Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/homebank-5.3.2/src/ui-payee.c
Examining data/homebank-5.3.2/src/gtk-chart-colors.h
Examining data/homebank-5.3.2/src/ui-tag.c
Examining data/homebank-5.3.2/src/ui-account.c
Examining data/homebank-5.3.2/src/ui-hbfile.h
Examining data/homebank-5.3.2/src/dsp-mainwindow.h
Examining data/homebank-5.3.2/src/hb-payee.h
Examining data/homebank-5.3.2/src/hb-hbfile.c
Examining data/homebank-5.3.2/src/rep-stats.c
Examining data/homebank-5.3.2/src/hb-import.h
Examining data/homebank-5.3.2/src/hb-filter.c
Examining data/homebank-5.3.2/src/hub-spending.h
Examining data/homebank-5.3.2/src/hb-export.h
Examining data/homebank-5.3.2/src/hb-xml.c
Examining data/homebank-5.3.2/src/hub-transaction.c
Examining data/homebank-5.3.2/src/ui-assist-start.c
Examining data/homebank-5.3.2/src/hb-preferences.h
Examining data/homebank-5.3.2/src/list-scheduled.c
Examining data/homebank-5.3.2/src/list-operation.c
Examining data/homebank-5.3.2/src/ui-widgets-data.c
Examining data/homebank-5.3.2/src/hub-transaction.h
Examining data/homebank-5.3.2/src/rep-stats.h
Examining data/homebank-5.3.2/src/dsp-mainwindow.c
Examining data/homebank-5.3.2/src/ui-txn-multi.c
Examining data/homebank-5.3.2/src/dsp-account.c
Examining data/homebank-5.3.2/src/ui-transaction.c
Examining data/homebank-5.3.2/src/ui-assist-import.c
Examining data/homebank-5.3.2/src/hb-tag.c
Examining data/homebank-5.3.2/src/hb-currency.h
Examining data/homebank-5.3.2/src/ui-currency.h
Examining data/homebank-5.3.2/src/rep-balance.h
Examining data/homebank-5.3.2/src/hb-category.h
Examining data/homebank-5.3.2/src/ui-assign.h
Examining data/homebank-5.3.2/src/hb-account.h
Examining data/homebank-5.3.2/src/ui-filter.h
Examining data/homebank-5.3.2/src/hb-report.c
Examining data/homebank-5.3.2/src/rep-time.c
Examining data/homebank-5.3.2/src/hb-archive.h
Examining data/homebank-5.3.2/src/rep-vehicle.h
Examining data/homebank-5.3.2/src/gtk-dateentry.c
Examining data/homebank-5.3.2/src/rep-budget.h
Examining data/homebank-5.3.2/src/ui-dialogs.c
Examining data/homebank-5.3.2/src/hb-import-qif.c
Examining data/homebank-5.3.2/src/hb-filter.h
Examining data/homebank-5.3.2/src/list-scheduled.h
Examining data/homebank-5.3.2/src/hb-import.c
Examining data/homebank-5.3.2/src/enums.h
Examining data/homebank-5.3.2/src/ui-currency.c
Examining data/homebank-5.3.2/src/ui-budget.c
Examining data/homebank-5.3.2/src/language.h
Examining data/homebank-5.3.2/src/hb-xml.h
Examining data/homebank-5.3.2/src/gtk-chart.c
Examining data/homebank-5.3.2/src/hb-hbfile.h
Examining data/homebank-5.3.2/src/ui-budget.h
Examining data/homebank-5.3.2/src/hb-tag.h
Examining data/homebank-5.3.2/src/ui-assist-start.h
Examining data/homebank-5.3.2/src/ui-hbfile.c
Examining data/homebank-5.3.2/src/ui-pref.c
Examining data/homebank-5.3.2/src/homebank.c
Examining data/homebank-5.3.2/src/rep-budget.c
Examining data/homebank-5.3.2/src/rep-time.h
Examining data/homebank-5.3.2/src/ui-pref.h
Examining data/homebank-5.3.2/src/hb-split.c
Examining data/homebank-5.3.2/src/ui-assign.c
Examining data/homebank-5.3.2/src/hb-preferences.c
Examining data/homebank-5.3.2/src/ui-txn-multi.h
Examining data/homebank-5.3.2/src/ui-assist-import.h
Examining data/homebank-5.3.2/src/ui-widgets.c
Examining data/homebank-5.3.2/src/dsp-account.h
Examining data/homebank-5.3.2/src/hub-spending.c
Examining data/homebank-5.3.2/src/ui-widgets.h
Examining data/homebank-5.3.2/src/hb-archive.c
Examining data/homebank-5.3.2/src/hb-account.c
Examining data/homebank-5.3.2/src/ui-tag.h
Examining data/homebank-5.3.2/src/ui-budget-tabview.h
Examining data/homebank-5.3.2/src/hb-transaction.h
Examining data/homebank-5.3.2/src/hb-group.c
Examining data/homebank-5.3.2/src/ui-account.h
Examining data/homebank-5.3.2/src/ui-archive.h
Examining data/homebank-5.3.2/src/ui-group.c
Examining data/homebank-5.3.2/src/ui-filter.c
Examining data/homebank-5.3.2/src/hb-misc.c
Examining data/homebank-5.3.2/src/hub-scheduled.h
Examining data/homebank-5.3.2/src/language.c
Examining data/homebank-5.3.2/src/ui-transaction.h
Examining data/homebank-5.3.2/src/rep-vehicle.c
Examining data/homebank-5.3.2/src/list-account.c
Examining data/homebank-5.3.2/src/hub-account.h
Examining data/homebank-5.3.2/src/hb-report.h
Examining data/homebank-5.3.2/src/hb-encoding.h
Examining data/homebank-5.3.2/src/rep-balance.c
Examining data/homebank-5.3.2/src/gtk-chart-progress.h
Examining data/homebank-5.3.2/src/hb-payee.c
Examining data/homebank-5.3.2/src/hb-currency.c
Examining data/homebank-5.3.2/src/ui-category.c
Examining data/homebank-5.3.2/src/gtk-chart-colors.c
Examining data/homebank-5.3.2/src/hb-transaction.c
Examining data/homebank-5.3.2/src/list-account.h
