Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/glabels-3.4.1/libglabels/lgl-xml-vendor.c
Examining data/glabels-3.4.1/libglabels/lgl-paper.h
Examining data/glabels-3.4.1/libglabels/lgl-template.h
Examining data/glabels-3.4.1/libglabels/libglabels.h
Examining data/glabels-3.4.1/libglabels/lgl-units.c
Examining data/glabels-3.4.1/libglabels/lgl-str.c
Examining data/glabels-3.4.1/libglabels/lgl-db.h
Examining data/glabels-3.4.1/libglabels/lgl-vendor.c
Examining data/glabels-3.4.1/libglabels/lgl-db.c
Examining data/glabels-3.4.1/libglabels/lgl-xml.h
Examining data/glabels-3.4.1/libglabels/lgl-paper.c
Examining data/glabels-3.4.1/libglabels/lgl-xml-paper.c
Examining data/glabels-3.4.1/libglabels/libglabels-private.h
Examining data/glabels-3.4.1/libglabels/lgl-xml-template.h
Examining data/glabels-3.4.1/libglabels/lgl-category.c
Examining data/glabels-3.4.1/libglabels/lgl-category.h
Examining data/glabels-3.4.1/libglabels/lgl-str.h
Examining data/glabels-3.4.1/libglabels/lgl-xml.c
Examining data/glabels-3.4.1/libglabels/lgl-xml-paper.h
Examining data/glabels-3.4.1/libglabels/lgl-template.c
Examining data/glabels-3.4.1/libglabels/lgl-xml-category.c
Examining data/glabels-3.4.1/libglabels/lgl-xml-category.h
Examining data/glabels-3.4.1/libglabels/lgl-units.h
Examining data/glabels-3.4.1/libglabels/lgl-vendor.h
Examining data/glabels-3.4.1/libglabels/lgl-xml-template.c
Examining data/glabels-3.4.1/libglabels/lgl-xml-vendor.h
Examining data/glabels-3.4.1/libglbarcode/lgl-barcode-render-to-cairo.h
Examining data/glabels-3.4.1/libglbarcode/lgl-barcode-onecode.c
Examining data/glabels-3.4.1/libglbarcode/lgl-barcode-postnet.h
Examining data/glabels-3.4.1/libglbarcode/libglbarcode.h
Examining data/glabels-3.4.1/libglbarcode/lgl-barcode-postnet.c
Examining data/glabels-3.4.1/libglbarcode/lgl-barcode-render-to-cairo.c
Examining data/glabels-3.4.1/libglbarcode/lgl-barcode.c
Examining data/glabels-3.4.1/libglbarcode/lgl-barcode-onecode.h
Examining data/glabels-3.4.1/libglbarcode/lgl-barcode-code39.h
Examining data/glabels-3.4.1/libglbarcode/lgl-barcode-type.h
Examining data/glabels-3.4.1/libglbarcode/lgl-barcode-create.c
Examining data/glabels-3.4.1/libglbarcode/lgl-barcode-create.h
Examining data/glabels-3.4.1/libglbarcode/lgl-barcode.h
Examining data/glabels-3.4.1/libglbarcode/lgl-barcode-code39.c
Examining data/glabels-3.4.1/src/file-util.h
Examining data/glabels-3.4.1/src/merge-init.h
Examining data/glabels-3.4.1/src/mini-preview.h
Examining data/glabels-3.4.1/src/units-util.h
Examining data/glabels-3.4.1/src/label.h
Examining data/glabels-3.4.1/src/object-editor-image-page.c
Examining data/glabels-3.4.1/src/mini-preview-pixbuf.h
Examining data/glabels-3.4.1/src/cairo-markup-path.h
Examining data/glabels-3.4.1/src/cairo-label-path.h
Examining data/glabels-3.4.1/src/glabels-batch.c
Examining data/glabels-3.4.1/src/pixbuf-util.c
Examining data/glabels-3.4.1/src/recent.h
Examining data/glabels-3.4.1/src/view-barcode.c
Examining data/glabels-3.4.1/src/units-util.c
Examining data/glabels-3.4.1/src/bc-backends.h
Examining data/glabels-3.4.1/src/object-editor.h
Examining data/glabels-3.4.1/src/critical-error-handler.c
Examining data/glabels-3.4.1/src/view-ellipse.h
Examining data/glabels-3.4.1/src/text-node.c
Examining data/glabels-3.4.1/src/pixbuf-util.h
Examining data/glabels-3.4.1/src/window.h
Examining data/glabels-3.4.1/src/ui-property-bar.c
Examining data/glabels-3.4.1/src/view-image.h
Examining data/glabels-3.4.1/src/message-bar.c
Examining data/glabels-3.4.1/src/bc-backends.c
Examining data/glabels-3.4.1/src/debug.h
Examining data/glabels-3.4.1/src/font-history.c
Examining data/glabels-3.4.1/src/prefs-dialog.h
Examining data/glabels-3.4.1/src/view-barcode.h
