Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/gogglesmm-0.12.7/src/GMTrackList.cpp Examining data/gogglesmm-0.12.7/src/GMThread.h Examining data/gogglesmm-0.12.7/src/GMPlayer.h Examining data/gogglesmm-0.12.7/src/ap_xml_parser.cpp Examining data/gogglesmm-0.12.7/src/GMPlayListSource.h Examining data/gogglesmm-0.12.7/src/GMImageView.h Examining data/gogglesmm-0.12.7/src/gmutils.cpp Examining data/gogglesmm-0.12.7/src/GMQuery.h Examining data/gogglesmm-0.12.7/src/GMFetch.h Examining data/gogglesmm-0.12.7/src/GMClipboard.cpp Examining data/gogglesmm-0.12.7/src/GMAudioScrobbler.h Examining data/gogglesmm-0.12.7/src/GMDatabaseSource.cpp Examining data/gogglesmm-0.12.7/src/main.cpp Examining data/gogglesmm-0.12.7/src/GMPreferencesDialog.h Examining data/gogglesmm-0.12.7/src/GMRemote.h Examining data/gogglesmm-0.12.7/src/GMPlayerManager.cpp Examining data/gogglesmm-0.12.7/src/GMImportDialog.h Examining data/gogglesmm-0.12.7/src/GMTrayIcon.h Examining data/gogglesmm-0.12.7/src/GMIconTheme.h Examining data/gogglesmm-0.12.7/src/GMMediaPlayerService.cpp Examining data/gogglesmm-0.12.7/src/GMRemote.cpp Examining data/gogglesmm-0.12.7/src/GMFilename.cpp Examining data/gogglesmm-0.12.7/src/GMAutoPtr.h Examining data/gogglesmm-0.12.7/src/GMApp.h Examining data/gogglesmm-0.12.7/src/ap_http.cpp Examining data/gogglesmm-0.12.7/src/GMList.h Examining data/gogglesmm-0.12.7/src/GMDatabase.cpp Examining data/gogglesmm-0.12.7/src/gmutils.h Examining data/gogglesmm-0.12.7/src/GMStreamSource.cpp Examining data/gogglesmm-0.12.7/src/GMSource.h Examining data/gogglesmm-0.12.7/src/GMFontDialog.h Examining data/gogglesmm-0.12.7/src/GMSourceView.h Examining data/gogglesmm-0.12.7/src/GMQuery.cpp Examining data/gogglesmm-0.12.7/src/GMURL.cpp Examining data/gogglesmm-0.12.7/src/GMDatabaseSource.h Examining data/gogglesmm-0.12.7/src/GMNotifyDaemon.cpp Examining data/gogglesmm-0.12.7/src/GMTaskManager.cpp Examining data/gogglesmm-0.12.7/src/GMDBus.cpp Examining data/gogglesmm-0.12.7/src/GMPreferences.h Examining data/gogglesmm-0.12.7/src/GMPreferencesDialog.cpp Examining data/gogglesmm-0.12.7/src/GMTaskManager.h Examining data/gogglesmm-0.12.7/src/GMColumnDialog.cpp Examining data/gogglesmm-0.12.7/src/GMTrackItem.cpp Examining data/gogglesmm-0.12.7/src/fxext.cpp Examining data/gogglesmm-0.12.7/src/GMCoverCache.cpp Examining data/gogglesmm-0.12.7/src/GMAnimImage.cpp Examining data/gogglesmm-0.12.7/src/gmdefs.h Examining data/gogglesmm-0.12.7/src/ap_buffer.cpp Examining data/gogglesmm-0.12.7/src/GMSettingsDaemon.cpp Examining data/gogglesmm-0.12.7/src/GMSearch.h Examining data/gogglesmm-0.12.7/src/GMTrackView.cpp Examining data/gogglesmm-0.12.7/src/GMURL.h Examining data/gogglesmm-0.12.7/src/GMDatabase.h Examining data/gogglesmm-0.12.7/src/GMTrayIcon.cpp Examining data/gogglesmm-0.12.7/src/GMEQDialog.h Examining data/gogglesmm-0.12.7/src/GMMessageChannel.h Examining data/gogglesmm-0.12.7/src/GMTrackDatabase.cpp Examining data/gogglesmm-0.12.7/src/GMTrackList.h Examining data/gogglesmm-0.12.7/src/GMTrackDatabase.h Examining data/gogglesmm-0.12.7/src/GMFilename.h Examining data/gogglesmm-0.12.7/src/ap_buffer.h Examining data/gogglesmm-0.12.7/src/ap_xml_parser.h Examining data/gogglesmm-0.12.7/src/GMAbout.cpp Examining data/gogglesmm-0.12.7/src/GMList.cpp Examining data/gogglesmm-0.12.7/src/GMTag.h Examining data/gogglesmm-0.12.7/src/GMThread.cpp Examining data/gogglesmm-0.12.7/src/GMApp.cpp Examining data/gogglesmm-0.12.7/src/GMSourceView.cpp Examining data/gogglesmm-0.12.7/src/GMImageView.cpp Examining data/gogglesmm-0.12.7/src/GMColumnDialog.h Examining data/gogglesmm-0.12.7/src/md5.cpp Examining data/gogglesmm-0.12.7/src/GMNotifyDaemon.h Examining data/gogglesmm-0.12.7/src/GMMediaPlayerService.h Examining data/gogglesmm-0.12.7/src/GMPlayer.cpp Examining data/gogglesmm-0.12.7/src/GMPreferences.cpp