Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libgrss-0.7.0/src/feed-atom-formatter.c
Examining data/libgrss-0.7.0/src/feed-atom-formatter.h
Examining data/libgrss-0.7.0/src/ns-handler.c
Examining data/libgrss-0.7.0/src/feeds-group.h
Examining data/libgrss-0.7.0/src/utils.h
Examining data/libgrss-0.7.0/src/libgrss.h
Examining data/libgrss-0.7.0/src/feeds-group-handler.h
Examining data/libgrss-0.7.0/src/feed-parser.h
Examining data/libgrss-0.7.0/src/tests/formatter.c
Examining data/libgrss-0.7.0/src/tests/channel.c
Examining data/libgrss-0.7.0/src/feed-atom-handler.h
Examining data/libgrss-0.7.0/src/feeds-store.c
Examining data/libgrss-0.7.0/src/feeds-xoxo-group-handler.c
Examining data/libgrss-0.7.0/src/feeds-opml-group-handler.h
Examining data/libgrss-0.7.0/src/feed-handler.h
Examining data/libgrss-0.7.0/src/person.h
Examining data/libgrss-0.7.0/src/ns-handler.h
Examining data/libgrss-0.7.0/src/feed-enclosure.h
Examining data/libgrss-0.7.0/src/feed-marshal.h
Examining data/libgrss-0.7.0/src/feeds-group.c
Examining data/libgrss-0.7.0/src/feeds-opml-group-handler.c
Examining data/libgrss-0.7.0/src/person.c
Examining data/libgrss-0.7.0/src/feed-atom-handler.c
Examining data/libgrss-0.7.0/src/feed-item.c
Examining data/libgrss-0.7.0/src/feeds-pool.c
Examining data/libgrss-0.7.0/src/feeds-subscriber-private.h
Examining data/libgrss-0.7.0/src/feeds-pubsubhubbub-subscriber.h
Examining data/libgrss-0.7.0/src/feed-rss-handler.h
Examining data/libgrss-0.7.0/src/feed-rss-formatter.h
Examining data/libgrss-0.7.0/src/feeds-pubsubhubbub-subscriber.c
Examining data/libgrss-0.7.0/src/feeds-publisher.c
Examining data/libgrss-0.7.0/src/feeds-xbel-group-handler.h
Examining data/libgrss-0.7.0/src/feeds-rsscloud-subscriber.c
Examining data/libgrss-0.7.0/src/feeds-xbel-group-handler.c
Examining data/libgrss-0.7.0/src/feed-enclosure.c
Examining data/libgrss-0.7.0/src/feed-formatter.h
Examining data/libgrss-0.7.0/src/feed-item.h
Examining data/libgrss-0.7.0/src/feed-pie-handler.h
Examining data/libgrss-0.7.0/src/feeds-xoxo-group-handler.h
Examining data/libgrss-0.7.0/src/feeds-subscriber-handler.h
Examining data/libgrss-0.7.0/src/feed-handler.c
Examining data/libgrss-0.7.0/src/feed-rss-handler.c
Examining data/libgrss-0.7.0/src/feeds-subscriber.h
Examining data/libgrss-0.7.0/src/feeds-publisher.h
Examining data/libgrss-0.7.0/src/feeds-subscriber.c
Examining data/libgrss-0.7.0/src/feeds-store.h
Examining data/libgrss-0.7.0/src/feed-pie-handler.c
Examining data/libgrss-0.7.0/src/feeds-subscriber-handler.c
Examining data/libgrss-0.7.0/src/feeds-group-handler.c
Examining data/libgrss-0.7.0/src/feed-parser.c
Examining data/libgrss-0.7.0/src/feed-channel.h
Examining data/libgrss-0.7.0/src/feeds-pool.h
Examining data/libgrss-0.7.0/src/feed-formatter.c
Examining data/libgrss-0.7.0/src/feeds-rsscloud-subscriber.h
Examining data/libgrss-0.7.0/src/utils.c
Examining data/libgrss-0.7.0/src/feed-rss-formatter.c
Examining data/libgrss-0.7.0/src/feed-channel.c
Examining data/libgrss-0.7.0/src/feed-marshal.c

FINAL RESULTS:

