Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/klavaro-3.11/src/plot.h
Examining data/klavaro-3.11/src/keyboard.c
Examining data/klavaro-3.11/src/velocity.h
Examining data/klavaro-3.11/src/auxiliar.c
Examining data/klavaro-3.11/src/basic.h
Examining data/klavaro-3.11/src/top10.h
Examining data/klavaro-3.11/src/cursor.h
Examining data/klavaro-3.11/src/translation.h
Examining data/klavaro-3.11/src/adaptability.h
Examining data/klavaro-3.11/src/callbacks.h
Examining data/klavaro-3.11/src/tutor.h
Examining data/klavaro-3.11/src/main.h
Examining data/klavaro-3.11/src/auxiliar.h
Examining data/klavaro-3.11/src/fluidness.h
Examining data/klavaro-3.11/src/fluidness.c
Examining data/klavaro-3.11/src/adaptability.c
Examining data/klavaro-3.11/src/callbacks.c
Examining data/klavaro-3.11/src/tutor.c
Examining data/klavaro-3.11/src/top10.c
Examining data/klavaro-3.11/src/main.c
Examining data/klavaro-3.11/src/keyboard.h
Examining data/klavaro-3.11/src/accuracy.h
Examining data/klavaro-3.11/src/plot.c
Examining data/klavaro-3.11/src/basic.c
Examining data/klavaro-3.11/src/cursor.c
Examining data/klavaro-3.11/src/velocity.c
Examining data/klavaro-3.11/src/accuracy.c
Examining data/klavaro-3.11/src/translation.c
Examining data/klavaro-3.11/gtkdatabox/gtkdatabox_ruler.h
Examining data/klavaro-3.11/gtkdatabox/gtkdatabox_graph.c
Examining data/klavaro-3.11/gtkdatabox/gtkdatabox.c
Examining data/klavaro-3.11/gtkdatabox/gtkdatabox_points.h
Examining data/klavaro-3.11/gtkdatabox/gtkdatabox_scale.h
Examining data/klavaro-3.11/gtkdatabox/gtkdatabox.h
Examining data/klavaro-3.11/gtkdatabox/gtkdatabox_marshal.h
Examining data/klavaro-3.11/gtkdatabox/gtkdatabox_grid.h
Examining data/klavaro-3.11/gtkdatabox/gtkdatabox_bars.c
Examining data/klavaro-3.11/gtkdatabox/gtkdatabox_points.c
Examining data/klavaro-3.11/gtkdatabox/gtkdatabox_lines.c
Examining data/klavaro-3.11/gtkdatabox/gtkdatabox_bars.h
Examining data/klavaro-3.11/gtkdatabox/gtkdatabox_grid.c
Examining data/klavaro-3.11/gtkdatabox/gtkdatabox_scale.c
Examining data/klavaro-3.11/gtkdatabox/gtkdatabox_xyc_graph.h
Examining data/klavaro-3.11/gtkdatabox/gtkdatabox_ruler.c
Examining data/klavaro-3.11/gtkdatabox/gtkdatabox_typedefs.h
Examining data/klavaro-3.11/gtkdatabox/gtkdatabox_marshal.c
Examining data/klavaro-3.11/gtkdatabox/gtkdatabox_lines.h
Examining data/klavaro-3.11/gtkdatabox/gtkdatabox_xyc_graph.c
Examining data/klavaro-3.11/gtkdatabox/gtkdatabox_graph.h
FINAL RESULTS:
data/klavaro-3.11/src/fluidness.c:220:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (par.buffer, str_9000);
data/klavaro-3.11/src/plot.c:406:12: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
itens = fscanf (fh, "%f%f%f%s%s%s\t", &accur[i], &velo[i], &fluid[i],
data/klavaro-3.11/src/plot.c:412:12: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
itens = fscanf (fh, "%f%s%s%i\t", &score[i], date[i], hour[i], &nchars[i]);
data/klavaro-3.11/src/plot.c:462:12: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
itens = fscanf (fh, "%f%f%f%s%s%s\t", &accur[i], &velo[i], &fluid[i],
data/klavaro-3.11/src/plot.c:468:12: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
itens = fscanf (fh, "%f%s%s%i\t", &score[i], date[i], hour[i], &nchars[i]);
data/klavaro-3.11/src/plot.c:492:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (date[i], date[i + 1]);
data/klavaro-3.11/src/plot.c:493:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (hour[i], hour[i + 1]);
data/klavaro-3.11/src/plot.c:495:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (date[i], date[i + 1]);
data/klavaro-3.11/src/plot.c:496:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (hour[i], hour[i + 1]);
data/klavaro-3.11/src/top10.c:165:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (top10[i].name, NOBODY);
data/klavaro-3.11/src/tutor.c:1773:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
espeak_OK = ! system (command);
data/klavaro-3.11/src/tutor.c:1789:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
espeak_OK = ! system (command);
data/klavaro-3.11/src/velocity.c:194:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (par.text + par.i, word);
data/klavaro-3.11/src/main.c:301:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand (time (0));
data/klavaro-3.11/src/top10.c:966:51: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
tmp = g_strdup_printf ("%s/klavaro_%03i.html", g_get_tmp_dir (), i++);
data/klavaro-3.11/src/fluidness.c:193:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (par.name, "Default");
data/klavaro-3.11/src/keyboard.c:392:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (keyb.lochars[i], uchs, (n_itens - 1) * sizeof (gunichar));
data/klavaro-3.11/src/keyboard.c:406:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (keyb.upchars[i], uchs, (n_itens - 1) * sizeof (gunichar));
data/klavaro-3.11/src/keyboard.c:1915:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (file_name, "hands_0.png");
data/klavaro-3.11/src/keyboard.c:1917:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (file_name, "hands_9.png");
data/klavaro-3.11/src/keyboard.c:1919:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (file_name, "hands_5.png");
