Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gbemol-0.3.2/src/gbemol-info.h
Examining data/gbemol-0.3.2/src/gbemol-net.h
Examining data/gbemol-0.3.2/src/gbemol-net.c
Examining data/gbemol-0.3.2/src/gbemol-marshal.c
Examining data/gbemol-0.3.2/src/gbemol.h
Examining data/gbemol-0.3.2/src/gbemol-main.c
Examining data/gbemol-0.3.2/src/gbemol-mpd.c
Examining data/gbemol-0.3.2/src/gbemol-amazon.c
Examining data/gbemol-0.3.2/src/gbemol-amazon.h
Examining data/gbemol-0.3.2/src/gbemol-marshal.h
Examining data/gbemol-0.3.2/src/gbemol-playlist.c
Examining data/gbemol-0.3.2/src/gbemol-playlist.h
Examining data/gbemol-0.3.2/src/libmpdclient.h
Examining data/gbemol-0.3.2/src/gbemol-mpd.h
Examining data/gbemol-0.3.2/src/bacon-volume.c
Examining data/gbemol-0.3.2/src/gbemol-locale.h
Examining data/gbemol-0.3.2/src/gbemol-library.h
Examining data/gbemol-0.3.2/src/bacon-volume.h
Examining data/gbemol-0.3.2/src/gbemol-app.h
Examining data/gbemol-0.3.2/src/gbemol-preferences.h
Examining data/gbemol-0.3.2/src/gbemol-utils.h
Examining data/gbemol-0.3.2/src/gbemol-library.c
Examining data/gbemol-0.3.2/src/gbemol-info.c
Examining data/gbemol-0.3.2/src/libmpdclient.c
Examining data/gbemol-0.3.2/src/gbemol-preferences.c
Examining data/gbemol-0.3.2/src/gbemol-utils.c
Examining data/gbemol-0.3.2/src/gbemol-app.c
FINAL RESULTS:
data/gbemol-0.3.2/src/gbemol-utils.c:160:3: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (path, 0644);
data/gbemol-0.3.2/src/libmpdclient.c:410:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(connection->buffer,rt+1);
data/gbemol-0.3.2/src/libmpdclient.c:596:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(connection->errorStr, output);
data/gbemol-0.3.2/src/gbemol-app.c:816:54: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void gbemol_app_set_random (GbemolApp* app, gboolean random)
data/gbemol-0.3.2/src/gbemol-app.c:818:91: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (gtk_check_menu_item_get_active (GTK_CHECK_MENU_ITEM (app->priv->mnu_item_random)) != random)
data/gbemol-0.3.2/src/gbemol-app.c:819:85: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
gtk_check_menu_item_set_active (GTK_CHECK_MENU_ITEM (app->priv->mnu_item_random), random);
data/gbemol-0.3.2/src/gbemol-app.h:64:54: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void gbemol_app_set_random (GbemolApp* app, gboolean random);
data/gbemol-0.3.2/src/gbemol-main.c:75:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "mclpfh")) != -1)
data/gbemol-0.3.2/src/gbemol-main.c:176:43: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
gbemol_app_set_random (app, mpd->status->random);
data/gbemol-0.3.2/src/gbemol-mpd.c:677:54: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void gbemol_mpd_set_random (GbemolMpd *obj, gboolean random)
data/gbemol-0.3.2/src/gbemol-mpd.c:682:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mpd_sendRandomCommand (obj->priv->conn, random);
data/gbemol-0.3.2/src/gbemol-mpd.h:71:54: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void gbemol_mpd_set_random (GbemolMpd *obj, gboolean random);
data/gbemol-0.3.2/src/gbemol-utils.c:156:44: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
path = g_strdup_printf ("%s/.gbemol.cfg", g_get_home_dir());
data/gbemol-0.3.2/src/gbemol-utils.c:422:44: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
str_dir = g_strdup_printf ("%s/.covers/", g_get_home_dir());
data/gbemol-0.3.2/src/gbemol-utils.c:430:49: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
str = g_strdup_printf ("%s/.covers/%s-%s.jpg", g_get_home_dir(), song->artist, song->album);
data/gbemol-0.3.2/src/libmpdclient.h:171:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int random;
data/gbemol-0.3.2/src/gbemol-utils.c:158:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (path, O_CREAT, 0777)) != -1)
data/gbemol-0.3.2/src/gbemol-utils.c:208:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cfg = fopen (path, "w");
data/gbemol-0.3.2/src/libmpdclient.c:92:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,
data/gbemol-0.3.2/src/libmpdclient.c:124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char service[INTLEN+1];
data/gbemol-0.3.2/src/libmpdclient.c:214:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&sin.sin_addr.s_addr,(char *)he->h_addr,
data/gbemol-0.3.2/src/libmpdclient.c:220:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"address type is not IPv4");
data/gbemol-0.3.2/src/libmpdclient.c:227:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"problems creating socket");
data/gbemol-0.3.2/src/libmpdclient.c:247:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * mpdTagItemKeys[MPD_TAG_NUM_OF_ITEM_TYPES] =
data/gbemol-0.3.2/src/libmpdclient.c:441:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"not done processing current command");
data/gbemol-0.3.2/src/libmpdclient.c:505:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"already done processing current command");
data/gbemol-0.3.2/src/libmpdclient.c:523:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"buffer overrun");
data/gbemol-0.3.2/src/libmpdclient.c:543:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"connection"
data/gbemol-0.3.2/src/libmpdclient.c:555:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"connection timeout");
data/gbemol-0.3.2/src/libmpdclient.c:569:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr, "expected more list_OK's");
data/gbemol-0.3.2/src/libmpdclient.c:580:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,
data/gbemol-0.3.2/src/libmpdclient.c:698:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->volume = atoi(re->value);