Examining data/glabels-3.4.1/src/label-properties-dialog.h
Examining data/glabels-3.4.1/src/str-util.h
Examining data/glabels-3.4.1/src/object-editor-private.h
Examining data/glabels-3.4.1/src/file.c
Examining data/glabels-3.4.1/src/label-barcode.h
Examining data/glabels-3.4.1/src/template-history.c
Examining data/glabels-3.4.1/src/xml-label.c
Examining data/glabels-3.4.1/src/color.c
Examining data/glabels-3.4.1/src/font-combo-menu-item.c
Examining data/glabels-3.4.1/src/field-button.h
Examining data/glabels-3.4.1/src/combo-util.c
Examining data/glabels-3.4.1/src/label-ellipse.c
Examining data/glabels-3.4.1/src/label.c
Examining data/glabels-3.4.1/src/merge.h
Examining data/glabels-3.4.1/src/object-editor-shadow-page.c
Examining data/glabels-3.4.1/src/bc-gnubarcode.c
Examining data/glabels-3.4.1/src/bc-zint.h
Examining data/glabels-3.4.1/src/print.c
Examining data/glabels-3.4.1/src/template-designer.c
Examining data/glabels-3.4.1/src/bc-iec18004.c
Examining data/glabels-3.4.1/src/label-image.c
Examining data/glabels-3.4.1/src/mini-preview.c
Examining data/glabels-3.4.1/src/str-util.c
Examining data/glabels-3.4.1/src/cairo-ellipse-path.c
Examining data/glabels-3.4.1/src/prefs.c
Examining data/glabels-3.4.1/src/prefs.h
Examining data/glabels-3.4.1/src/print-op.c
Examining data/glabels-3.4.1/src/object-editor-text-page.c
Examining data/glabels-3.4.1/src/merge-init.c
Examining data/glabels-3.4.1/src/bc-builtin.h
Examining data/glabels-3.4.1/src/object-editor-bc-page.c
Examining data/glabels-3.4.1/src/cairo-markup-path.c
Examining data/glabels-3.4.1/src/media-select.h
Examining data/glabels-3.4.1/src/view-box.h
Examining data/glabels-3.4.1/src/text-node.h
Examining data/glabels-3.4.1/src/object-editor-lsize-page.c
Examining data/glabels-3.4.1/src/label-box.h
Examining data/glabels-3.4.1/src/color-combo-menu.c
Examining data/glabels-3.4.1/src/object-editor.c
Examining data/glabels-3.4.1/src/xml-label.h
Examining data/glabels-3.4.1/src/svg-cache.h
Examining data/glabels-3.4.1/src/print-op.h
Examining data/glabels-3.4.1/src/view-ellipse.c
Examining data/glabels-3.4.1/src/glabels.c
Examining data/glabels-3.4.1/src/field-button.c
Examining data/glabels-3.4.1/src/ui-sidebar.h
Examining data/glabels-3.4.1/src/wdgt-chain-button.c
Examining data/glabels-3.4.1/src/view.h
Examining data/glabels-3.4.1/src/font-util.h
Examining data/glabels-3.4.1/src/merge-text.c
Examining data/glabels-3.4.1/src/view-image.c
Examining data/glabels-3.4.1/src/combo-util.h
Examining data/glabels-3.4.1/src/view-line.h
Examining data/glabels-3.4.1/src/font-util.c
Examining data/glabels-3.4.1/src/view.c
Examining data/glabels-3.4.1/src/print-op-dialog.c
Examining data/glabels-3.4.1/src/font-combo.c
Examining data/glabels-3.4.1/src/color-swatch.c
Examining data/glabels-3.4.1/src/template-designer.h
Examining data/glabels-3.4.1/src/ui.c
Examining data/glabels-3.4.1/src/object-editor-line-page.c
Examining data/glabels-3.4.1/src/object-editor-fill-page.c
Examining data/glabels-3.4.1/src/view-line.c
Examining data/glabels-3.4.1/src/object-editor-size-page.c
Examining data/glabels-3.4.1/src/color-combo-menu.h
Examining data/glabels-3.4.1/src/mini-preview-pixbuf.c
Examining data/glabels-3.4.1/src/merge-evolution.c
Examining data/glabels-3.4.1/src/merge-properties-dialog.c
Examining data/glabels-3.4.1/src/color.h
Examining data/glabels-3.4.1/src/ui-property-bar.h
Examining data/glabels-3.4.1/src/warning-handler.c
Examining data/glabels-3.4.1/src/color-combo.h
Examining data/glabels-3.4.1/src/marshal.h
Examining data/glabels-3.4.1/src/view-text.c
Examining data/glabels-3.4.1/src/ui-util.c
Examining data/glabels-3.4.1/src/warning-handler.h
Examining data/glabels-3.4.1/src/ui.h
Examining data/glabels-3.4.1/src/color-combo-button.h
