stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gst-plugins-ugly1.0-1.18.1/ext/a52dec/gsta52dec.c
Examining data/gst-plugins-ugly1.0-1.18.1/ext/a52dec/gsta52dec.h
Examining data/gst-plugins-ugly1.0-1.18.1/ext/amrnb/amrnb.c
Examining data/gst-plugins-ugly1.0-1.18.1/ext/amrnb/amrnbdec.c
Examining data/gst-plugins-ugly1.0-1.18.1/ext/amrnb/amrnbdec.h
Examining data/gst-plugins-ugly1.0-1.18.1/ext/amrnb/amrnbenc.c
Examining data/gst-plugins-ugly1.0-1.18.1/ext/amrnb/amrnbenc.h
Examining data/gst-plugins-ugly1.0-1.18.1/ext/amrwbdec/amrwb.c
Examining data/gst-plugins-ugly1.0-1.18.1/ext/amrwbdec/amrwbdec.c
Examining data/gst-plugins-ugly1.0-1.18.1/ext/amrwbdec/amrwbdec.h
Examining data/gst-plugins-ugly1.0-1.18.1/ext/cdio/gstcdio.c
Examining data/gst-plugins-ugly1.0-1.18.1/ext/cdio/gstcdio.h
Examining data/gst-plugins-ugly1.0-1.18.1/ext/cdio/gstcdiocddasrc.c
Examining data/gst-plugins-ugly1.0-1.18.1/ext/cdio/gstcdiocddasrc.h
Examining data/gst-plugins-ugly1.0-1.18.1/ext/dvdread/dvdreadsrc.c
Examining data/gst-plugins-ugly1.0-1.18.1/ext/dvdread/dvdreadsrc.h
Examining data/gst-plugins-ugly1.0-1.18.1/ext/mpeg2dec/gstmpeg2dec.c
Examining data/gst-plugins-ugly1.0-1.18.1/ext/mpeg2dec/gstmpeg2dec.h
Examining data/gst-plugins-ugly1.0-1.18.1/ext/sidplay/gstsiddec.cc
Examining data/gst-plugins-ugly1.0-1.18.1/ext/sidplay/gstsiddec.h
Examining data/gst-plugins-ugly1.0-1.18.1/ext/x264/gstencoderbitrateprofilemanager.c
Examining data/gst-plugins-ugly1.0-1.18.1/ext/x264/gstencoderbitrateprofilemanager.h
Examining data/gst-plugins-ugly1.0-1.18.1/ext/x264/gstx264enc.c
Examining data/gst-plugins-ugly1.0-1.18.1/ext/x264/gstx264enc.h
Examining data/gst-plugins-ugly1.0-1.18.1/gst/asfdemux/asfheaders.c
Examining data/gst-plugins-ugly1.0-1.18.1/gst/asfdemux/asfheaders.h
Examining data/gst-plugins-ugly1.0-1.18.1/gst/asfdemux/asfpacket.c
Examining data/gst-plugins-ugly1.0-1.18.1/gst/asfdemux/asfpacket.h
Examining data/gst-plugins-ugly1.0-1.18.1/gst/asfdemux/gstasf.c
Examining data/gst-plugins-ugly1.0-1.18.1/gst/asfdemux/gstasfdemux.c
Examining data/gst-plugins-ugly1.0-1.18.1/gst/asfdemux/gstasfdemux.h
Examining data/gst-plugins-ugly1.0-1.18.1/gst/asfdemux/gstrtpasfdepay.c
Examining data/gst-plugins-ugly1.0-1.18.1/gst/asfdemux/gstrtpasfdepay.h
Examining data/gst-plugins-ugly1.0-1.18.1/gst/asfdemux/gstrtspwms.c
Examining data/gst-plugins-ugly1.0-1.18.1/gst/asfdemux/gstrtspwms.h
Examining data/gst-plugins-ugly1.0-1.18.1/gst/dvdlpcmdec/gstdvdlpcmdec.c
Examining data/gst-plugins-ugly1.0-1.18.1/gst/dvdlpcmdec/gstdvdlpcmdec.h
Examining data/gst-plugins-ugly1.0-1.18.1/gst/dvdsub/gstdvdsubdec.c
Examining data/gst-plugins-ugly1.0-1.18.1/gst/dvdsub/gstdvdsubdec.h
Examining data/gst-plugins-ugly1.0-1.18.1/gst/dvdsub/gstdvdsubparse.c
Examining data/gst-plugins-ugly1.0-1.18.1/gst/dvdsub/gstdvdsubparse.h
Examining data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/asmrules.c
Examining data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/asmrules.h
Examining data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/gstrdtbuffer.c
Examining data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/gstrdtbuffer.h
Examining data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/pnmsrc.c
Examining data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/pnmsrc.h
Examining data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rademux.c
Examining data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rademux.h
Examining data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rdtdepay.c
Examining data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rdtdepay.h
Examining data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rdtjitterbuffer.c
Examining data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rdtjitterbuffer.h
Examining data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rdtmanager.c
Examining data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rdtmanager.h
Examining data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/realhash.c
Examining data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/realhash.h
Examining data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/realmedia.c
Examining data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rmdemux.c
Examining data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rmdemux.h
Examining data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rmutils.c
Examining data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rmutils.h
Examining data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rtspreal.c
Examining data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rtspreal.h
Examining data/gst-plugins-ugly1.0-1.18.1/gst/xingmux/gstxingmux.c
Examining data/gst-plugins-ugly1.0-1.18.1/gst/xingmux/gstxingmux.h
Examining data/gst-plugins-ugly1.0-1.18.1/gst/xingmux/plugin.c
Examining data/gst-plugins-ugly1.0-1.18.1/gst-libs/gst/gettext.h
Examining data/gst-plugins-ugly1.0-1.18.1/gst-libs/gst/glib-compat-private.h
Examining data/gst-plugins-ugly1.0-1.18.1/gst-libs/gst/gst-i18n-plugin.h
Examining data/gst-plugins-ugly1.0-1.18.1/tests/check/elements/amrnbenc.c
Examining data/gst-plugins-ugly1.0-1.18.1/tests/check/elements/mpeg2dec.c