Examining data/homebank-5.3.2/src/homebank.h
Examining data/homebank-5.3.2/src/hb-group.h
Examining data/homebank-5.3.2/src/ui-category.h
Examining data/homebank-5.3.2/src/list-operation.h
Examining data/homebank-5.3.2/src/hb-misc.h
Examining data/homebank-5.3.2/src/hb-export.c
Examining data/homebank-5.3.2/src/gtk-chart-progress.c
Examining data/homebank-5.3.2/src/ui-group.h
Examining data/homebank-5.3.2/src/hb-split.h
Examining data/homebank-5.3.2/src/hub-scheduled.c
Examining data/homebank-5.3.2/src/ui-split.c
Examining data/homebank-5.3.2/src/gtk-dateentry.h
Examining data/homebank-5.3.2/src/ui-archive.c
Examining data/homebank-5.3.2/src/hb-import-ofx.c
Examining data/homebank-5.3.2/src/hb-import-csv.c
Examining data/homebank-5.3.2/src/ui-dialogs.h
Examining data/homebank-5.3.2/src/ui-payee.h
Examining data/homebank-5.3.2/src/hb-assign.h
Examining data/homebank-5.3.2/src/hb-assign.c
Examining data/homebank-5.3.2/src/hb-encoding.c
Examining data/homebank-5.3.2/src/ui-budget-tabview.c
Examining data/homebank-5.3.2/src/gtk-chart.h
Examining data/homebank-5.3.2/src/hb-category.c
Examining data/homebank-5.3.2/src/hub-account.c
Examining data/homebank-5.3.2/src/ui-split.h
FINAL RESULTS:
data/homebank-5.3.2/src/hb-import-csv.c:75:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (twoquote, twoquote+1);
data/homebank-5.3.2/src/hb-preferences.c:314:45: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
PREFS->path_hbfile = g_strdup_printf("%s", g_get_home_dir ());
data/homebank-5.3.2/src/hb-preferences.c:315:45: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
PREFS->path_hbbak = g_strdup_printf("%s", g_get_home_dir ());
data/homebank-5.3.2/src/hb-preferences.c:316:45: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
PREFS->path_import = g_strdup_printf("%s", g_get_home_dir ());
data/homebank-5.3.2/src/hb-preferences.c:317:45: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
PREFS->path_export = g_strdup_printf("%s", g_get_home_dir ());
data/homebank-5.3.2/src/homebank.c:659:30: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
homedir = g_build_filename(g_get_home_dir (), ".homebank", NULL );
data/homebank-5.3.2/src/homebank.c:758:31: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_print(" - home_dir: %s\n", g_get_home_dir ());
data/homebank-5.3.2/src/homebank.c:759:30: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_print(" - tmp_dir: %s\n", g_get_tmp_dir ());
data/homebank-5.3.2/src/dsp-mainwindow.c:1640:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (newseldata, gtk_selection_data_get_data(selection_data), slen);
data/homebank-5.3.2/src/gtk-dateentry.c:114:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pt->n[0] = pt->num_ints > 0 ? atoi (num[0]) : 0;
data/homebank-5.3.2/src/gtk-dateentry.c:115:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pt->n[1] = pt->num_ints > 1 ? atoi (num[1]) : 0;
data/homebank-5.3.2/src/gtk-dateentry.c:116:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pt->n[2] = pt->num_ints > 2 ? atoi (num[2]) : 0;
data/homebank-5.3.2/src/hb-currency.c:406:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/homebank-5.3.2/src/hb-currency.c:448:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
item->frac_digits = atoi(buffer);
data/homebank-5.3.2/src/hb-export.c:47:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char amountbuf[G_ASCII_DTOSTR_BUF_SIZE];
data/homebank-5.3.2/src/hb-import-csv.c:332:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newope->paymode = atoi(str_array[1]);
data/homebank-5.3.2/src/hb-import.c:601:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dgentxn, sgentxn, sizeof(GenTxn));
data/homebank-5.3.2/src/hb-misc.c:715:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*n1 = atoi(str_array[0]);
data/homebank-5.3.2/src/hb-misc.c:716:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*n2 = atoi(str_array[1]);
data/homebank-5.3.2/src/hb-misc.c:717:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*n3 = atoi(str_array[2]);
data/homebank-5.3.2/src/hb-misc.c:834:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gint da = atoi( *a + strlen(*a) - 12);
data/homebank-5.3.2/src/hb-misc.c:835:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gint db = atoi( *b + strlen(*b) - 12);
data/homebank-5.3.2/src/hb-preferences.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/homebank-5.3.2/src/hb-preferences.c:478:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(storage, wg, 5*sizeof(gint));
data/homebank-5.3.2/src/hb-preferences.c:756:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(PREFS->lst_ope_columns, src, length*sizeof(gint));