Examining data/glabels-3.4.1/src/field-button-menu.h
Examining data/glabels-3.4.1/src/critical-error-handler.h
Examining data/glabels-3.4.1/src/label-line.c
Examining data/glabels-3.4.1/src/color-history-model.c
Examining data/glabels-3.4.1/src/wdgt-chain-button.h
Examining data/glabels-3.4.1/src/label-text.h
Examining data/glabels-3.4.1/src/mini-label-preview.c
Examining data/glabels-3.4.1/src/marshal.c
Examining data/glabels-3.4.1/src/label-barcode.c
Examining data/glabels-3.4.1/src/color-combo-color-menu-item.c
Examining data/glabels-3.4.1/src/merge-text.h
Examining data/glabels-3.4.1/src/label-properties-dialog.c
Examining data/glabels-3.4.1/src/view-text.h
Examining data/glabels-3.4.1/src/pixbuf-cache.h
Examining data/glabels-3.4.1/src/template-history-model.h
Examining data/glabels-3.4.1/src/window.c
Examining data/glabels-3.4.1/src/font-combo-menu.h
Examining data/glabels-3.4.1/src/builder-util.h
Examining data/glabels-3.4.1/src/ui-sidebar.c
Examining data/glabels-3.4.1/src/font-combo.h
Examining data/glabels-3.4.1/src/label-ellipse.h
Examining data/glabels-3.4.1/src/font-history-model.h
Examining data/glabels-3.4.1/src/view-box.c
Examining data/glabels-3.4.1/src/merge-vcard.h
Examining data/glabels-3.4.1/src/merge-properties-dialog.h
Examining data/glabels-3.4.1/src/label-line.h
Examining data/glabels-3.4.1/src/bc-iec16022.h
Examining data/glabels-3.4.1/src/cursors/cursor_pixdata.h
Examining data/glabels-3.4.1/src/ui-commands.h
Examining data/glabels-3.4.1/src/merge-vcard.c
Examining data/glabels-3.4.1/src/label-box.c
Examining data/glabels-3.4.1/src/font-combo-menu-item.h
Examining data/glabels-3.4.1/src/mini-label-preview.h
Examining data/glabels-3.4.1/src/media-select.c
Examining data/glabels-3.4.1/src/builder-util.c
Examining data/glabels-3.4.1/src/file.h
Examining data/glabels-3.4.1/src/font-sample.h
Examining data/glabels-3.4.1/src/new-label-dialog.h
Examining data/glabels-3.4.1/src/object-editor-position-page.c
Examining data/glabels-3.4.1/src/ui-commands.c
Examining data/glabels-3.4.1/src/cairo-label-path.c
Examining data/glabels-3.4.1/src/ui-util.h
Examining data/glabels-3.4.1/src/bc-gnubarcode.h
Examining data/glabels-3.4.1/src/new-label-dialog.c
Examining data/glabels-3.4.1/src/bc-zint.c
Examining data/glabels-3.4.1/src/template-history-model.c
Examining data/glabels-3.4.1/src/pixbuf-cache.c
Examining data/glabels-3.4.1/src/recent.c
Examining data/glabels-3.4.1/src/color-combo.c
Examining data/glabels-3.4.1/src/color-combo-button.c
Examining data/glabels-3.4.1/src/prefs-dialog.c
Examining data/glabels-3.4.1/src/xml-label-04.h
Examining data/glabels-3.4.1/src/cairo-ellipse-path.h
Examining data/glabels-3.4.1/src/bc-iec16022.c
Examining data/glabels-3.4.1/src/print.h
Examining data/glabels-3.4.1/src/mini-preview-pixbuf-cache.c
Examining data/glabels-3.4.1/src/field-button-menu.c
Examining data/glabels-3.4.1/src/prefs-model.c
Examining data/glabels-3.4.1/src/font-combo-menu.c
Examining data/glabels-3.4.1/src/svg-cache.c
Examining data/glabels-3.4.1/src/merge-evolution.h
Examining data/glabels-3.4.1/src/label-object.h
Examining data/glabels-3.4.1/src/mini-preview-pixbuf-cache.h
Examining data/glabels-3.4.1/src/merge.c
Examining data/glabels-3.4.1/src/object-editor-edit-page.c
Examining data/glabels-3.4.1/src/label-text.c
Examining data/glabels-3.4.1/src/color-swatch.h
Examining data/glabels-3.4.1/src/print-op-dialog.h
Examining data/glabels-3.4.1/src/message-bar.h
Examining data/glabels-3.4.1/src/file-util.c
Examining data/glabels-3.4.1/src/debug.c
Examining data/glabels-3.4.1/src/font-sample.c
Examining data/glabels-3.4.1/src/xml-label-04.c
Examining data/glabels-3.4.1/src/bc-builtin.c
Examining data/glabels-3.4.1/src/label-image.h
