stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/farstream-0.2-0.2.8/tests/rtp/codec-discovery.c
Examining data/farstream-0.2-0.2.8/tests/check/utils/binadded.c
Examining data/farstream-0.2-0.2.8/tests/check/transmitter/stunalternd.c
Examining data/farstream-0.2-0.2.8/tests/check/transmitter/rawudp-upnp.c
Examining data/farstream-0.2-0.2.8/tests/check/transmitter/generic.c
Examining data/farstream-0.2-0.2.8/tests/check/transmitter/generic.h
Examining data/farstream-0.2-0.2.8/tests/check/transmitter/nice.c
Examining data/farstream-0.2-0.2.8/tests/check/transmitter/rawudp.c
Examining data/farstream-0.2-0.2.8/tests/check/transmitter/rawudp-upnp.h
Examining data/farstream-0.2-0.2.8/tests/check/transmitter/shm.c
Examining data/farstream-0.2-0.2.8/tests/check/transmitter/multicast.c
Examining data/farstream-0.2-0.2.8/tests/check/transmitter/stunalternd.h
Examining data/farstream-0.2-0.2.8/tests/check/testutils.c
Examining data/farstream-0.2-0.2.8/tests/check/rtp/recvcodecs.c
Examining data/farstream-0.2-0.2.8/tests/check/rtp/conference.c
Examining data/farstream-0.2-0.2.8/tests/check/rtp/generic.c
Examining data/farstream-0.2-0.2.8/tests/check/rtp/generic.h
Examining data/farstream-0.2-0.2.8/tests/check/rtp/codecs.c
Examining data/farstream-0.2-0.2.8/tests/check/rtp/sendcodecs.c
Examining data/farstream-0.2-0.2.8/tests/check/check-threadsafe.h
Examining data/farstream-0.2-0.2.8/tests/check/base/fstransmitter.c
Examining data/farstream-0.2-0.2.8/tests/check/base/fscodec.c
Examining data/farstream-0.2-0.2.8/tests/check/testutils.h
Examining data/farstream-0.2-0.2.8/tests/check/raw/conference.c
Examining data/farstream-0.2-0.2.8/tests/check/msn/conference.c
Examining data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-session.c
Examining data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-cam-send-conference.h
Examining data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-cam-recv-conference.h
Examining data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-conference.c
Examining data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-stream.c
Examining data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-conference.h
Examining data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-connection.h
Examining data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-connection.c
Examining data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-cam-send-conference.c
Examining data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-participant.c
Examining data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-stream.h
Examining data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-cam-recv-conference.c
Examining data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-participant.h
Examining data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-session.h
Examining data/farstream-0.2-0.2.8/gst/fsrawconference/fs-raw-conference.c
Examining data/farstream-0.2-0.2.8/gst/fsrawconference/fs-raw-conference-plugin.c
Examining data/farstream-0.2-0.2.8/gst/fsrawconference/fs-raw-stream.c
Examining data/farstream-0.2-0.2.8/gst/fsrawconference/fs-raw-stream.h
Examining data/farstream-0.2-0.2.8/gst/fsrawconference/fs-raw-participant.c
Examining data/farstream-0.2-0.2.8/gst/fsrawconference/fs-raw-session.c
Examining data/farstream-0.2-0.2.8/gst/fsrawconference/fs-raw-session.h
Examining data/farstream-0.2-0.2.8/gst/fsrawconference/fs-raw-participant.h
Examining data/farstream-0.2-0.2.8/gst/fsrawconference/fs-raw-conference.h
Examining data/farstream-0.2-0.2.8/gst/fsrtpxdata/fsrtpxdatapay.c
Examining data/farstream-0.2-0.2.8/gst/fsrtpxdata/fsrtpxdatadepay.h
Examining data/farstream-0.2-0.2.8/gst/fsrtpxdata/fsrtpxdatadepay.c
Examining data/farstream-0.2-0.2.8/gst/fsrtpxdata/fsrtpxdata.c
Examining data/farstream-0.2-0.2.8/gst/fsrtpxdata/fsrtpxdatapay.h
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-session.h
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-bitrate-adapter.h
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-conference.h
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-keyunit-manager.c
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-stream.c
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-codec-negotiation.c
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-dtmf-event-source.c
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-tfrc.c
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-bitrate-adapter.c
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-session.c
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-codec-specific.h
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-stream.h
