Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/glyr-1.0.10/lib/apikeys.h
Examining data/glyr-1.0.10/lib/blacklist.c
Examining data/glyr-1.0.10/lib/blacklist.h
Examining data/glyr-1.0.10/lib/cache.c
Examining data/glyr-1.0.10/lib/cache.h
Examining data/glyr-1.0.10/lib/cache_intern.c
Examining data/glyr-1.0.10/lib/cache_intern.h
Examining data/glyr-1.0.10/lib/config.h
Examining data/glyr-1.0.10/lib/core.c
Examining data/glyr-1.0.10/lib/core.h
Examining data/glyr-1.0.10/lib/glyr.c
Examining data/glyr-1.0.10/lib/glyr.h
Examining data/glyr-1.0.10/lib/intern/ainfo.c
Examining data/glyr-1.0.10/lib/intern/ainfo/bbcmusic.c
Examining data/glyr-1.0.10/lib/intern/ainfo/echonest.c
Examining data/glyr-1.0.10/lib/intern/ainfo/lastfm.c
Examining data/glyr-1.0.10/lib/intern/ainfo/lyricsreg.c
Examining data/glyr-1.0.10/lib/intern/albumlist.c
Examining data/glyr-1.0.10/lib/intern/albumlist/musicbrainz.c
Examining data/glyr-1.0.10/lib/intern/backdrops.c
Examining data/glyr-1.0.10/lib/intern/backdrops/htbackdrops.c
Examining data/glyr-1.0.10/lib/intern/cache/db_provider.c
Examining data/glyr-1.0.10/lib/intern/common/amazon.c
Examining data/glyr-1.0.10/lib/intern/common/amazon.h
Examining data/glyr-1.0.10/lib/intern/common/google.c
Examining data/glyr-1.0.10/lib/intern/common/google.h
Examining data/glyr-1.0.10/lib/intern/common/mbid_lookup.c
Examining data/glyr-1.0.10/lib/intern/common/mbid_lookup.h
Examining data/glyr-1.0.10/lib/intern/common/musicbrainz.c
Examining data/glyr-1.0.10/lib/intern/common/musicbrainz.h
Examining data/glyr-1.0.10/lib/intern/common/picsearch.c
Examining data/glyr-1.0.10/lib/intern/common/picsearch.h
Examining data/glyr-1.0.10/lib/intern/cover.c
Examining data/glyr-1.0.10/lib/intern/cover/albumart.c
Examining data/glyr-1.0.10/lib/intern/cover/amazon.c
Examining data/glyr-1.0.10/lib/intern/cover/coverartarchive.c
Examining data/glyr-1.0.10/lib/intern/cover/coverhunt.c
Examining data/glyr-1.0.10/lib/intern/cover/discogs.c
Examining data/glyr-1.0.10/lib/intern/cover/google.c
Examining data/glyr-1.0.10/lib/intern/cover/jamendo.c
Examining data/glyr-1.0.10/lib/intern/cover/lastfm.c
Examining data/glyr-1.0.10/lib/intern/cover/lyricswiki.c
Examining data/glyr-1.0.10/lib/intern/cover/musicbrainz.c
Examining data/glyr-1.0.10/lib/intern/cover/picsearch.c
Examining data/glyr-1.0.10/lib/intern/cover/rhapsody.c
Examining data/glyr-1.0.10/lib/intern/cover/slothradio.c
Examining data/glyr-1.0.10/lib/intern/generic.c
Examining data/glyr-1.0.10/lib/intern/generic.h
Examining data/glyr-1.0.10/lib/intern/guitartabs.c
Examining data/glyr-1.0.10/lib/intern/guitartabs/chordie_com.c
Examining data/glyr-1.0.10/lib/intern/guitartabs/guitaretab.c
Examining data/glyr-1.0.10/lib/intern/lyrics.c
Examining data/glyr-1.0.10/lib/intern/lyrics/chartlyrics.c
Examining data/glyr-1.0.10/lib/intern/lyrics/elyrics.c
Examining data/glyr-1.0.10/lib/intern/lyrics/lipwalk.c
Examining data/glyr-1.0.10/lib/intern/lyrics/lyrdb.c
Examining data/glyr-1.0.10/lib/intern/lyrics/lyricsreg.c
Examining data/glyr-1.0.10/lib/intern/lyrics/lyricstime.c
Examining data/glyr-1.0.10/lib/intern/lyrics/lyricsvip.c
Examining data/glyr-1.0.10/lib/intern/lyrics/lyricswiki.c
Examining data/glyr-1.0.10/lib/intern/lyrics/lyrix_at.c
Examining data/glyr-1.0.10/lib/intern/lyrics/magistrix.c
Examining data/glyr-1.0.10/lib/intern/lyrics/metallum.c
Examining data/glyr-1.0.10/lib/intern/lyrics/metrolyrics.c
Examining data/glyr-1.0.10/lib/intern/lyrics/vagalume.c
Examining data/glyr-1.0.10/lib/intern/musictree/musictree.c
Examining data/glyr-1.0.10/lib/intern/photos.c
Examining data/glyr-1.0.10/lib/intern/photos/bbcmusic.c
Examining data/glyr-1.0.10/lib/intern/photos/discogs.c
Examining data/glyr-1.0.10/lib/intern/photos/flickr.c
Examining data/glyr-1.0.10/lib/intern/photos/google.c
Examining data/glyr-1.0.10/lib/intern/photos/lastfm.c
Examining data/glyr-1.0.10/lib/intern/photos/picsearch.c
Examining data/glyr-1.0.10/lib/intern/photos/rhapsody.c
Examining data/glyr-1.0.10/lib/intern/photos/singerpictures.c
Examining data/glyr-1.0.10/lib/intern/relations.c
Examining data/glyr-1.0.10/lib/intern/relations/generated.c
Examining data/glyr-1.0.10/lib/intern/relations/musicbrainz.c