Examining data/glabels-3.4.1/src/color-combo-color-menu-item.h
Examining data/glabels-3.4.1/src/label-object.c
Examining data/glabels-3.4.1/src/color-history-model.h
Examining data/glabels-3.4.1/src/object-editor-data-page.c
Examining data/glabels-3.4.1/src/bc-iec18004.h
Examining data/glabels-3.4.1/src/font-history-model.c
Examining data/glabels-3.4.1/src/prefs-model.h
Examining data/glabels-3.4.1/src/font-history.h
Examining data/glabels-3.4.1/src/template-history.h
FINAL RESULTS:
data/glabels-3.4.1/libglabels/lgl-db.c:47:49: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
#define ALT_USER_CONFIG_DIR g_build_filename (g_get_home_dir (), ".glabels", NULL)
data/glabels-3.4.1/libglabels/lgl-units.c:167:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
return gettext ((char *)unit_table[units].name);
data/glabels-3.4.1/libglabels/lgl-units.c:172:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
return gettext ((char *)unit_table[LGL_UNITS_POINT].name);
data/glabels-3.4.1/libglabels/lgl-units.c:194:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (g_ascii_strcasecmp (name, gettext ((char *)unit_table[units].name) ) == 0)
data/glabels-3.4.1/src/merge-evolution.c:551:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_iter->data, src_iter->data, sizeof(EContactField));
data/glabels-3.4.1/src/merge-text.c:501:53: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((merge_text->priv->fp = fopen (src, "r")) != NULL) {
data/glabels-3.4.1/src/merge-vcard.c:233:41: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
merge_vcard->priv->fp = fopen (src, "r");
data/glabels-3.4.1/src/merge-vcard.c:402:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512];
data/glabels-3.4.1/src/merge.c:559:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( GL_MERGE_GET_CLASS(merge)->open != NULL ) {
data/glabels-3.4.1/src/merge.c:561:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GL_MERGE_GET_CLASS(merge)->open (merge);
data/glabels-3.4.1/src/merge.h:71:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void (*open) (glMerge *merge);
data/glabels-3.4.1/libglabels/lgl-str.c:197:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gchar *chunk = g_new0 (gchar, strlen (*p) + 1);
data/glabels-3.4.1/libglabels/lgl-str.c:212:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gchar *chunk = g_new0 (gchar, strlen (*p) + 1);
data/glabels-3.4.1/libglbarcode/lgl-barcode-code39.c:355:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_chars = strlen (data);
data/glabels-3.4.1/libglbarcode/lgl-barcode-code39.c:436:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEXT_SIZE, string_plus_stars, strlen (string_plus_stars));
data/glabels-3.4.1/libglbarcode/lgl-barcode-onecode.c:376:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_length = strlen (data);
data/glabels-3.4.1/src/bc-iec16022.c:76:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (digits), (unsigned char *)digits,
data/glabels-3.4.1/src/field-button-menu.c:203:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( p->data && strlen (p->data) )
data/glabels-3.4.1/src/label.c:2680:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(guchar *)data->xml_buffer, strlen (data->xml_buffer));
data/glabels-3.4.1/src/media-select.c:499:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( brand && strlen(brand) &&
data/glabels-3.4.1/src/media-select.c:500:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
page_size_name && strlen(page_size_name) &&
data/glabels-3.4.1/src/media-select.c:501:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
category_name && strlen(category_name) )
data/glabels-3.4.1/src/media-select.c:719:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( brand && strlen(brand) &&