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-special-source.c
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/tfrc.c
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-codec-specific.c
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-substream.h
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-codec-negotiation.h
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-dtmf-sound-source.c
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-keyunit-manager.h
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-codec-cache.h
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-conference.c
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-participant.c
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-packet-modder.h
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-substream.c
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-conference-plugin.c
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-bin-error-downgrade.h
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-participant.h
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-codec-cache.c
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-dtmf-event-source.h
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-tfrc.h
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-packet-modder.c
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/tfrc.h
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-discover-codecs.c
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-discover-codecs.h
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-bin-error-downgrade.c
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-dtmf-sound-source.h
Examining data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-special-source.h
Examining data/farstream-0.2-0.2.8/gst/fsvideoanyrate/videoanyrate.c
Examining data/farstream-0.2-0.2.8/gst/fsvideoanyrate/videoanyrate.h
Examining data/farstream-0.2-0.2.8/farstream/fs-stream-transmitter.h
Examining data/farstream-0.2-0.2.8/farstream/fs-participant.h
Examining data/farstream-0.2-0.2.8/farstream/fs-rtp.h
Examining data/farstream-0.2-0.2.8/farstream/fs-conference.h
Examining data/farstream-0.2-0.2.8/farstream/fs-codec.c
Examining data/farstream-0.2-0.2.8/farstream/fs-participant.c
Examining data/farstream-0.2-0.2.8/farstream/fs-candidate.c
Examining data/farstream-0.2-0.2.8/farstream/fs-utils.c
Examining data/farstream-0.2-0.2.8/farstream/fs-rtp.c
Examining data/farstream-0.2-0.2.8/farstream/fs-element-added-notifier.h
Examining data/farstream-0.2-0.2.8/farstream/fs-session.h
Examining data/farstream-0.2-0.2.8/farstream/fs-plugin.h
Examining data/farstream-0.2-0.2.8/farstream/fs-plugin.c
Examining data/farstream-0.2-0.2.8/farstream/fs-element-added-notifier.c
Examining data/farstream-0.2-0.2.8/farstream/fs-stream.c
Examining data/farstream-0.2-0.2.8/farstream/fs-utils.h
Examining data/farstream-0.2-0.2.8/farstream/fs-transmitter.c
Examining data/farstream-0.2-0.2.8/farstream/fs-transmitter.h
Examining data/farstream-0.2-0.2.8/farstream/fs-conference.c
Examining data/farstream-0.2-0.2.8/farstream/fs-stream.h
Examining data/farstream-0.2-0.2.8/farstream/fs-private.h
Examining data/farstream-0.2-0.2.8/farstream/fs-session.c
Examining data/farstream-0.2-0.2.8/farstream/fs-codec.h
Examining data/farstream-0.2-0.2.8/farstream/fs-candidate.h
Examining data/farstream-0.2-0.2.8/farstream/fs-stream-transmitter.c
Examining data/farstream-0.2-0.2.8/transmitters/shm/fs-shm-transmitter.h
Examining data/farstream-0.2-0.2.8/transmitters/shm/fs-shm-transmitter.c
Examining data/farstream-0.2-0.2.8/transmitters/shm/fs-shm-stream-transmitter.h
Examining data/farstream-0.2-0.2.8/transmitters/shm/fs-shm-stream-transmitter.c
Examining data/farstream-0.2-0.2.8/transmitters/multicast/fs-multicast-transmitter.h
Examining data/farstream-0.2-0.2.8/transmitters/multicast/fs-multicast-transmitter.c
Examining data/farstream-0.2-0.2.8/transmitters/multicast/fs-multicast-stream-transmitter.h
Examining data/farstream-0.2-0.2.8/transmitters/multicast/fs-multicast-stream-transmitter.c
Examining data/farstream-0.2-0.2.8/transmitters/nice/fs-nice-stream-transmitter.h
Examining data/farstream-0.2-0.2.8/transmitters/nice/fs-nice-stream-transmitter.c
Examining data/farstream-0.2-0.2.8/transmitters/nice/fs-nice-agent.h
Examining data/farstream-0.2-0.2.8/transmitters/nice/fs-nice-agent.c
Examining data/farstream-0.2-0.2.8/transmitters/nice/fs-nice-transmitter.h
Examining data/farstream-0.2-0.2.8/transmitters/nice/fs-nice-transmitter.c
Examining data/farstream-0.2-0.2.8/transmitters/rawudp/fs-rawudp-component.c
Examining data/farstream-0.2-0.2.8/transmitters/rawudp/fs-rawudp-transmitter.h
