Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libibtk-0.0.14/acconfig.h
Examining data/libibtk-0.0.14/src/idialogs.cpp
Examining data/libibtk-0.0.14/src/igbox.cpp
Examining data/libibtk-0.0.14/src/iintbox.cpp
Examining data/libibtk-0.0.14/src/irealbox.cpp
Examining data/libibtk-0.0.14/src/itextbox.cpp
Examining data/libibtk-0.0.14/src/iversion.cpp
Examining data/libibtk-0.0.14/src/main.cpp
Examining data/libibtk-0.0.14/src/ibox.h
Examining data/libibtk-0.0.14/src/ibutton.h
Examining data/libibtk-0.0.14/src/idialogs.h
Examining data/libibtk-0.0.14/src/idodad.h
Examining data/libibtk-0.0.14/src/igbox.h
Examining data/libibtk-0.0.14/src/ilistbox.h
Examining data/libibtk-0.0.14/src/isbutton.h
Examining data/libibtk-0.0.14/src/islider.h
Examining data/libibtk-0.0.14/src/istatbar.h
Examining data/libibtk-0.0.14/src/itextbox.h
Examining data/libibtk-0.0.14/src/iwindow.h
Examining data/libibtk-0.0.14/src/pclaim.h
Examining data/libibtk-0.0.14/src/version.h
Examining data/libibtk-0.0.14/src/ibox.cpp
Examining data/libibtk-0.0.14/src/ibutton.cpp
Examining data/libibtk-0.0.14/src/iintbox.h
Examining data/libibtk-0.0.14/src/ilistbox.cpp
Examining data/libibtk-0.0.14/src/irealbox.h
Examining data/libibtk-0.0.14/src/isbutton.cpp
Examining data/libibtk-0.0.14/src/islider.cpp
Examining data/libibtk-0.0.14/src/istatbar.cpp
Examining data/libibtk-0.0.14/src/iwindow.cpp
FINAL RESULTS:
data/libibtk-0.0.14/src/ibox.cpp:115:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text, "%s%c", txt, 0);
data/libibtk-0.0.14/src/ibox.cpp:263:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpt, "%s", text);
data/libibtk-0.0.14/src/ibox.cpp:264:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&tmpt[tcp], "%c%s%c", buf[0], &text[tcp2], 0);
data/libibtk-0.0.14/src/ibutton.cpp:37:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text, "%s%c", txt, 0);
data/libibtk-0.0.14/src/idialogs.cpp:46:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "/bin/ls -1aF %s > %s%c", types, tn, 0);
data/libibtk-0.0.14/src/idialogs.cpp:47:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(buf);
data/libibtk-0.0.14/src/idialogs.cpp:56:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(list[nfls], "%s%c", nm, 0);
data/libibtk-0.0.14/src/idialogs.cpp:78:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%c", l.GetSelection(0), 0);
data/libibtk-0.0.14/src/iintbox.cpp:136:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text, "%s%c", txt, 0);
data/libibtk-0.0.14/src/ilistbox.cpp:85:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text[ctr], "%s%c", txt[ctr], 0);
data/libibtk-0.0.14/src/irealbox.cpp:99:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text, "%s%c", txt, 0);
data/libibtk-0.0.14/src/islider.cpp:38:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text, "%s%c", t, 0);
data/libibtk-0.0.14/src/islider.cpp:102:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(txt, "%s%d%c", text, value, 0);
data/libibtk-0.0.14/src/iversion.cpp:44:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", IBTK_VERSION_STRING);
data/libibtk-0.0.14/src/iversion.cpp:54:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", IBTK_FULL_VERSION_STRING);
data/libibtk-0.0.14/src/idialogs.cpp:45:3: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
tmpnam(tn);
data/libibtk-0.0.14/src/ibox.cpp:208:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/libibtk-0.0.14/src/ibox.h:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[256];
data/libibtk-0.0.14/src/idialogs.cpp:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *list[256];
data/libibtk-0.0.14/src/idialogs.cpp:43:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/libibtk-0.0.14/src/idialogs.cpp:44:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tn[L_tmpnam];
data/libibtk-0.0.14/src/idialogs.cpp:49:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fs = fopen(tn, "r");
data/libibtk-0.0.14/src/idialogs.cpp:83:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return(fopen(nm, mode));
data/libibtk-0.0.14/src/iintbox.cpp:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[256];
data/libibtk-0.0.14/src/iintbox.cpp:82:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(txt, "%d%c", v, 0);
data/libibtk-0.0.14/src/iintbox.cpp:105:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[256];
data/libibtk-0.0.14/src/iintbox.cpp:106:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(txt, "%d%c", val, 0);
data/libibtk-0.0.14/src/iintbox.cpp:241:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256]; KeySym key; int len;
data/libibtk-0.0.14/src/irealbox.cpp:55:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[256];
data/libibtk-0.0.14/src/irealbox.cpp:56:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(txt, "%f%c", v, 0);