data/glabels-3.4.1/src/media-select.c:720:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
page_size_name && strlen(page_size_name) &&
data/glabels-3.4.1/src/media-select.c:721:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
category_name && strlen(category_name) )
data/glabels-3.4.1/src/merge-text.c:353:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(fp);
data/glabels-3.4.1/src/merge-text.c:356:23: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch2 = getc(fp);
data/glabels-3.4.1/src/merge-text.c:359:31: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch3 = getc(fp);
data/glabels-3.4.1/src/merge-text.c:360:31: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch4 = getc(fp);
data/glabels-3.4.1/src/merge-text.c:374:23: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch2 = getc(fp);
data/glabels-3.4.1/src/merge-text.c:383:23: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch2 = getc(fp);
data/glabels-3.4.1/src/merge-text.c:384:23: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch3 = getc(fp);
data/glabels-3.4.1/src/merge-text.c:385:23: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch4 = getc(fp);
data/glabels-3.4.1/src/merge-text.c:395:23: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch2 = getc(fp);
data/glabels-3.4.1/src/merge-text.c:397:31: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch3 = getc(fp);
data/glabels-3.4.1/src/merge-text.c:430:24: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return getc(merge_text->priv->fp);
data/glabels-3.4.1/src/merge-vcard.c:266:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (g_strchomp (copy));
data/glabels-3.4.1/src/merge-vcard.c:417:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (g_ascii_strncasecmp(line, "END:VCARD", strlen("END:VCARD")) == 0)
data/glabels-3.4.1/src/merge-vcard.c:424:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (g_ascii_strncasecmp(line, "BEGIN:VCARD", strlen("BEGIN:VCARD")) == 0)
data/glabels-3.4.1/src/merge-vcard.c:435:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cursize += strlen(line);
data/glabels-3.4.1/src/merge-vcard.c:443:17: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(vcard, line, size);
data/glabels-3.4.1/src/object-editor-data-page.c:182:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (text_node->data),
data/glabels-3.4.1/src/svg-cache.c:132:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
record->svg_handle = rsvg_handle_new_from_data ((guchar *)contents, strlen(contents), NULL);
data/glabels-3.4.1/src/template-designer.c:1585:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (page_size_name && strlen(page_size_name)) {
data/glabels-3.4.1/src/text-node.c:116:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (text, "${", strlen ("${")) == 0) {
data/glabels-3.4.1/src/text-node.c:119:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*n = strlen ("${");
data/glabels-3.4.1/src/text-node.c:132:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (p, "${", strlen ("${")) == 0)
data/glabels-3.4.1/src/ui.c:790:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!gtk_ui_manager_add_ui_from_string (ui, ui_info, strlen (ui_info), &error)) {
data/glabels-3.4.1/src/xml-label.c:1820:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cdata_section_node = xmlNewCDataBlock (doc, (xmlChar *)svg_data, strlen (svg_data));
ANALYSIS SUMMARY:
Hits = 49
Lines analyzed = 71298 in approximately 1.67 seconds (42765 lines/second)
Physical Source Lines of Code (SLOC) = 41310
Hits@level = [0] 5 [1] 38 [2] 10 [3] 1 [4] 0 [5] 0
Hits@level+ = [0+] 54 [1+] 49 [2+] 11 [3+] 1 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.30719 [1+] 1.18615 [2+] 0.266279 [3+] 0.0242072 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.