data/homebank-5.3.2/src/hb-preferences.c:766:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(PREFS->lst_ope_columns, src, length*sizeof(gint));
data/homebank-5.3.2/src/hb-preferences.c:813:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(PREFS->lst_ope_col_width, src, length*sizeof(gint));
data/homebank-5.3.2/src/hb-split.c:213:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
split->kcat = atoi(cat_a[i]);
data/homebank-5.3.2/src/hb-split.c:236:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[G_ASCII_DTOSTR_BUF_SIZE];
data/homebank-5.3.2/src/hb-transaction.c:1042:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cheque = atol(newope->info);
data/homebank-5.3.2/src/hb-xml.c:518:70: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(!strcmp (attribute_names[i], "key" )) { entry->key = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:519:70: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "flags" )) { entry->flags = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:520:70: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "pos" )) { entry->pos = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:521:69: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "type" )) { entry->type = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:522:69: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "curr" )) { entry->kcur = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:529:72: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "cheque1" )) { entry->cheque1 = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:530:72: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "cheque2" )) { entry->cheque2 = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:532:69: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "tpl" )) { entry->karc = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:533:69: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "grp" )) { entry->kgrp = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:551:70: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(!strcmp (attribute_names[i], "key" )) { entry->key = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:552:70: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "flags" )) { entry->flags = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:553:70: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "pos" )) { entry->pos = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:554:70: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "field" )) { entry->field = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:557:69: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "payee" )) { entry->kpay = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:558:69: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "category")) { entry->kcat = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:559:72: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "paymode" )) { entry->paymode = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:561:61: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "exact" )) { exact = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:587:62: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(!strcmp (attribute_names[i], "key" )) { entry->key = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:590:69: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "category")) { entry->kcat = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:591:72: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "paymode" )) { entry->paymode = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:606:75: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "curr" )) { GLOBALS->kcur = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:607:87: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "car_category")) { GLOBALS->vehicle_category = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:608:81: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "auto_smode" )) { GLOBALS->auto_smode = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:609:83: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "auto_weekday")) { GLOBALS->auto_weekday = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:610:82: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "auto_nbdays" )) { GLOBALS->auto_nbdays = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:625:66: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(!strcmp (attribute_names[i], "key" )) { entry->key = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:626:69: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "parent")) { entry->parent = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:627:68: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "flags" )) { entry->flags = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:660:63: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(!strcmp (attribute_names[i], "key" )) { entry->key = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:661:68: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "flags" )) { entry->flags = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:665:73: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "syprf" )) { entry->sym_prefix = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:668:74: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "frac" )) { entry->frac_digits = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:670:68: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "mdate ")) { entry->mdate = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:688:65: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(!strcmp (attribute_names[i], "key" )) { entry->key = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:731:71: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(!strcmp (attribute_names[i], "key" )) { entry->key = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:733:72: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "account" )) { entry->kacc = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:734:76: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "dst_account")) { entry->kxferacc = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:735:75: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "paymode" )) { entry->paymode = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:736:74: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "st" )) { entry->status = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:737:73: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "flags" )) { entry->flags = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:738:72: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "payee" )) { entry->kpay = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:739:72: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "category" )) { entry->kcat = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:749:76: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "nextdate" )) { entry->nextdate = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:750:73: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "every" )) { entry->every = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:751:72: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "unit" )) { entry->unit = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:752:73: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "limit" )) { entry->limit = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:753:75: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "weekend" )) { entry->weekend = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:754:74: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "gap" )) { entry->daygap = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:789:72: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(!strcmp (attribute_names[i], "date" )) { entry->date = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:791:72: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "account" )) { entry->kacc = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:792:76: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "dst_account")) { entry->kxferacc = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:793:75: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "paymode" )) { entry->paymode = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:794:74: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "st" )) { entry->status = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:795:73: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "flags" )) { entry->flags = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:796:72: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "payee" )) { entry->kpay = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:797:72: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "category" )) { entry->kcat = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:807:71: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(!strcmp (attribute_names[i], "kxfer" )) { entry->kxfer = atoi(attribute_values[i]); }
data/homebank-5.3.2/src/hb-xml.c:978:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctx->data_version = atoi(v_buffer+3);
data/homebank-5.3.2/src/hb-xml.c:1251:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[G_ASCII_DTOSTR_BUF_SIZE];
data/homebank-5.3.2/src/hb-xml.c:1307:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[G_ASCII_DTOSTR_BUF_SIZE];