Examining data/glyr-1.0.10/lib/intern/review.c
Examining data/glyr-1.0.10/lib/intern/review/amazon.c
Examining data/glyr-1.0.10/lib/intern/review/echonest.c
Examining data/glyr-1.0.10/lib/intern/review/metallum.c
Examining data/glyr-1.0.10/lib/intern/similar_artist.c
Examining data/glyr-1.0.10/lib/intern/similar_artist/lastfm.c
Examining data/glyr-1.0.10/lib/intern/similar_song.c
Examining data/glyr-1.0.10/lib/intern/similar_song/lastfm.c
Examining data/glyr-1.0.10/lib/intern/tags.c
Examining data/glyr-1.0.10/lib/intern/tags/musicbrainz.c
Examining data/glyr-1.0.10/lib/intern/tracklist.c
Examining data/glyr-1.0.10/lib/intern/tracklist/musicbrainz.c
Examining data/glyr-1.0.10/lib/jsmn/jsmn.c
Examining data/glyr-1.0.10/lib/jsmn/jsmn.h
Examining data/glyr-1.0.10/lib/jsmn/jsmn_test.c
Examining data/glyr-1.0.10/lib/misc.c
Examining data/glyr-1.0.10/lib/misc.h
Examining data/glyr-1.0.10/lib/register_plugins.c
Examining data/glyr-1.0.10/lib/register_plugins.h
Examining data/glyr-1.0.10/lib/stringlib.c
Examining data/glyr-1.0.10/lib/stringlib.h
Examining data/glyr-1.0.10/lib/testing.c
Examining data/glyr-1.0.10/lib/testing.h
Examining data/glyr-1.0.10/lib/types.h
Examining data/glyr-1.0.10/spec/capi/check_api.c
Examining data/glyr-1.0.10/spec/capi/check_dbc.c
Examining data/glyr-1.0.10/spec/capi/check_opt.c
Examining data/glyr-1.0.10/spec/capi/test_common.c
Examining data/glyr-1.0.10/spec/capi/test_common.h
Examining data/glyr-1.0.10/src/examples/async_queue.c
Examining data/glyr-1.0.10/src/examples/dbcache.c
Examining data/glyr-1.0.10/src/examples/dbtest.c
Examining data/glyr-1.0.10/src/examples/example.c
Examining data/glyr-1.0.10/src/examples/exit_signal.c
Examining data/glyr-1.0.10/src/examples/getinfo.c
Examining data/glyr-1.0.10/src/examples/musictree.c
Examining data/glyr-1.0.10/src/examples/rating.c
Examining data/glyr-1.0.10/src/examples/simple.c
Examining data/glyr-1.0.10/src/examples/threads.c
Examining data/glyr-1.0.10/src/glyrc/autohelp.c
Examining data/glyr-1.0.10/src/glyrc/autohelp.h
Examining data/glyr-1.0.10/src/glyrc/colorprint.c
Examining data/glyr-1.0.10/src/glyrc/colorprint.h
Examining data/glyr-1.0.10/src/glyrc/escape.c
Examining data/glyr-1.0.10/src/glyrc/escape.h
Examining data/glyr-1.0.10/src/glyrc/glyrc.c
Examining data/glyr-1.0.10/src/glyrc/update.c
Examining data/glyr-1.0.10/src/glyrc/update.h
Examining data/glyr-1.0.10/src/utils/clean_db.c
Examining data/glyr-1.0.10/src/utils/guess_lang.c
Examining data/glyr-1.0.10/src/utils/ping_url.c
FINAL RESULTS:
data/glyr-1.0.10/spec/capi/check_dbc.c:47:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system ("rm -rf /tmp/check/");
data/glyr-1.0.10/spec/capi/check_dbc.c:54:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system ("mkdir -p /tmp/check");
data/glyr-1.0.10/spec/capi/check_dbc.c:70:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system ("rm /tmp/metadata.db");
data/glyr-1.0.10/src/examples/dbtest.c:34:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system ("rm /home/chris/metadata.db");
data/glyr-1.0.10/src/glyrc/glyrc.c:657:31: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int exitVal = system (command);
data/glyr-1.0.10/src/glyrc/update.c:90:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system (UPDATE_SCRIPT) == -1)
data/glyr-1.0.10/src/examples/exit_signal.c:30:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand (time (NULL) );
data/glyr-1.0.10/src/examples/rating.c:47:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand (time (NULL) );
data/glyr-1.0.10/src/glyrc/glyrc.c:432:19: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
if ( (c = getopt_long (argc, argv, "N:f:W:w:p:r:m:x:u:v:q:c::F:hVodDLa:b:t:i:e:s:n:l:z:j:k:8gGyY",long_options, &option_index) ) == -1)
data/glyr-1.0.10/lib/cache.c:930:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cache->md5sum,argv[11],16);
data/glyr-1.0.10/lib/cache.c:936:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cache->data,argv[12],cache->size);
data/glyr-1.0.10/lib/core.c:111:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (& (mem->data[mem->size]), puffer, realsize);
data/glyr-1.0.10/lib/core.c:165:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (result,cache,sizeof (GlyrMemCache) );