Examining data/farstream-0.2-0.2.8/transmitters/rawudp/fs-rawudp-stream-transmitter.h
Examining data/farstream-0.2-0.2.8/transmitters/rawudp/fs-rawudp-stream-transmitter.c
Examining data/farstream-0.2-0.2.8/transmitters/rawudp/fs-rawudp-component.h
Examining data/farstream-0.2-0.2.8/transmitters/rawudp/fs-rawudp-transmitter.c
Examining data/farstream-0.2-0.2.8/examples/commandline/simple-call.c
Examining data/farstream-0.2-0.2.8/examples/commandline/simple-call-shm.c

FINAL RESULTS:

data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-connection.c:552:7:  [3] (random) g_random_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
      g_random_int_range (100, 199));
data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-stream.c:444:34:  [3] (random) g_random_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        self->priv->session_id = g_random_int_range (9000, 9999);
data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-codec-cache.c:70:43:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
    registry_bin_path = g_build_filename (g_get_home_dir (),
data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-codec-cache.c:72:43:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
    registry_xml_path = g_build_filename (g_get_home_dir (),
data/farstream-0.2-0.2.8/tests/check/rtp/conference.c:1416:47:  [3] (random) g_random_int:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    GST_WRITE_UINT32_LE (info.data + (i * 4), g_random_int ());
data/farstream-0.2-0.2.8/tests/check/rtp/conference.c:1417:51:  [3] (random) g_random_int:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  GST_WRITE_UINT32_LE (info.data + info.size - 4, g_random_int ());
data/farstream-0.2-0.2.8/transmitters/shm/fs-shm-stream-transmitter.c:557:36:  [3] (buffer) g_get_tmp_dir:
  This function is synonymous with 'getenv("TMP")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
    socket_dir = g_build_filename (g_get_tmp_dir (),
data/farstream-0.2-0.2.8/examples/commandline/simple-call.c:292:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  localport = atoi (argv[1]);
data/farstream-0.2-0.2.8/examples/commandline/simple-call.c:294:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  remoteport = atoi (argv[3]);
data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-connection.c:397:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      gint sid = atoi (candidate->username);
data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-codec-cache.c:48:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
# define open _open
data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-codec-cache.c:134:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (val, *in, sizeof(guint));
data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-codec-cache.c:145:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (val, *in, sizeof(gint));
data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-codec-cache.c:162:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (*str, *in, str_length);
data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-codec-cache.c:368:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (&num_blueprints, in, sizeof(gint));
data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-codec-negotiation.c:1316:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (newca, ca, sizeof(CodecAssociation));
data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-codec-specific.c:746:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    er->first = atoi (ranges_strv[i]);
data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-codec-specific.c:749:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      er->last = atoi (p + 1);
data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-conference.c:795:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
          atoi (param->value), NULL);
data/farstream-0.2-0.2.8/tests/check/raw/conference.c:1056:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (params, st_params, st_param_count * sizeof (GParameter));
data/farstream-0.2-0.2.8/tests/check/rtp/conference.c:794:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (params, st_params, st_param_count * sizeof (GParameter));
data/farstream-0.2-0.2.8/tests/check/rtp/conference.c:1371:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    tmp = atoi(env);
data/farstream-0.2-0.2.8/tests/check/transmitter/stunalternd.c:197:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ctlbuf[256];
data/farstream-0.2-0.2.8/farstream/fs-codec.c:433:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        gchar *type = keys[j] + strlen ("feedback:");
data/farstream-0.2-0.2.8/farstream/fs-rtp.c:251:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strlen (RTP_HDREXT_PREFIX)))
