) {
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:450:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (strlen (old_locale->name) > strlen (locale->name)) {
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:655:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen (code);
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:744:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen (code);
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:819:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                if (strlen (*attr_values) != 2) {
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:827:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                if (strlen (*attr_values) != 3) {
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:835:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                if (strlen (*attr_values) != 3) {
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:843:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                if (strlen (*attr_values) != 2 &&
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:844:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    strlen (*attr_values) != 3) {
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:911:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                if (strlen (*attr_values) != 2) {
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:919:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                if (strlen (*attr_values) != 3) {
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:927:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                if (strlen (*attr_values) != 3) {
data/epiphany-browser-3.38.1/lib/ephy-snapshot-service.c:81:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  g_checksum_update (checksum, (const guchar *)uri, strlen (uri));
data/epiphany-browser-3.38.1/lib/ephy-string.c:121:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy (new_str, str, bytes);
data/epiphany-browser-3.38.1/lib/ephy-string.c:122:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
  strcat (new_str, "…");
data/epiphany-browser-3.38.1/lib/ephy-string.c:152:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen (str);
data/epiphany-browser-3.38.1/lib/ephy-string.c:154:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  result = g_string_sized_new (len + 6 * strlen (COLLATION_SENTINEL));
data/epiphany-browser-3.38.1/lib/ephy-string.c:261:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  to_find_len = strlen (to_find);
data/epiphany-browser-3.38.1/lib/ephy-string.c:292:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  memmove (string, start, strlen (start) + 1);
data/epiphany-browser-3.38.1/lib/ephy-string.c:312:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (gssize i = strlen (string) - 1; i >= 0 && string[i] == ch; i--)
data/epiphany-browser-3.38.1/lib/ephy-sync-utils.c:82:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  decoded = g_malloc (strlen (hex) / 2);
data/epiphany-browser-3.38.1/lib/ephy-sync-utils.c:83:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (gsize i = 0, j = 0; i < strlen (hex); i += 2, j++)
data/epiphany-browser-3.38.1/lib/ephy-sync-utils.c:115:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  end = strlen (base64) - 1;
data/epiphany-browser-3.38.1/lib/ephy-sync-utils.c:119:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    while (start < strlen (base64) && base64[start] == '=')
data/epiphany-browser-3.38.1/lib/ephy-sync-utils.c:158:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    suffix = g_strnfill ((4 - strlen (text) % 4) % 4, '=');
data/epiphany-browser-3.38.1/lib/ephy-web-app-utils.c:130:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    name += strlen ("app-");
data/epiphany-browser-3.38.1/lib/ephy-web-app-utils.c:148:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return name + strlen (EPHY_WEB_APP_PROGRAM_NAME_PREFIX);
data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-service.c:199:78:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  soup_message_set_request (msg, "application/json", SOUP_MEMORY_TAKE, body, strlen (body));
data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-service.c:528:78:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  soup_message_set_request (msg, "application/json", SOUP_MEMORY_TAKE, body, strlen (body));
data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-utils.c:772:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  has_trailing = path[strlen (path) - 1] == '/';
data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-utils.c:774:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  no_trailing_len = strlen (no_trailing);
data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-utils.c:843:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      g_checksum_update (checksum, (const guint8 *)value, strlen (value));
data/epiphany-browser-3.38.1/lib/sync/debug/ephy-sync-debug.c:242:74:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    soup_message_set_request (msg, content_type, SOUP_MEMORY_COPY, body, strlen (body));
data/epiphany-browser-3.38.1/lib/sync/debug/ephy-sync-debug.c:454:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                              strlen (storage_key));
data/epiphany-browser-3.38.1/lib/sync/ephy-password-import.c:91:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  pbkdf2_hmac_sha1 (strlen (phrase), (unsigned char *)phrase, 1, sizeof (salt), salt, sizeof (key), key);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:222:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (artifacts->ext && strlen (artifacts->ext) > 0) {
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:356:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (artifacts->hash && strlen (artifacts->hash) > 0)
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:360:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (artifacts->ext && strlen (artifacts->ext) > 0) {
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:587:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               (const guint8 *)info, strlen (info),
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:629:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                (const guint8 *)info_kft, strlen (info_kft),
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:641:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                (const guint8 *)info_keys, strlen (info_keys),
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:774:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  tmp = ephy_sync_crypto_concat_bytes ((guint8 *)info, strlen (info),