data/homebank-5.3.2/src/hb-xml.c:1448:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[G_ASCII_DTOSTR_BUF_SIZE];
data/homebank-5.3.2/src/hb-xml.c:1796:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[G_ASCII_DTOSTR_BUF_SIZE];
data/homebank-5.3.2/src/list-operation.c:615:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char amountbuf[G_ASCII_DTOSTR_BUF_SIZE];
data/homebank-5.3.2/src/rep-vehicle.c:156:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
item->meter = atol(d+2);
data/homebank-5.3.2/src/ui-assist-import.c:568:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (newseldata, gtk_selection_data_get_data(selection_data), slen);
data/homebank-5.3.2/src/ui-budget.c:283:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[G_ASCII_DTOSTR_BUF_SIZE];
data/homebank-5.3.2/src/ui-widgets.c:983:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
retval = buf != NULL ? atoi(buf) : 0;
data/homebank-5.3.2/src/ui-widgets.c:1334:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *nainex_iconnames[NUM_NAINEX_MAX] =
data/homebank-5.3.2/src/hb-account.c:225:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(stripname) > 0 )
data/homebank-5.3.2/src/hb-account.c:429:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(stripname) > 0 )
data/homebank-5.3.2/src/hb-category.c:328:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(partstr[0]) == 0 )
data/homebank-5.3.2/src/hb-category.c:334:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(partstr[1]) == 0 )
data/homebank-5.3.2/src/hb-currency.c:572:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(strbuf, p+8, 10);
data/homebank-5.3.2/src/hb-currency.c:586:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(isocode, strbuf, 3);
data/homebank-5.3.2/src/hb-currency.c:627:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (item->key != GLOBALS->kcur) && (strlen(item->iso_code) == 3) )
data/homebank-5.3.2/src/hb-export.c:562:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(txn->info != NULL && strlen(txn->info) > 0)
data/homebank-5.3.2/src/hb-group.c:163:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(stripname) > 0 )
data/homebank-5.3.2/src/hb-import-csv.c:69:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (new_str, str, n);
data/homebank-5.3.2/src/hb-import-ofx.c:300:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_print(" len info %d %ld\n", (int)strlen(gentxn->rawinfo) , g_utf8_strlen(gentxn->rawinfo, -1));
data/homebank-5.3.2/src/hb-import-ofx.c:302:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_print(" len memo %d %ld\n", (int)strlen(gentxn->rawmemo) , g_utf8_strlen(gentxn->rawmemo, -1));
data/homebank-5.3.2/src/hb-import-ofx.c:304:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_print(" len name %d %ld\n", (int)strlen(gentxn->rawpayee), g_utf8_strlen(gentxn->rawpayee, -1));
data/homebank-5.3.2/src/hb-import-qif.c:74:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(string) - 1;
data/homebank-5.3.2/src/hb-import.c:413:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(number != NULL && acc->number && strlen(acc->number) )
data/homebank-5.3.2/src/hb-import.c:630:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len = strlen(*str);
data/homebank-5.3.2/src/hb-misc.c:187:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( cur->grouping_char != NULL && strlen(cur->grouping_char) > 0 )
data/homebank-5.3.2/src/hb-misc.c:484:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/homebank-5.3.2/src/hb-misc.c:519:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len = strlen (str);
data/homebank-5.3.2/src/hb-misc.c:613:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (str) + 1;
data/homebank-5.3.2/src/hb-misc.c:667:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(string);
data/homebank-5.3.2/src/hb-misc.c:797:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len = strlen(filepath);
data/homebank-5.3.2/src/hb-misc.c:826:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return g_strndup(filename, strlen(filename) - strlen(lastdot));
data/homebank-5.3.2/src/hb-misc.c:826:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return g_strndup(filename, strlen(filename) - strlen(lastdot));
data/homebank-5.3.2/src/hb-misc.c:834:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint da = atoi( *a + strlen(*a) - 12);
data/homebank-5.3.2/src/hb-misc.c:835:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint db = atoi( *b + strlen(*b) - 12);
data/homebank-5.3.2/src/hb-payee.c:255:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(stripname) == 0 )
data/homebank-5.3.2/src/hb-preferences.c:599:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (prefix != NULL) && (strlen(prefix) > 0) )