data/glyr-1.0.10/lib/core.c:171:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (result->data,cache->data,cache->size);
data/glyr-1.0.10/lib/core.c:176:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (result->md5sum,cache->md5sum,16);
data/glyr-1.0.10/lib/core.c:294:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (nulbuf,ptr,bytes);
data/glyr-1.0.10/lib/glyr.c:1039:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen (path,"w");
data/glyr-1.0.10/lib/intern/cover/jamendo.c:75:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * line_split[3] = {0,0,0};
data/glyr-1.0.10/lib/jsmn/jsmn_test.c:310:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(toklarge, toksmall, sizeof(toksmall));
data/glyr-1.0.10/lib/stringlib.c:904:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (string+n, Tpon, tLen);
data/glyr-1.0.10/lib/types.h:317:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5sum[16];
data/glyr-1.0.10/lib/types.h:435:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * info[10]; /*!< Do not use! - A register where porinters to all dynamic alloc. fields are saved. Do not use. */
data/glyr-1.0.10/spec/capi/check_api.c:149:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char old_sum[16] = {0};
data/glyr-1.0.10/spec/capi/check_api.c:150:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (old_sum,c->md5sum,16);
data/glyr-1.0.10/src/glyrc/escape.c:223:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&retv[off],subsitution,subs_len);
data/glyr-1.0.10/src/glyrc/glyrc.c:463:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
glyr_opt_verbosity (glyrs,atoi (optarg) );
data/glyr-1.0.10/src/glyrc/glyrc.c:466:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
glyr_opt_parallel (glyrs,atoi (optarg) );
data/glyr-1.0.10/src/glyrc/glyrc.c:469:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
glyr_opt_redirects (glyrs,atoi (optarg) );
data/glyr-1.0.10/src/glyrc/glyrc.c:472:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
glyr_opt_timeout (glyrs,atoi (optarg) );
data/glyr-1.0.10/src/glyrc/glyrc.c:478:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
glyr_opt_plugmax (glyrs,atoi (optarg) );
data/glyr-1.0.10/src/glyrc/glyrc.c:496:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
glyr_opt_img_minsize (glyrs,atoi (optarg) );
data/glyr-1.0.10/src/glyrc/glyrc.c:499:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
glyr_opt_img_maxsize (glyrs,atoi (optarg) );
data/glyr-1.0.10/src/glyrc/glyrc.c:502:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
glyr_opt_number (glyrs,atoi (optarg) );
data/glyr-1.0.10/src/glyrc/glyrc.c:540:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
glyr_opt_fuzzyness (glyrs,atoi (optarg) );
data/glyr-1.0.10/src/utils/ping_url.c:46:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (nulbuf,ptr,bytes);
data/glyr-1.0.10/lib/cache.c:249:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int rc = sqlite3_bind_text(stmt,cpPos,text,strlen(text) + 1, SQLITE_STATIC); \
data/glyr-1.0.10/lib/cache.c:415:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sqlite3_prepare_v2 (db->db_handle, sql, strlen (sql) + 1, &stmt, NULL);
data/glyr-1.0.10/lib/cache.c:768:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sqlite3_prepare_v2 (db->db_handle, sql, strlen (sql) + 1, &stmt, NULL);
data/glyr-1.0.10/lib/cache_intern.c:49:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sqlite3_prepare_v2 (db->db_handle, sql, strlen (sql) + 1, &stmt, NULL);
data/glyr-1.0.10/lib/core.c:146:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cache->size = (len >= 0) ? (gsize) len : strlen (data);
data/glyr-1.0.10/lib/core.c:253:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize len = strlen (proxystring);
data/glyr-1.0.10/lib/core.c:299:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize ctt_len = strlen (cttp);
data/glyr-1.0.10/lib/core.c:1056:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize len = strlen (allowed);
data/glyr-1.0.10/lib/core.c:1208:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cache->size = strlen (normalized_utf8);
data/glyr-1.0.10/lib/core.c:1410:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize name_len = strlen (f->name);