data/farstream-0.2-0.2.8/farstream/fs-rtp.c:255:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            groups[i] + strlen (RTP_HDREXT_PREFIX),
data/farstream-0.2-0.2.8/farstream/fs-rtp.c:256:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strlen (RTP_HDREXT_AUDIO_PREFIX)))
data/farstream-0.2-0.2.8/farstream/fs-rtp.c:262:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            groups[i] + strlen (RTP_HDREXT_PREFIX),
data/farstream-0.2-0.2.8/farstream/fs-rtp.c:263:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strlen (RTP_HDREXT_VIDEO_PREFIX)))
data/farstream-0.2-0.2.8/farstream/fs-rtp.c:269:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            groups[i] + strlen (RTP_HDREXT_PREFIX),
data/farstream-0.2-0.2.8/farstream/fs-rtp.c:270:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strlen (RTP_HDREXT_APPLICATION_PREFIX)))
data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-connection.c:123:14:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    gboolean equal);
data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-connection.c:125:14:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    gboolean equal);
data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-connection.c:127:39:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    PollFdCallback callback, gboolean read, gboolean write, gboolean server);
data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-connection.c:898:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if (send(pollfd->pollfd.fd, str, strlen (str), 0) != -1)
data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-connection.c:1067:67:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
shutdown_fd (FsMsnConnection *self, FsMsnPollFD *pollfd, gboolean equal)
data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-connection.c:1070:37:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  shutdown_fd_locked (self, pollfd, equal);
data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-connection.c:1075:74:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
shutdown_fd_locked (FsMsnConnection *self, FsMsnPollFD *pollfd, gboolean equal)
data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-connection.c:1083:10:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    if ((equal && p == pollfd) || (!equal && p != pollfd))
data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-connection.c:1083:37:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    if ((equal && p == pollfd) || (!equal && p != pollfd))
data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-connection.c:1106:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    gboolean read, gboolean write, gboolean server)
data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-connection.c:1112:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  pollfd->want_read = read;
data/farstream-0.2-0.2.8/gst/fsmsnconference/fs-msn-connection.c:1118:54:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  gst_poll_fd_ctl_read (self->poll, &pollfd->pollfd, read);
data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-codec-cache.c:50:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
# define read _read
data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-codec-cache.c:420:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size = strlen (str);
data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-codec-specific.c:1326:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  match_len = strlen (match_string);
data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-codec-specific.c:1395:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  match_len = strlen (match_string);
data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-discover-codecs.c:751:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (found[strlen (needle)] != 0 &&
data/farstream-0.2-0.2.8/gst/fsrtpconference/fs-rtp-discover-codecs.c:752:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      found[strlen (needle)] != '/')
data/farstream-0.2-0.2.8/transmitters/nice/fs-nice-stream-transmitter.c:763:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy (nc->foundation, candidate->foundation,

ANALYSIS SUMMARY:

Hits = 50
Lines analyzed = 62666 in approximately 1.49 seconds (42054 lines/second)
Physical Source Lines of Code (SLOC) = 43090
Hits@level = [0]  15 [1]  27 [2]  16 [3]   7 [4]   0 [5]   0
Hits@level+ = [0+]  65 [1+]  50 [2+]  23 [3+]   7 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 1.50847 [1+] 1.16036 [2+] 0.533767 [3+] 0.162451 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.