data/klavaro-3.11/src/translation.c:195:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (lang[i].cd, "en");
data/klavaro-3.11/src/tutor.c:1844:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ut8, _("space"));
data/klavaro-3.11/src/tutor.c:1849:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ut8, _("wye"));
data/klavaro-3.11/src/tutor.c:1853:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ut8, _("enter"));
data/klavaro-3.11/src/tutor.c:1859:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ut8, _("apostrophe"));
data/klavaro-3.11/src/tutor.c:1863:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ut8, _("quote"));
data/klavaro-3.11/src/tutor.c:1867:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ut8, _("ampersand"));
data/klavaro-3.11/gtkdatabox/gtkdatabox_ruler.c:1137:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(format)>FORMAT_LENGTH) {
data/klavaro-3.11/gtkdatabox/gtkdatabox_ruler.c:1138:121: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_warning("maximum format length = %d chars exceeded, truncating to the maximum from %d",FORMAT_LENGTH,(int)strlen(format));
data/klavaro-3.11/gtkdatabox/gtkdatabox_ruler.c:1178:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(format)>FORMAT_LENGTH) {
data/klavaro-3.11/gtkdatabox/gtkdatabox_ruler.c:1179:121: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_warning("maximum format length = %d chars exceeded, truncating to the maximum from %d",FORMAT_LENGTH,(int)strlen(format));
data/klavaro-3.11/src/accuracy.c:181:13: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (3 != sscanf (dtp, "%6s\t%lu\t%lu\n", tmpchr, &wrong, &correct))
data/klavaro-3.11/src/accuracy.c:222:13: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (3 != sscanf (dtp, "%6s\t%lf\t%lf\n", tmpchr, &dt, &dummy))
data/klavaro-3.11/src/adaptability.c:274:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert_at_cursor (buf, tmp_str, strlen (tmp_str));
data/klavaro-3.11/src/basic.c:242:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (charset) < 2)
data/klavaro-3.11/src/basic.c:388:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert_at_cursor (buf, tmp_str, strlen (tmp_str));
data/klavaro-3.11/src/callbacks.c:588:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (tmp_font) == 0)
data/klavaro-3.11/src/callbacks.c:1020:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (tmp) == 0)
data/klavaro-3.11/src/callbacks.c:1718:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (str) > 0)
data/klavaro-3.11/src/fluidness.c:101:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (par_i, par_1, size);
data/klavaro-3.11/src/fluidness.c:121:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (par_i);
data/klavaro-3.11/src/fluidness.c:184:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (par.name, list_name, 20);
data/klavaro-3.11/src/fluidness.c:209:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str_9000);
data/klavaro-3.11/src/fluidness.c:212:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memory_ok = g_try_renew (gchar, par.buffer, strlen (par.buffer) + len + 2);
data/klavaro-3.11/src/fluidness.c:222:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (par.buffer, "\n");
data/klavaro-3.11/src/fluidness.c:332:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
raw.len = strlen (text);
data/klavaro-3.11/src/fluidness.c:452:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (text_filtered, sizeof (gchar), strlen (text_filtered), fh_destiny);
data/klavaro-3.11/src/fluidness.c:508:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (text_filtered, sizeof (gchar), strlen (text_filtered), fh_destiny);
data/klavaro-3.11/src/fluidness.c:560:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert_at_cursor (buf, tmp_str, strlen (tmp_str));
data/klavaro-3.11/src/keyboard.c:707:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen (dentry);
data/klavaro-3.11/src/plot.c:416:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (language[i][len = (strlen(language[i])-1)] == '\n')
data/klavaro-3.11/src/plot.c:472:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (language[i][len = (strlen(language[i])-1)] == '\n')
data/klavaro-3.11/src/top10.c:164:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
top10[i].name_len = strlen (NOBODY);
data/klavaro-3.11/src/top10.c:204:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
statnamelen = strlen (stat->name);
data/klavaro-3.11/src/top10.c:211:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
statnamelen = strlen (stat->name);
data/klavaro-3.11/src/top10.c:334:19: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
top10.lang[0] = getc (fh);
data/klavaro-3.11/src/top10.c:342:19: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
top10.lang[1] = getc (fh);
data/klavaro-3.11/src/top10.c:350:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
top10.genv = getc (fh);
data/klavaro-3.11/src/top10.c:450:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
top10[i].lang[0] = fgetc (fh);
data/klavaro-3.11/src/top10.c:458:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
top10[i].lang[1] = fgetc (fh);
data/klavaro-3.11/src/top10.c:466:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
top10[i].genv = fgetc (fh);