Examining data/gst-plugins-ugly1.0-1.18.1/tests/check/elements/x264enc.c
Examining data/gst-plugins-ugly1.0-1.18.1/tests/check/elements/xingmux.c
Examining data/gst-plugins-ugly1.0-1.18.1/tests/check/elements/xingmux_testdata.h
Examining data/gst-plugins-ugly1.0-1.18.1/tests/check/generic/index.c
Examining data/gst-plugins-ugly1.0-1.18.1/tests/check/generic/states.c

FINAL RESULTS:

data/gst-plugins-ugly1.0-1.18.1/ext/a52dec/gsta52dec.c:442:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (to, from, sizeof (GstAudioChannelPosition) * channels);
data/gst-plugins-ugly1.0-1.18.1/ext/amrwbdec/amrwbdec.c:64:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char block_size[16] =
data/gst-plugins-ugly1.0-1.18.1/ext/x264/gstx264enc.c:2056:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (buffer + i_size + 2, nal[sps_ni].p_payload + 4, nal_size);
data/gst-plugins-ugly1.0-1.18.1/ext/x264/gstx264enc.c:2064:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (buffer + i_size + 2, nal[pps_ni].p_payload + 4, nal_size);
data/gst-plugins-ugly1.0-1.18.1/ext/x264/gstx264enc.c:2384:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (pic_in->extra_sei.payloads[i].payload + 10, cc_meta->data,
data/gst-plugins-ugly1.0-1.18.1/gst/asfdemux/gstasfdemux.c:257:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (demux->old_stream, demux->stream, sizeof (demux->stream));
data/gst-plugins-ugly1.0-1.18.1/gst/asfdemux/gstasfdemux.c:3394:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                guint year = atoi (value_utf8);
data/gst-plugins-ugly1.0-1.18.1/gst/asfdemux/gstrtpasfdepay.c:155:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (depay->packet_size == atoi (ps_string)) {
data/gst-plugins-ugly1.0-1.18.1/gst/asfdemux/gstrtpasfdepay.c:162:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    depay->packet_size = atoi (ps_string);
data/gst-plugins-ugly1.0-1.18.1/gst/dvdsub/gstdvdsubdec.c:153:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (dec->current_clut, default_clut, sizeof (guint32) * 16);
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/asmrules.c:251:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      g_print ("INT %d\n", atoi (scan->val));
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/asmrules.c:470:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      node->data.floatval = atoi (scan->val);
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rdtdepay.c:376:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (outdata + 12, data, size);
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/realhash.c:232:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (key + b + 24, challenge, a);
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/realhash.c:245:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (key + b + 24, challenge + c, len - c);
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/realhash.c:255:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[128];
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/realhash.c:256:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char field[128];
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/realhash.c:257:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char zres[20];
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/realhash.c:258:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf1[128];
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/realhash.c:259:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf2[128];
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/realhash.c:277:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (ptr, challenge, ch_len);
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/realhash.c:296:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (buf2, field + 16, 8);
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/realhash.c:304:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (zres, field, 16);
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/realhash.c:319:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy (&response[resp_len], "01d0a8e3");
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rmdemux.c:1999:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (outmap.data + leaf_size * idx, map.data + leaf_size * x,
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rmutils.c:264:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (tab2, tab1, 8);
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rmutils.c:269:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (tab2, tab1, 8);
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rmutils.c:273:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (tab2, tab1, 8);
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rmutils.c:276:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (tab2, tab1, 8);
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rmutils.c:280:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (tab2, tab1, 8);
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rmutils.c:283:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (tab2, tab1, 8);