data/libgrss-0.7.0/src/feeds-publisher.c:633:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand (time (NULL));
data/libgrss-0.7.0/src/feed-atom-handler.c:368:15:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					length = atol (lengthStr);
data/libgrss-0.7.0/src/feed-rss-handler.c:214:50:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				grss_feed_channel_set_update_interval (feed, atoi (tmp));
data/libgrss-0.7.0/src/feed-rss-handler.c:329:15:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					length = atol (tmp2);
data/libgrss-0.7.0/src/ns-handler.c:343:14:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				length = atol (lengthStr);
data/libgrss-0.7.0/src/ns-handler.c:413:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			frequency = atoi ((gchar*) tmp);
data/libgrss-0.7.0/src/utils.c:350:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		offset = atoi (inptr);
data/libgrss-0.7.0/src/feed-atom-handler.c:470:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen (id) > 0)
data/libgrss-0.7.0/src/feed-channel.c:219:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	doc = content_to_xml (data, strlen (data));
data/libgrss-0.7.0/src/feed-rss-handler.c:357:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (strlen (tmp) > 0) {
data/libgrss-0.7.0/src/feeds-group.c:284:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (g_output_stream_write_all (G_OUTPUT_STREAM (stream), contents, strlen (contents), &written, NULL, &err) == FALSE) {
data/libgrss-0.7.0/src/feeds-publisher.c:375:114:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			soup_message_set_request (msg, "application/x-www-form-urlencoded", SOUP_MEMORY_STATIC, client->to_be_resent, strlen (client->to_be_resent));
data/libgrss-0.7.0/src/feeds-publisher.c:473:108:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				soup_message_set_request (msg, "application/x-www-form-urlencoded", SOUP_MEMORY_TAKE, g_strdup (text), strlen (text));
data/libgrss-0.7.0/src/feeds-publisher.c:494:83:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		soup_message_set_response (msg, "application/atom+xml", SOUP_MEMORY_COPY, text, strlen (text));
data/libgrss-0.7.0/src/feeds-publisher.c:574:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ret = g_output_stream_write_all (G_OUTPUT_STREAM (stream), text, strlen (text), NULL, NULL, error);
data/libgrss-0.7.0/src/feeds-publisher.c:800:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen (contents [i]) - 1;
data/libgrss-0.7.0/src/feeds-pubsubhubbub-subscriber.c:128:94:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	soup_message_set_request (msg, "application/x-www-form-urlencoded", SOUP_MEMORY_TAKE, body, strlen (body));
data/libgrss-0.7.0/src/feeds-pubsubhubbub-subscriber.c:158:102:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			soup_message_set_response (msg, "application/x-www-form-urlencoded", SOUP_MEMORY_TAKE, challenge, strlen (challenge));
data/libgrss-0.7.0/src/feeds-pubsubhubbub-subscriber.c:165:102:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			soup_message_set_response (msg, "application/x-www-form-urlencoded", SOUP_MEMORY_TAKE, challenge, strlen (challenge));
data/libgrss-0.7.0/src/feeds-pubsubhubbub-subscriber.c:178:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		doc = content_to_xml (msg->request_body->data, strlen (msg->request_body->data));
data/libgrss-0.7.0/src/feeds-pubsubhubbub-subscriber.c:231:94:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	soup_message_set_request (msg, "application/x-www-form-urlencoded", SOUP_MEMORY_TAKE, body, strlen (body));
data/libgrss-0.7.0/src/feeds-rsscloud-subscriber.c:98:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		doc = content_to_xml (msg->response_body->data, strlen (msg->response_body->data));
data/libgrss-0.7.0/src/feeds-rsscloud-subscriber.c:152:94:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	soup_message_set_request (msg, "application/x-www-form-urlencoded", SOUP_MEMORY_TAKE, body, strlen (body));
data/libgrss-0.7.0/src/feeds-rsscloud-subscriber.c:193:102:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			soup_message_set_response (msg, "application/x-www-form-urlencoded", SOUP_MEMORY_TAKE, challenge, strlen (challenge));
data/libgrss-0.7.0/src/feeds-subscriber.c:475:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen (tmp);
data/libgrss-0.7.0/src/feeds-xbel-group-handler.c:85:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (str != NULL && strlen (str) != 0) {
data/libgrss-0.7.0/src/feeds-xoxo-group-handler.c:102:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (str != NULL && strlen (str) != 0) {
data/libgrss-0.7.0/src/ns-handler.c:292:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!old || strlen (old) < strlen (tmp))
data/libgrss-0.7.0/src/ns-handler.c:292:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!old || strlen (old) < strlen (tmp))
data/libgrss-0.7.0/src/utils.c:45:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy (buffer->data + old_length, (gchar *)string, length);
data/libgrss-0.7.0/src/utils.c:58:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ctxt = htmlCreatePushParserCtxt (sax_p, buffer, string, strlen (string), "", XML_CHAR_ENCODING_UTF8);
data/libgrss-0.7.0/src/utils.c:72:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ctxt = xmlCreatePushParserCtxt (sax_p, buffer, string, strlen (string), "");
data/libgrss-0.7.0/src/utils.c:194:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				oldDoc = xhtml_parse ((gchar*) escapedhtml, strlen ((gchar*) escapedhtml));
data/libgrss-0.7.0/src/utils.c:359:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!strncmp (inptr, tz_offsets [t].name, strlen (tz_offsets [t].name))) {
data/libgrss-0.7.0/src/utils.c:477:86:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		else if ((*pos == '+' || *pos == '-') && isdigit (pos [1]) && isdigit (pos [2]) && strlen (pos) >= 3) {

ANALYSIS SUMMARY:

Hits = 35
Lines analyzed = 12284 in approximately 0.45 seconds (27136 lines/second)
Physical Source Lines of Code (SLOC) = 7505
Hits@level = [0]   1 [1]  28 [2]   6 [3]   1 [4]   0 [5]   0
Hits@level+ = [0+]  36 [1+]  35 [2+]   7 [3+]   1 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 4.7968 [1+] 4.66356 [2+] 0.932712 [3+] 0.133245 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.