data/homebank-5.3.2/src/hb-tag.c:295:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(str_array[i]) == 0 )
data/homebank-5.3.2/src/hb-xml.c:744:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(attribute_values[i] != NULL && strlen(attribute_values[i]) > 0 && strcmp(attribute_values[i],"(null)") != 0 )
data/homebank-5.3.2/src/hb-xml.c:802:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(attribute_values[i] != NULL && strlen(attribute_values[i]) > 0 && strcmp(attribute_values[i],"(null)") != 0 )
data/homebank-5.3.2/src/hb-xml.c:1228:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (value);
data/homebank-5.3.2/src/hub-account.c:131:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (acc->bankname != NULL) && strlen(acc->bankname) > 0 )
data/homebank-5.3.2/src/rep-vehicle.c:150:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/homebank-5.3.2/src/ui-account.c:1381:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(item->name) > 0 )
data/homebank-5.3.2/src/ui-assist-start.c:202:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) > 0)
data/homebank-5.3.2/src/ui-budget-tabview.c:2021:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(new_name) > 0)
data/homebank-5.3.2/src/ui-budget.c:191:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (case_normalized_key, case_normalized_string, strlen (case_normalized_key)) == 0)
data/homebank-5.3.2/src/ui-category.c:319:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (g_strstr_len (case_normalized_string, strlen (case_normalized_string), key ))
data/homebank-5.3.2/src/ui-category.c:823:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (g_strstr_len (case_normalized_string, strlen (case_normalized_string), key ))
data/homebank-5.3.2/src/ui-category.c:1343:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (case_normalized_key, case_normalized_string, strlen (case_normalized_key)) == 0)
data/homebank-5.3.2/src/ui-category.c:1611:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(item->name) > 0 )
data/homebank-5.3.2/src/ui-category.c:1660:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_dialog_set_response_sensitive(GTK_DIALOG(window), GTK_RESPONSE_ACCEPT, strlen(buffer) > 0 ? TRUE : FALSE);
data/homebank-5.3.2/src/ui-category.c:1796:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_dialog_set_response_sensitive(GTK_DIALOG(window), GTK_RESPONSE_OK, strlen(buffer) > 0 ? TRUE : FALSE);
data/homebank-5.3.2/src/ui-currency.c:1051:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DB( g_print(" name='%d', iso='%d'\n", (gint)strlen(name), len) );
data/homebank-5.3.2/src/ui-currency.c:1053:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (len==0 || len==3) && (strlen(name) >= 3 ) )
data/homebank-5.3.2/src/ui-group.c:67:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(stripname) > 0 )
data/homebank-5.3.2/src/ui-payee.c:885:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hastext = (strlen(context->needle) >= 2) ? TRUE : FALSE;
data/homebank-5.3.2/src/ui-payee.c:951:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (case_normalized_key, case_normalized_string, strlen (case_normalized_key)) == 0)
data/homebank-5.3.2/src/ui-payee.c:1200:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(item->name) > 0 )
data/homebank-5.3.2/src/ui-payee.c:1221:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_dialog_set_response_sensitive(GTK_DIALOG(window), GTK_RESPONSE_ACCEPT, strlen(buffer) > 0 ? TRUE : FALSE);
data/homebank-5.3.2/src/ui-payee.c:1372:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_dialog_set_response_sensitive(GTK_DIALOG(window), GTK_RESPONSE_OK, strlen(buffer) > 0 ? TRUE : FALSE);
data/homebank-5.3.2/src/ui-tag.c:449:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(item->name) > 0 )
data/homebank-5.3.2/src/ui-tag.c:470:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_dialog_set_response_sensitive(GTK_DIALOG(window), GTK_RESPONSE_ACCEPT, strlen(buffer) > 0 ? TRUE : FALSE);
data/homebank-5.3.2/src/ui-transaction.c:137:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_label_set_label(GTK_LABEL(data->LB_curr), strlen(cur->iso_code) == 3 ? cur->iso_code : cur->symbol );
data/homebank-5.3.2/src/ui-widgets.c:579:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
count = strlen(clntxt);
ANALYSIS SUMMARY:
Hits = 154
Lines analyzed = 76184 in approximately 1.59 seconds (47924 lines/second)
Physical Source Lines of Code (SLOC) = 49028
Hits@level = [0] 0 [1] 56 [2] 90 [3] 7 [4] 1 [5] 0
Hits@level+ = [0+] 154 [1+] 154 [2+] 98 [3+] 8 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 3.14106 [1+] 3.14106 [2+] 1.99886 [3+] 0.163172 [4+] 0.0203965 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.