data/gbemol-0.3.2/src/libmpdclient.c:701:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->repeat = atoi(re->value);
data/gbemol-0.3.2/src/libmpdclient.c:704:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->random = atoi(re->value);
data/gbemol-0.3.2/src/libmpdclient.c:710:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->playlistLength = atoi(re->value);
data/gbemol-0.3.2/src/libmpdclient.c:713:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->bitRate = atoi(re->value);
data/gbemol-0.3.2/src/libmpdclient.c:730:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->song = atoi(re->value);
data/gbemol-0.3.2/src/libmpdclient.c:733:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->songid = atoi(re->value);
data/gbemol-0.3.2/src/libmpdclient.c:740:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->elapsedTime = atoi(re->value);
data/gbemol-0.3.2/src/libmpdclient.c:741:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->totalTime = atoi(tok+1);
data/gbemol-0.3.2/src/libmpdclient.c:748:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->crossfade = atoi(re->value);
data/gbemol-0.3.2/src/libmpdclient.c:751:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->updatingDb = atoi(re->value);
data/gbemol-0.3.2/src/libmpdclient.c:756:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->sampleRate = atoi(re->value);
data/gbemol-0.3.2/src/libmpdclient.c:757:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->bits = atoi(++tok);
data/gbemol-0.3.2/src/libmpdclient.c:760:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->channels = atoi(tok+1);
data/gbemol-0.3.2/src/libmpdclient.c:776:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"state not found");
data/gbemol-0.3.2/src/libmpdclient.c:825:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stats->numberOfArtists = atoi(re->value);
data/gbemol-0.3.2/src/libmpdclient.c:828:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stats->numberOfAlbums = atoi(re->value);
data/gbemol-0.3.2/src/libmpdclient.c:831:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stats->numberOfSongs = atoi(re->value);
data/gbemol-0.3.2/src/libmpdclient.c:888:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stats->numberOfSongs = atoi(re->value);
data/gbemol-0.3.2/src/libmpdclient.c:1113:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entity->info.song->pos = atoi(connection->returnElement->value);
data/gbemol-0.3.2/src/libmpdclient.c:1117:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"problem parsing song info");
data/gbemol-0.3.2/src/libmpdclient.c:1156:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entity->info.song->time = atoi(re->value);
data/gbemol-0.3.2/src/libmpdclient.c:1160:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entity->info.song->pos = atoi(re->value);
data/gbemol-0.3.2/src/libmpdclient.c:1164:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entity->info.song->id = atoi(re->value);
data/gbemol-0.3.2/src/libmpdclient.c:1325:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char st[10];
data/gbemol-0.3.2/src/libmpdclient.c:1328:32: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(table == MPD_TABLE_ARTIST) strcpy(st,"artist");
data/gbemol-0.3.2/src/libmpdclient.c:1329:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if(table == MPD_TABLE_ALBUM) strcpy(st,"album");
data/gbemol-0.3.2/src/libmpdclient.c:1332:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"unknown table for list");
data/gbemol-0.3.2/src/libmpdclient.c:1375:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
retval = atoi(string);
data/gbemol-0.3.2/src/libmpdclient.c:1546:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret = atoi(jobid);
data/gbemol-0.3.2/src/libmpdclient.c:1609:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"already in command list mode");
data/gbemol-0.3.2/src/libmpdclient.c:1619:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"already in command list mode");
data/gbemol-0.3.2/src/libmpdclient.c:1630:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"not in command list mode");
data/gbemol-0.3.2/src/libmpdclient.c:1664:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
output->id = atoi(re->value);
data/gbemol-0.3.2/src/libmpdclient.c:1670:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
output->enabled = atoi(re->value);
data/gbemol-0.3.2/src/libmpdclient.c:1755:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr, "search already in progress");
data/gbemol-0.3.2/src/libmpdclient.c:1767:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr, "search already in progress");
data/gbemol-0.3.2/src/libmpdclient.c:1778:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr, "search already in progress");
data/gbemol-0.3.2/src/libmpdclient.c:1793:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr, "search already in progress");
data/gbemol-0.3.2/src/libmpdclient.c:1799:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr, "invalid type specified");
data/gbemol-0.3.2/src/libmpdclient.c:1821:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr, "no search in progress");
data/gbemol-0.3.2/src/libmpdclient.c:1827:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr, "invalid type specified");
data/gbemol-0.3.2/src/libmpdclient.c:1833:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr, "no name specified");
data/gbemol-0.3.2/src/libmpdclient.c:1856:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr, "no search in progress");
data/gbemol-0.3.2/src/libmpdclient.h:96:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char * mpdTagItemKeys[MPD_TAG_NUM_OF_ITEM_TYPES];