data/glyr-1.0.10/lib/core.c:1411:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize len = strlen (q->from);
data/glyr-1.0.10/lib/core.c:1419:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize token_len = strlen (token);
data/glyr-1.0.10/lib/glyr.c:131:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize map_len = strlen (to_map);
data/glyr-1.0.10/lib/glyr.c:1273:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (string != NULL && strlen (string) >= 32 && md5sum)
data/glyr-1.0.10/lib/intern/ainfo.c:39:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
item->size = (item->data) ? strlen (item->data) : 0;
data/glyr-1.0.10/lib/intern/ainfo/bbcmusic.c:41:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = strlen (content);
data/glyr-1.0.10/lib/intern/ainfo/lastfm.c:88:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = strlen (result->data);
data/glyr-1.0.10/lib/intern/albumlist/musicbrainz.c:114:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = (result->data) ? strlen (result->data) : 0;
data/glyr-1.0.10/lib/intern/backdrops/htbackdrops.c:86:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = strlen (result->data);
data/glyr-1.0.10/lib/intern/common/google.c:92:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start += strlen (name);
data/glyr-1.0.10/lib/intern/common/google.c:98:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (numbuf,start,span);
data/glyr-1.0.10/lib/intern/common/google.c:134:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
find += strlen (FIRST_RESULT);
data/glyr-1.0.10/lib/intern/common/mbid_lookup.c:29:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t keylen = strlen (key);
data/glyr-1.0.10/lib/intern/common/musicbrainz.c:109:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize clen = strlen (checkstring);
data/glyr-1.0.10/lib/intern/common/picsearch.c:63:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = strlen (img_url);
data/glyr-1.0.10/lib/intern/cover/albumart.c:80:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = strlen (result->data);
data/glyr-1.0.10/lib/intern/cover/amazon.c:83:92: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (continue_search (g_list_length (result_list),capo->s) && (find = strstr (find + strlen (tag_ssize), tag_ssize) ) != NULL)
data/glyr-1.0.10/lib/intern/cover/coverartarchive.c:51:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
item->size = strlen (url);
data/glyr-1.0.10/lib/intern/cover/coverhunt.c:43:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gchar * buf = copy_value (begin+strlen (hw),end);
data/glyr-1.0.10/lib/intern/cover/coverhunt.c:82:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gchar * go_url = copy_value (table_start + strlen (NODE_BEGIN),table_end);
data/glyr-1.0.10/lib/intern/cover/discogs.c:97:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rc->size = strlen (rc_url);
data/glyr-1.0.10/lib/intern/cover/jamendo.c:83:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = strlen (url);
data/glyr-1.0.10/lib/intern/cover/lastfm.c:77:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = strlen (url);
data/glyr-1.0.10/lib/intern/cover/lyricswiki.c:39:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize length = strlen (filename);
data/glyr-1.0.10/lib/intern/cover/lyricswiki.c:49:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize format_pos = length - strlen (token);
data/glyr-1.0.10/lib/intern/cover/lyricswiki.c:108:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = strlen (url);
data/glyr-1.0.10/lib/intern/cover/musicbrainz.c:57:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retv->size = strlen (img_url);
data/glyr-1.0.10/lib/intern/cover/rhapsody.c:112:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = strlen (url);
data/glyr-1.0.10/lib/intern/cover/rhapsody.c:133:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = strlen (result->data);
data/glyr-1.0.10/lib/intern/cover/slothradio.c:114:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = strlen (url);
data/glyr-1.0.10/lib/intern/guitartabs.c:38:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
item->size = (item->data) ? strlen (item->data) : 0;