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rmutils.c:287:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (tab2, tab1, 8);
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rmutils.c:290:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (tab2, tab1, 8);
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rtspreal.c:233:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      dest = atoi (val + 8);                              \
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rtspreal.c:259:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy ((datap) + 1, str, str_len);                 \
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rtspreal.c:266:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (datap + 2, str, str_len);                   \
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rtspreal.c:328:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (datap + 0, "PROP", 4);
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rtspreal.c:354:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (datap, "CONT", 4);
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rtspreal.c:542:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (datap, "MDPR", 4);
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rtspreal.c:558:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (datap + 4, stream->type_specific_data,
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rtspreal.c:579:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (datap, "DATA", 4);
data/gst-plugins-ugly1.0-1.18.1/gst/xingmux/gstxingmux.c:296:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (data, &header_be, 4);
data/gst-plugins-ugly1.0-1.18.1/gst/xingmux/gstxingmux.c:301:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (data, "Xing", 4);
data/gst-plugins-ugly1.0-1.18.1/gst/xingmux/gstxingmux.c:327:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (data, &number_of_frames, 4);
data/gst-plugins-ugly1.0-1.18.1/gst/xingmux/gstxingmux.c:353:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (data, &nbytes, 4);
data/gst-plugins-ugly1.0-1.18.1/gst/xingmux/gstxingmux.c:376:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy (data, &byte, 1);
data/gst-plugins-ugly1.0-1.18.1/gst/xingmux/gstxingmux.c:386:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (&b, data - 1, 1);
data/gst-plugins-ugly1.0-1.18.1/gst/xingmux/gstxingmux.c:390:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy (data, &b, 1);
data/gst-plugins-ugly1.0-1.18.1/gst/xingmux/gstxingmux.c:398:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (xing_flags, &xing_flags_tmp, 4);
data/gst-plugins-ugly1.0-1.18.1/gst/asfdemux/gstasfdemux.c:3207:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  out = strlen (name_utf8);
data/gst-plugins-ugly1.0-1.18.1/gst/asfdemux/gstasfdemux.c:3456:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        strlen (name_utf8)) == 0) {
data/gst-plugins-ugly1.0-1.18.1/gst/asfdemux/gstasfdemux.c:3521:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if (strncmp ("Stereoscopic", name_utf8, strlen (name_utf8)) == 0) {
data/gst-plugins-ugly1.0-1.18.1/gst/asfdemux/gstasfdemux.c:3867:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (tags[i].val_utf8 && strlen (tags[i].val_utf8) > 0 && tags[i].gst_tag) {
data/gst-plugins-ugly1.0-1.18.1/gst/asfdemux/gstasfdemux.c:4012:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (utf8 && strlen (utf8) >= 5 && (utf8[2] == '-' || utf8[2] == '_')) {
data/gst-plugins-ugly1.0-1.18.1/gst/asfdemux/gstasfdemux.c:4340:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nick += strlen ("ASF_OBJ_");
data/gst-plugins-ugly1.0-1.18.1/gst/asfdemux/gstrtspwms.c:102:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      config += strlen (HEADER_PREFIX);
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/realhash.c:273:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((ch_len = MIN (strlen (challenge), 56)) == 40) {
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/realhash.c:280:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  table_len = MIN (strlen ((char *) xor_table), 56);
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/realhash.c:318:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  resp_len = strlen (response);
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rtspreal.c:182:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy (ctx->etag, etag, len);
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rtspreal.c:218:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dest_len = strlen (dest) - 1;                           \
data/gst-plugins-ugly1.0-1.18.1/gst/realmedia/rtspreal.c:248:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dest_len = strlen (dest) - 1;                             \

ANALYSIS SUMMARY:

Hits = 62
Lines analyzed = 39006 in approximately 1.19 seconds (32691 lines/second)
Physical Source Lines of Code (SLOC) = 30086
Hits@level = [0]   6 [1]  13 [2]  49 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  68 [1+]  62 [2+]  49 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 2.26019 [1+] 2.06076 [2+] 1.62866 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.