data/klavaro-3.11/src/top10.c:934:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (username) == 0)
data/klavaro-3.11/src/top10.c:939:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (username) == 0)
data/klavaro-3.11/src/translation.c:197:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (lang[i].cd, lang[i].code, 2);
data/klavaro-3.11/src/translation.c:279:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (aux_code_2, test, 2);
data/klavaro-3.11/src/translation.c:696:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fh == NULL && strlen (tmp_code) > 1)
data/klavaro-3.11/src/tutor.c:1187:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stat.name_len = strlen (tmp_name);
data/klavaro-3.11/src/tutor.c:1190:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (stat.name, tmp_name, stat.name_len + 1);
data/klavaro-3.11/src/tutor.c:1267:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert_at_cursor (buf, tmp_str2, strlen (tmp_str2));
data/klavaro-3.11/src/tutor.c:1272:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert_at_cursor (buf, tmp_str2, strlen (tmp_str2));
data/klavaro-3.11/src/tutor.c:1276:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_iter_backward_cursor_positions (&start, strlen (tmp_str2));
data/klavaro-3.11/src/tutor.c:1285:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert_at_cursor (buf, tmp_str2, strlen (tmp_str2));
data/klavaro-3.11/src/tutor.c:1292:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert_at_cursor (buf, tmp_str2, strlen (tmp_str2));
data/klavaro-3.11/src/tutor.c:1297:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert_at_cursor (buf, tmp_str2, strlen (tmp_str2));
data/klavaro-3.11/src/tutor.c:1301:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_iter_backward_cursor_positions (&start, strlen (tmp_str2));
data/klavaro-3.11/src/tutor.c:1310:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert_at_cursor (buf, tmp_str2, strlen (tmp_str2));
data/klavaro-3.11/src/tutor.c:1315:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert_at_cursor (buf, tmp_str2, strlen (tmp_str2));
data/klavaro-3.11/src/tutor.c:1320:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert_at_cursor (buf, tmp_str2, strlen (tmp_str2));
data/klavaro-3.11/src/tutor.c:1324:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_iter_backward_cursor_positions (&start, strlen (tmp_str2));
data/klavaro-3.11/src/tutor.c:1333:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert_at_cursor (buf, tmp_str2, strlen (tmp_str2));
data/klavaro-3.11/src/tutor.c:1340:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert_at_cursor (buf, tmp_str2, strlen (tmp_str2));
data/klavaro-3.11/src/tutor.c:1345:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert_at_cursor (buf, tmp_str2, strlen (tmp_str2));
data/klavaro-3.11/src/tutor.c:1349:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_iter_backward_cursor_positions (&start, strlen (tmp_str2));
data/klavaro-3.11/src/tutor.c:1360:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert_at_cursor (buf, tmp_str2, strlen (tmp_str2));
data/klavaro-3.11/src/tutor.c:1367:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert_at_cursor (buf, tmp_str2, strlen (tmp_str2));
data/klavaro-3.11/src/tutor.c:1385:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert_at_cursor (buf, contest_ps, strlen (contest_ps));
data/klavaro-3.11/src/tutor.c:1633:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (dentry) < 5)
data/klavaro-3.11/src/tutor.c:1728:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_editable_insert_text (GTK_EDITABLE (wg), g_strdup (mesg), strlen (mesg), &pos);
data/klavaro-3.11/src/tutor.c:1856:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (ut8, "%");
data/klavaro-3.11/src/velocity.c:188:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (par.i + strlen (word) + 8 > par.size) /* check for buffer sizing, some spare for paragraph ending */
data/klavaro-3.11/src/velocity.c:195:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
par.i += strlen (word);
data/klavaro-3.11/src/velocity.c:199:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(par.text, "་");
data/klavaro-3.11/src/velocity.c:212:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(par.text + par.i, "།");
data/klavaro-3.11/src/velocity.c:250:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
raw.len = strlen (text);
data/klavaro-3.11/src/velocity.c:352:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (text_filtered, sizeof (gchar), strlen (text_filtered), fh_destiny);
data/klavaro-3.11/src/velocity.c:413:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (text_filtered, sizeof (gchar), strlen (text_filtered), fh_destiny);
data/klavaro-3.11/src/velocity.c:480:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert_at_cursor (buf, tmp_str, strlen (tmp_str));
ANALYSIS SUMMARY:
Hits = 98
Lines analyzed = 20337 in approximately 1.35 seconds (15115 lines/second)
Physical Source Lines of Code (SLOC) = 14241
Hits@level = [0] 34 [1] 70 [2] 13 [3] 2 [4] 13 [5] 0
Hits@level+ = [0+] 132 [1+] 98 [2+] 28 [3+] 15 [4+] 13 [5+] 0
Hits/KSLOC@level+ = [0+] 9.26901 [1+] 6.88154 [2+] 1.96615 [3+] 1.0533 [4+] 0.912857 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.