data/gbemol-0.3.2/src/libmpdclient.h:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorStr[MPD_ERRORSTR_MAX_LENGTH+1];
data/gbemol-0.3.2/src/libmpdclient.h:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MPD_BUFFER_MAX_LENGTH+1];
data/gbemol-0.3.2/src/libmpdclient.c:273:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = malloc(strlen(arg) * 2 + 1);
data/gbemol-0.3.2/src/libmpdclient.c:277:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = strlen(arg)+1; i != 0; --i) {
data/gbemol-0.3.2/src/libmpdclient.c:315:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(output,MPD_WELCOME_MESSAGE,strlen(MPD_WELCOME_MESSAGE))) {
data/gbemol-0.3.2/src/libmpdclient.c:323:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = &output[strlen(MPD_WELCOME_MESSAGE)];
data/gbemol-0.3.2/src/libmpdclient.c:333:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&output[strlen(MPD_WELCOME_MESSAGE)]);
data/gbemol-0.3.2/src/libmpdclient.c:350:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(connection->buffer,"");
data/gbemol-0.3.2/src/libmpdclient.c:353:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(connection->errorStr,"");
data/gbemol-0.3.2/src/libmpdclient.c:411:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
connection->buflen = strlen(connection->buffer);
data/gbemol-0.3.2/src/libmpdclient.c:438:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int commandLen = strlen(command);
data/gbemol-0.3.2/src/libmpdclient.c:591:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(output,"ACK",strlen("ACK"))==0) {
data/gbemol-0.3.2/src/libmpdclient.c:1133:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(re->value)) {
data/gbemol-0.3.2/src/libmpdclient.c:1241:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("playlistinfo")+2+INTLEN+3;
data/gbemol-0.3.2/src/libmpdclient.c:1249:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("playlistid")+2+INTLEN+3;
data/gbemol-0.3.2/src/libmpdclient.c:1257:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("plchanges")+2+LONGLONGLEN+3;
data/gbemol-0.3.2/src/libmpdclient.c:1265:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("plchangesposid")+2+LONGLONGLEN+3;
data/gbemol-0.3.2/src/libmpdclient.c:1274:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("listall")+2+strlen(sDir)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1274:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("listall")+2+strlen(sDir)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1284:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("listallinfo")+2+strlen(sDir)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1284:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("listallinfo")+2+strlen(sDir)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1294:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("lsinfo")+2+strlen(sDir)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1294:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("lsinfo")+2+strlen(sDir)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1337:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen("list")+1+strlen(sanitArg1)+2+strlen(st)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1337:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen("list")+1+strlen(sanitArg1)+2+strlen(st)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1337:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen("list")+1+strlen(sanitArg1)+2+strlen(st)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1343:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen("list")+1+strlen(st)+2;
data/gbemol-0.3.2/src/libmpdclient.c:1343:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen("list")+1+strlen(st)+2;
data/gbemol-0.3.2/src/libmpdclient.c:1353:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("add")+2+strlen(sFile)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1353:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("add")+2+strlen(sFile)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1365:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("addid")+2+strlen(sFile)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1365:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("addid")+2+strlen(sFile)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1383:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("delete")+2+INTLEN+3;
data/gbemol-0.3.2/src/libmpdclient.c:1391:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("deleteid")+2+INTLEN+3;
data/gbemol-0.3.2/src/libmpdclient.c:1400:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("save")+2+strlen(sName)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1400:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("save")+2+strlen(sName)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1410:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("load")+2+strlen(sName)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1410:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("load")+2+strlen(sName)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1420:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("rm")+2+strlen(sName)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1420:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("rm")+2+strlen(sName)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1433:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("rename")+2+strlen(sFrom)+3+strlen(sTo)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1433:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("rename")+2+strlen(sFrom)+3+strlen(sTo)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1433:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("rename")+2+strlen(sFrom)+3+strlen(sTo)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1451:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("play")+2+INTLEN+3;