Examining data/gogglesmm-0.12.7/src/GMPlayListSource.cpp Examining data/gogglesmm-0.12.7/src/GMStreamSource.h Examining data/gogglesmm-0.12.7/src/GMWindow.cpp Examining data/gogglesmm-0.12.7/src/fxext.h Examining data/gogglesmm-0.12.7/src/GMPlayerManager.h Examining data/gogglesmm-0.12.7/src/GMImportDialog.cpp Examining data/gogglesmm-0.12.7/src/GMEQDialog.cpp Examining data/gogglesmm-0.12.7/src/GMFontDialog.cpp Examining data/gogglesmm-0.12.7/src/md5.h Examining data/gogglesmm-0.12.7/src/GMTag.cpp Examining data/gogglesmm-0.12.7/src/ap_http.h Examining data/gogglesmm-0.12.7/src/GMWindow.h Examining data/gogglesmm-0.12.7/src/GMIconTheme.cpp Examining data/gogglesmm-0.12.7/src/GMClipboard.h Examining data/gogglesmm-0.12.7/src/GMTrackView.h Examining data/gogglesmm-0.12.7/src/GMCoverCache.h Examining data/gogglesmm-0.12.7/src/GMAudioScrobbler.cpp Examining data/gogglesmm-0.12.7/src/GMSettingsDaemon.h Examining data/gogglesmm-0.12.7/src/GMSearch.cpp Examining data/gogglesmm-0.12.7/src/GMSource.cpp Examining data/gogglesmm-0.12.7/src/GMTrackItem.h Examining data/gogglesmm-0.12.7/src/GMAnimImage.h Examining data/gogglesmm-0.12.7/src/GMMessageChannel.cpp Examining data/gogglesmm-0.12.7/src/GMDBus.h Examining data/gogglesmm-0.12.7/src/GMFetch.cpp Examining data/gogglesmm-0.12.7/src/GMAbout.h FINAL RESULTS: data/gogglesmm-0.12.7/src/GMIconTheme.cpp:501:15: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(GMStringFormat("rsvg-convert --format=png --width=%d --height=%d -o %s %s\n",size,size,target.text(),path.text()).text())==0){ data/gogglesmm-0.12.7/src/gmutils.cpp:445:7: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execlp("/bin/sh", "sh", "-c",exec.text(),(char *)0); data/gogglesmm-0.12.7/src/GMApp.cpp:235:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[40]; data/gogglesmm-0.12.7/src/GMAudioScrobbler.cpp:672:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (store.open(filename,FXStreamLoad)){ data/gogglesmm-0.12.7/src/GMAudioScrobbler.cpp:693:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (store.open(filename,FXStreamSave)){ data/gogglesmm-0.12.7/src/GMCoverCache.cpp:66:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer,b,len); data/gogglesmm-0.12.7/src/GMCoverCache.cpp:179:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst,src,sw); data/gogglesmm-0.12.7/src/GMCoverCache.cpp:376:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (store.open(getCacheFile(),FXStreamSave)){ data/gogglesmm-0.12.7/src/GMCoverCache.cpp:391:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (store.open(getCacheFile(),FXStreamLoad)) { data/gogglesmm-0.12.7/src/GMDBus.cpp:344:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FXbool GMDBus::open(DBusBusType bustype/*=DBUS_BUS_SESSION*/){ data/gogglesmm-0.12.7/src/GMDBus.h:69:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FXbool open(DBusBusType bustype=DBUS_BUS_SESSION); data/gogglesmm-0.12.7/src/GMDatabase.cpp:29:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FXbool GMDatabase::open(const FXString & filename){ data/gogglesmm-0.12.7/src/GMDatabase.h:34:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FXbool open(const FXString & filename); data/gogglesmm-0.12.7/src/GMIconTheme.cpp:75:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (store.open(GMApp::getCacheDirectory(true)+CACHE_FILE_NAME,FXStreamSave)) { data/gogglesmm-0.12.7/src/GMIconTheme.cpp:121:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (store.open(GMApp::getCacheDirectory()+PATHSEPSTRING+"icontheme.cache",FXStreamLoad)) { data/gogglesmm-0.12.7/src/GMIconTheme.cpp:400:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(store.open(filename,FXStreamLoad,65536)){ data/gogglesmm-0.12.7/src/GMIconTheme.cpp:430:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(store.open(filename,FXStreamLoad,65536)){ data/gogglesmm-0.12.7/src/GMPlayer.cpp:393:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FXbool GMPlayer::open(const FXString & mrl_in){ data/gogglesmm-0.12.7/src/GMPlayer.h:175:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FXbool open(const FXString & mrl); data/gogglesmm-0.12.7/src/GMPlayerManager.cpp:193:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). p->open(mrl); data/gogglesmm-0.12.7/src/GMPlayerManager.cpp:363:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(cmd); data/gogglesmm-0.12.7/src/GMPlayerManager.cpp:475:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (fifo.open(fifofilename,FXIO::WriteOnly|FXIO::NonBlocking)){ data/gogglesmm-0.12.7/src/GMPlayerManager.cpp:508:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fifo.open(fifofilename,FXIO::Reading|FXIO::WriteOnly,FXIO::OwnerWrite); data/gogglesmm-0.12.7/src/GMPlayerManager.cpp:643:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!sessionbus->open(DBUS_BUS_SESSION) || !sessionbus->connected()) { data/gogglesmm-0.12.7/src/GMPlayerManager.cpp:682:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!systembus->open(DBUS_BUS_SYSTEM) || !systembus->connected()) { data/gogglesmm-0.12.7/src/GMPlayerManager.cpp:780:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(url); data/gogglesmm-0.12.7/src/GMPlayerManager.cpp:954:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!player->open(filename)){ data/gogglesmm-0.12.7/src/GMPlayerManager.cpp:1009:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!player->open(list[i])){ data/gogglesmm-0.12.7/src/GMPlayerManager.cpp:1042:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void GMPlayerManager::open(const FXString & uri) { data/gogglesmm-0.12.7/src/GMPlayerManager.cpp:1628:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/gogglesmm-0.12.7/src/GMPlayerManager.h:210:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(const FXString & mrl); data/gogglesmm-0.12.7/src/GMSearch.cpp:61:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FXbool open(); data/gogglesmm-0.12.7/src/GMSearch.cpp:124:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FXbool GMDatabaseThread::open() { data/gogglesmm-0.12.7/src/GMSearch.cpp:222:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!open()) return -1; data/gogglesmm-0.12.7/src/GMSearch.cpp:380:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!open()) return 1; data/gogglesmm-0.12.7/src/GMTag.cpp:865:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (io.open(mrl,FXIO::Reading)) { data/gogglesmm-0.12.7/src/GMTag.cpp:888:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (io.open(mrl,FXIO::Reading)) { data/gogglesmm-0.12.7/src/GMTag.cpp:981:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer,tbuf.data(),len); data/gogglesmm-0.12.7/src/GMTrackDatabase.cpp:189:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!db.open(database)) data/gogglesmm-0.12.7/src/GMTrackDatabase.cpp:2752:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen(filename.text(),"w"); data/gogglesmm-0.12.7/src/GMWindow.cpp:1240:34: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). GMPlayerManager::instance()->open(filename); data/gogglesmm-0.12.7/src/ap_buffer.cpp:131:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wrptr,b,nbytes); data/gogglesmm-0.12.7/src/ap_buffer.cpp:146:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b,rdptr,nbytes); data/gogglesmm-0.12.7/src/ap_buffer.cpp:154:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b,rdptr,nbytes); data/gogglesmm-0.12.7/src/gmutils.cpp:490:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). store.open(FXStreamLoad,size,(FXuchar*)data); data/gogglesmm-0.12.7/src/gmutils.cpp:492:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). store.open(FXStreamLoad,(FXuchar*)data,size); data/gogglesmm-0.12.7/src/md5.cpp:169:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xbuf, data, 