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:779:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                         tmp, strlen (info) + 1);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:783:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                       (guint8 *)info, strlen (info),
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:788:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                          tmp, len + strlen (info) + 1);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:875:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  body_b64 = ephy_sync_utils_base64_urlsafe_encode ((guint8 *)body, strlen (body), TRUE);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:876:73:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  header_b64 = ephy_sync_utils_base64_urlsafe_encode ((guint8 *)header, strlen (header), TRUE);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:920:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  gsize text_len = strlen (text);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-service.c:480:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            request_body, strlen (request_body));
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-service.c:548:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                              data->request_body, strlen (data->request_body));
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-service.c:567:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                             strlen (self->storage_credentials_key),
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-service.c:774:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            request_body, strlen (request_body));
data/epiphany-browser-3.38.1/lib/widgets/contrib/nautilus-floating-bar.c:140:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    (strlen (self->primary_label) > 0);
data/epiphany-browser-3.38.1/lib/widgets/contrib/nautilus-floating-bar.c:142:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    (strlen (self->details_label) > 0);
data/epiphany-browser-3.38.1/lib/widgets/ephy-location-entry.c:221:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        address + strlen (EPHY_ABOUT_SCHEME) + 1);
data/epiphany-browser-3.38.1/lib/widgets/ephy-location-entry.c:247:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            selection, strlen (selection));
data/epiphany-browser-3.38.1/lib/widgets/ephy-location-entry.c:559:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen (url) > 5 && g_str_has_prefix (url, "http:") && url[5] != '/')
data/epiphany-browser-3.38.1/lib/widgets/ephy-location-entry.c:561:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      else if (strlen (url) > 6 && g_str_has_prefix (url, "https:") && url[6] != '/')
data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmark-row.c:168:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen (title) == 0) {
data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmarks-import.c:486:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (!g_markup_parse_context_parse (context, buf, strlen (buf), &my_error)) {
data/epiphany-browser-3.38.1/src/ephy-location-controller.c:154:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    g_auto (GStrv) split = g_strsplit (content + strlen ("ephy-tab://"), "@", -1);
data/epiphany-browser-3.38.1/src/ephy-suggestion-model.c:320:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen (title) == 0)
data/epiphany-browser-3.38.1/src/ephy-suggestion-model.c:369:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen (url->title) == 0)
data/epiphany-browser-3.38.1/src/ephy-suggestion-model.c:561:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen (data->query) > 0) {
data/epiphany-browser-3.38.1/src/ephy-tab-label.c:110:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (str && strlen (str) != 0) {
data/epiphany-browser-3.38.1/src/ephy-window.c:2579:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  tab_number = atoi (action_name + strlen ("accel-"));
data/epiphany-browser-3.38.1/src/ephy-window.c:2600:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      int tab_number = atoi (actions[i] + strlen ("accel-"));
data/epiphany-browser-3.38.1/src/ephy-window.c:4117:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  gtk_editable_set_position (GTK_EDITABLE (location_gtk_entry), strlen (entry_text));
data/epiphany-browser-3.38.1/src/profile-migrator/ephy-profile-migrator.c:1381:81:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if (g_output_stream_write (G_OUTPUT_STREAM (output_stream), new_data, strlen (new_data), NULL, &error) == -1) {
data/epiphany-browser-3.38.1/src/search-provider/ephy-search-provider.c:215:95:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                                                 results[i] + strlen ("special:search:"))));
data/epiphany-browser-3.38.1/src/search-provider/ephy-search-provider.c:225:95:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                                                 results[i] + strlen ("special:load:"))));
data/epiphany-browser-3.38.1/src/window-commands.c:1642:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          title = g_strdup (host + strlen ("www."));
data/epiphany-browser-3.38.1/src/window-commands.c:1966:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (!strlen (suggested_filename)) {
data/epiphany-browser-3.38.1/tests/ephy-download-test.c:64:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            HTML_STRING, strlen (HTML_STRING));
data/epiphany-browser-3.38.1/tests/ephy-snapshot-service-test.c:223:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                              response, strlen (response));
data/epiphany-browser-3.38.1/tests/ephy-web-view-test.c:59:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            HTML_STRING, strlen (HTML_STRING));
data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-builder.c:288:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  length = strlen (string);
data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-builder.c:395:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            basename = item->key + strlen (item->parent->key);
data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-reader.c:443:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  parent_length = strlen (parent_name);

ANALYSIS SUMMARY:

Hits = 159
Lines analyzed = 90486 in approximately 2.07 seconds (43762 lines/second)
Physical Source Lines of Code (SLOC) = 64913
Hits@level = [0]   7 [1]  91 [2]  47 [3]  16 [4]   4 [5]   1
Hits@level+ = [0+] 166 [1+] 159 [2+]  68 [3+]  21 [4+]   5 [5+]   1
Hits/KSLOC@level+ = [0+] 2.55727 [1+] 2.44943 [2+] 1.04756 [3+] 0.32351 [4+] 0.0770262 [5+] 0.0154052
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.