data/glyr-1.0.10/lib/intern/guitartabs/chordie_com.c:76:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = strlen (content);
data/glyr-1.0.10/lib/intern/guitartabs/guitaretab.c:46:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = strlen (content);
data/glyr-1.0.10/lib/intern/lyrics.c:38:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
item->size = (item->data) ? strlen (item->data) : 0;
data/glyr-1.0.10/lib/intern/lyrics/chartlyrics.c:49:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = strlen (text);
data/glyr-1.0.10/lib/intern/lyrics/lipwalk.c:62:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result_cache->size = strlen (content);
data/glyr-1.0.10/lib/intern/lyrics/lyricsreg.c:48:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp->size = tmp->data ? strlen (tmp->data) : 0;
data/glyr-1.0.10/lib/intern/lyrics/lyricstime.c:55:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = (result->data) ? strlen (result->data) : 0;
data/glyr-1.0.10/lib/intern/lyrics/lyricsvip.c:73:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = strlen (content);
data/glyr-1.0.10/lib/intern/lyrics/lyricswiki.c:112:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = strlen (result->data);
data/glyr-1.0.10/lib/intern/lyrics/lyrix_at.c:57:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = strlen (result->data);
data/glyr-1.0.10/lib/intern/lyrics/lyrix_at.c:95:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gchar * url_part = copy_value (url_tag+strlen (URL_TAG_BEGIN),title_tag);
data/glyr-1.0.10/lib/intern/lyrics/magistrix.c:43:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = strlen (data);
data/glyr-1.0.10/lib/intern/lyrics/metallum.c:52:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id_start += strlen (ID_START);
data/glyr-1.0.10/lib/intern/lyrics/metrolyrics.c:78:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = strlen (result->data);
data/glyr-1.0.10/lib/intern/musictree/musictree.c:125:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize len = strlen (song_dir_path);
data/glyr-1.0.10/lib/intern/photos/bbcmusic.c:43:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = strlen (content);
data/glyr-1.0.10/lib/intern/photos/discogs.c:71:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t rc_size = strlen (url);
data/glyr-1.0.10/lib/intern/photos/discogs.c:89:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rc->size = strlen (url);
data/glyr-1.0.10/lib/intern/photos/flickr.c:72:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cache->size = strlen (cache->data);
data/glyr-1.0.10/lib/intern/photos/lastfm.c:87:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gchar * begin = root + strlen (SIZE_FO);
data/glyr-1.0.10/lib/intern/photos/lastfm.c:98:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cache->size = strlen (urlb);
data/glyr-1.0.10/lib/intern/photos/rhapsody.c:111:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = strlen (url);
data/glyr-1.0.10/lib/intern/photos/singerpictures.c:118:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
item->size = strlen (item->data);
data/glyr-1.0.10/lib/intern/relations/generated.c:52:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = strlen (result_url);
data/glyr-1.0.10/lib/intern/relations/musicbrainz.c:56:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp->size = strlen (tmp->data);
data/glyr-1.0.10/lib/intern/review.c:39:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
item->size = (item->data) ? strlen (item->data) : 0;
data/glyr-1.0.10/lib/intern/review/amazon.c:48:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = result->data ? strlen (result->data) : 0;
data/glyr-1.0.10/lib/intern/review/echonest.c:56:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(summary) >= 125) {
data/glyr-1.0.10/lib/intern/review/echonest.c:59:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = strlen(result->data);
data/glyr-1.0.10/lib/intern/review/metallum.c:55:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
item->size = strlen (item->data);
data/glyr-1.0.10/lib/intern/review/metallum.c:74:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize nodelen = strlen (NODE_START);
data/glyr-1.0.10/lib/intern/similar_artist/lastfm.c:67:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = strlen (composed);