64); data/gogglesmm-0.12.7/src/md5.cpp:343:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pms->buf + offset, p, copy); data/gogglesmm-0.12.7/src/md5.cpp:357:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pms->buf, p, left); data/gogglesmm-0.12.7/src/GMFontDialog.cpp:187:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(selected.face,familylist->getItemText(selindex).text(),sizeof(selected.face)); data/gogglesmm-0.12.7/src/GMFontDialog.cpp:338:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(selected.face,familylist->getItemText((FXint)(FXival)ptr).text(),sizeof(selected.face)); data/gogglesmm-0.12.7/src/GMMessageChannel.cpp:116:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(::read(h[0],&pkg,sizeof(FXMessage))==sizeof(FXMessage)){ data/gogglesmm-0.12.7/src/GMMessageChannel.cpp:117:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(0<pkg.size && (::read(h[0],pkg.data,pkg.size)==pkg.size)){ data/gogglesmm-0.12.7/src/GMPreferencesDialog.cpp:1209:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fontdescription.face,font->getActualName().text(),sizeof(fontdescription.face)); data/gogglesmm-0.12.7/src/ap_buffer.cpp:143:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). FXival MemoryBuffer::read(void * b, FXival nbytes) { data/gogglesmm-0.12.7/src/ap_buffer.h:48:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). FXival read(void * bytes,FXival nbytes); data/gogglesmm-0.12.7/src/ap_http.cpp:76:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). FXival HttpResponse::read(FXchar*ptr,FXival nbytes) { data/gogglesmm-0.12.7/src/ap_http.cpp:80:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). FXival n = buffer.read(ptr,nbytes); data/gogglesmm-0.12.7/src/ap_http.cpp:205:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(clrf,2)!=2 || clrf[0]!='\r' || clrf[1]!='\n') { data/gogglesmm-0.12.7/src/ap_http.cpp:253:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). FXival n = read(&body[0],content_length); data/gogglesmm-0.12.7/src/ap_http.cpp:263:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n = read(&body[pos],BLOCK); data/gogglesmm-0.12.7/src/ap_http.cpp:288:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(&body[body.length()-chunksize],chunksize)<chunksize) data/gogglesmm-0.12.7/src/ap_http.cpp:324:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). FXival n = read(body,content_length); data/gogglesmm-0.12.7/src/ap_http.cpp:340:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n = read(body+len,BLOCK); data/gogglesmm-0.12.7/src/ap_http.cpp:368:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(body+size-chunksize,chunksize)<chunksize) data/gogglesmm-0.12.7/src/ap_http.cpp:400:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). FXival n = read(data,FXMIN(content_length,len)); data/gogglesmm-0.12.7/src/ap_http.cpp:405:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read((FXchar*)ptr,len); data/gogglesmm-0.12.7/src/ap_http.cpp:437:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). FXival n = read(data+nbytes,FXMIN(len,chunk_remaining)); data/gogglesmm-0.12.7/src/ap_http.cpp:793:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nread=::read(device,data,count); data/gogglesmm-0.12.7/src/ap_http.h:128:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). FXival read(FXchar*ptr,FXival nbytes); ANALYSIS SUMMARY: Hits = 70 Lines analyzed = 40800 in approximately 3.46 seconds (11788 lines/second) Physical Source Lines of Code (SLOC) = 29604 Hits@level = [0] 26 [1] 21 [2] 47 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 96 [1+] 70 [2+] 49 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 3.24281 [1+] 2.36455 [2+] 1.65518 [3+] 0.0675584 [4+] 0.0675584 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.