data/gbemol-0.3.2/src/libmpdclient.c:1459:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("playid")+2+INTLEN+3;
data/gbemol-0.3.2/src/libmpdclient.c:1471:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("pause")+2+INTLEN+3;
data/gbemol-0.3.2/src/libmpdclient.c:1483:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("move")+2+INTLEN+3+INTLEN+3;
data/gbemol-0.3.2/src/libmpdclient.c:1491:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("moveid")+2+INTLEN+3+INTLEN+3;
data/gbemol-0.3.2/src/libmpdclient.c:1499:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("swap")+2+INTLEN+3+INTLEN+3;
data/gbemol-0.3.2/src/libmpdclient.c:1507:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("swapid")+2+INTLEN+3+INTLEN+3;
data/gbemol-0.3.2/src/libmpdclient.c:1515:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("seek")+2+INTLEN+3+INTLEN+3;
data/gbemol-0.3.2/src/libmpdclient.c:1523:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("seekid")+2+INTLEN+3+INTLEN+3;
data/gbemol-0.3.2/src/libmpdclient.c:1532:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("update")+2+strlen(sPath)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1532:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("update")+2+strlen(sPath)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1558:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("repeat")+2+INTLEN+3;
data/gbemol-0.3.2/src/libmpdclient.c:1566:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("random")+2+INTLEN+3;
data/gbemol-0.3.2/src/libmpdclient.c:1574:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("setvol")+2+INTLEN+3;
data/gbemol-0.3.2/src/libmpdclient.c:1582:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("volume")+2+INTLEN+3;
data/gbemol-0.3.2/src/libmpdclient.c:1590:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("crossfade")+2+INTLEN+3;
data/gbemol-0.3.2/src/libmpdclient.c:1599:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("password")+2+strlen(sPass)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1599:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("password")+2+strlen(sPass)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1685:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("enableoutput")+2+INTLEN+3;
data/gbemol-0.3.2/src/libmpdclient.c:1693:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("disableoutput")+2+INTLEN+3;
data/gbemol-0.3.2/src/libmpdclient.c:1806:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 5+strlen(strtype)+1;
data/gbemol-0.3.2/src/libmpdclient.c:1842:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string)+1+strlen(strtype)+2+strlen(arg)+2;
data/gbemol-0.3.2/src/libmpdclient.c:1842:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string)+1+strlen(strtype)+2+strlen(arg)+2;
data/gbemol-0.3.2/src/libmpdclient.c:1842:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string)+1+strlen(strtype)+2+strlen(arg)+2;
data/gbemol-0.3.2/src/libmpdclient.c:1861:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(connection->request)+2;
data/gbemol-0.3.2/src/libmpdclient.c:1881:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("listplaylistinfo")+2+strlen(arg)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1881:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("listplaylistinfo")+2+strlen(arg)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1899:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("listplaylist")+2+strlen(arg)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1899:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("listplaylist")+2+strlen(arg)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1910:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("playlistclear")+2+strlen(sPath)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1910:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("playlistclear")+2+strlen(sPath)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1923:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("playlistadd")+2+strlen(sPlaylist)+3+strlen(sPath)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1923:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("playlistadd")+2+strlen(sPlaylist)+3+strlen(sPath)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1923:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("playlistadd")+2+strlen(sPlaylist)+3+strlen(sPath)+3;
data/gbemol-0.3.2/src/libmpdclient.c:1936:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("playlistmove")+
data/gbemol-0.3.2/src/libmpdclient.c:1937:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
2+strlen(sPlaylist)+3+INTLEN+3+INTLEN+3;
data/gbemol-0.3.2/src/libmpdclient.c:1950:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("playlistdelete")+2+strlen(sPlaylist)+3+INTLEN+3;
data/gbemol-0.3.2/src/libmpdclient.c:1950:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("playlistdelete")+2+strlen(sPlaylist)+3+INTLEN+3;
ANALYSIS SUMMARY:
Hits = 157
Lines analyzed = 11146 in approximately 0.27 seconds (41910 lines/second)
Physical Source Lines of Code (SLOC) = 8227
Hits@level = [0] 60 [1] 79 [2] 62 [3] 13 [4] 2 [5] 1
Hits@level+ = [0+] 217 [1+] 157 [2+] 78 [3+] 16 [4+] 3 [5+] 1
Hits/KSLOC@level+ = [0+] 26.3766 [1+] 19.0835 [2+] 9.48098 [3+] 1.94482 [4+] 0.364653 [5+] 0.121551
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.