data/glyr-1.0.10/lib/intern/similar_song/lastfm.c:57:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->size = strlen (result->data);
data/glyr-1.0.10/lib/intern/tags/musicbrainz.c:66:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (value) > 0)
data/glyr-1.0.10/lib/intern/tracklist/musicbrainz.c:59:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cont->size = strlen (cont->data);
data/glyr-1.0.10/lib/jsmn/jsmn_test.c:37:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(s) == (t).end - (t).start)
data/glyr-1.0.10/lib/stringlib.c:174:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize result_len = strlen (result_string);
data/glyr-1.0.10/lib/stringlib.c:251:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize str_len = strlen (normalized_string);
data/glyr-1.0.10/lib/stringlib.c:252:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize oth_len = strlen (normalized_other);
data/glyr-1.0.10/lib/stringlib.c:482:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t i = 0, len = strlen (data);
data/glyr-1.0.10/lib/stringlib.c:816:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize sR_len = strlen (string), sR_i = 0;
data/glyr-1.0.10/lib/stringlib.c:835:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (cmp_buf, string + aPos + 1 ,diff-1);
data/glyr-1.0.10/lib/stringlib.c:856:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize trans_len = strlen (html_to_unicode_table[iter][1]);
data/glyr-1.0.10/lib/stringlib.c:857:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (sResult + sR_i, html_to_unicode_table[iter][1], trans_len);
data/glyr-1.0.10/lib/stringlib.c:890:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize Len = (length < 0) ? strlen (string) : (size_t) length;
data/glyr-1.0.10/lib/stringlib.c:922:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize str_len = strlen (string), buf_pos = 0;
data/glyr-1.0.10/lib/stringlib.c:962:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize Len = strlen (unicode);
data/glyr-1.0.10/lib/stringlib.c:1082:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buffer,begin,length);
data/glyr-1.0.10/lib/stringlib.c:1096:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize len = strlen (string);
data/glyr-1.0.10/lib/stringlib.c:1145:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
begin += strlen (name);
data/glyr-1.0.10/lib/testing.c:34:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize name_len = strlen (provider_name);
data/glyr-1.0.10/spec/capi/check_api.c:147:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c->size = strlen ("Hello?");
data/glyr-1.0.10/src/glyrc/escape.c:205:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t path_len = strlen (path);
data/glyr-1.0.10/src/glyrc/escape.c:222:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t subs_len = strlen (subsitution);
data/glyr-1.0.10/src/glyrc/escape.c:229:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (retv+off,&path[i],escape_len + 2);
data/glyr-1.0.10/src/glyrc/glyrc.c:442:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize opt_len = strlen (optarg);
data/glyr-1.0.10/src/glyrc/glyrc.c:619:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize write_len = strlen (CBQueryData->output_path);
data/glyr-1.0.10/src/glyrc/glyrc.c:699:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (g_ascii_strncasecmp (elem->name,string,strlen (elem->name) ) == 0)
data/glyr-1.0.10/src/utils/guess_lang.c:62:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize map_len = strlen (to_map);
data/glyr-1.0.10/src/utils/ping_url.c:51:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize ctt_len = strlen (cttp);
data/glyr-1.0.10/src/utils/ping_url.c:110:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize len = strlen (string);
ANALYSIS SUMMARY:
Hits = 137
Lines analyzed = 21380 in approximately 0.61 seconds (35329 lines/second)
Physical Source Lines of Code (SLOC) = 13092
Hits@level = [0] 15 [1] 102 [2] 26 [3] 3 [4] 6 [5] 0
Hits@level+ = [0+] 152 [1+] 137 [2+] 35 [3+] 9 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 11.6101 [1+] 10.4644 [2+] 2.67339 [3+] 0.687443 [4+] 0.458295 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.