data/libibtk-0.0.14/src/irealbox.cpp:77:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[256];
data/libibtk-0.0.14/src/irealbox.cpp:78:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(txt, "%f%c", val, 0);
data/libibtk-0.0.14/src/islider.cpp:100:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[256];
data/libibtk-0.0.14/src/istatbar.cpp:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[18];
data/libibtk-0.0.14/src/istatbar.cpp:83:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(txt, "%d%% done%c", (progress*100)/total, 0);
data/libibtk-0.0.14/src/iversion.cpp:31:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[34];
data/libibtk-0.0.14/src/iversion.cpp:33:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.2d%.2d%.2d%.2d", IBTK_MAJOR_VERSION, IBTK_MINOR_VERSION,
data/libibtk-0.0.14/src/iversion.cpp:42:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[34];
data/libibtk-0.0.14/src/iversion.cpp:52:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[34];
data/libibtk-0.0.14/src/iwindow.cpp:599:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *cfg = fopen(CONFIGFILE, "r");
data/libibtk-0.0.14/src/iwindow.cpp:601:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], *ln;
data/libibtk-0.0.14/src/main.cpp:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lt[5] = {"file1", "file2", "file3", "file4", "lastfile" };
data/libibtk-0.0.14/src/ibox.cpp:116:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(tcp > (long)strlen(text)) { tcp = strlen(text); tcp2 = tcp; }
data/libibtk-0.0.14/src/ibox.cpp:116:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(tcp > (long)strlen(text)) { tcp = strlen(text); tcp2 = tcp; }
data/libibtk-0.0.14/src/ibox.cpp:125:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XTextExtents(fs, text, strlen(text), &dir, &as, &des, &cs);
data/libibtk-0.0.14/src/ibox.cpp:140:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text, strlen(text));
data/libibtk-0.0.14/src/ibox.cpp:144:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text, strlen(text));
data/libibtk-0.0.14/src/ibox.cpp:147:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text, strlen(text));
data/libibtk-0.0.14/src/ibox.cpp:158:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&text[tcp], strlen(&text[tcp]));
data/libibtk-0.0.14/src/ibox.cpp:218:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(text) > 0) {
data/libibtk-0.0.14/src/ibox.cpp:252:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(tcp<(int)strlen(text)) {
data/libibtk-0.0.14/src/ibox.cpp:262:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *tmpt = new char[strlen(text)+3];
data/libibtk-0.0.14/src/ibutton.cpp:36:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text = new char[strlen(txt)+2];
data/libibtk-0.0.14/src/ibutton.cpp:97:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XTextExtents(fs, text, strlen(text), &dir, &as, &des, &cs);
data/libibtk-0.0.14/src/ibutton.cpp:104:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text, strlen(text));
data/libibtk-0.0.14/src/ibutton.cpp:106:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text, strlen(text));
data/libibtk-0.0.14/src/ibutton.cpp:109:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text, strlen(text));
data/libibtk-0.0.14/src/ibutton.cpp:112:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text, strlen(text));
data/libibtk-0.0.14/src/idialogs.cpp:54:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(nm[strlen(nm)-1] == '\n') nm[strlen(nm)-1] = 0;
data/libibtk-0.0.14/src/idialogs.cpp:54:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(nm[strlen(nm)-1] == '\n') nm[strlen(nm)-1] = 0;
data/libibtk-0.0.14/src/idialogs.cpp:55:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list[nfls] = new char[strlen(nm)+1];
data/libibtk-0.0.14/src/idialogs.cpp:81:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(nm[strlen(nm)-1] == '@' || nm[strlen(nm)-1] == '*')
data/libibtk-0.0.14/src/idialogs.cpp:81:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(nm[strlen(nm)-1] == '@' || nm[strlen(nm)-1] == '*')
data/libibtk-0.0.14/src/idialogs.cpp:82:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nm[strlen(nm)-1] = 0;
data/libibtk-0.0.14/src/iintbox.cpp:137:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(tcp > (long)strlen(text)) { tcp = strlen(text); tcp2=tcp; }
data/libibtk-0.0.14/src/iintbox.cpp:137:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(tcp > (long)strlen(text)) { tcp = strlen(text); tcp2=tcp; }
data/libibtk-0.0.14/src/iintbox.cpp:138:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(tcp2 > (long)strlen(text)) { tcp2 = strlen(text); }
data/libibtk-0.0.14/src/iintbox.cpp:138:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(tcp2 > (long)strlen(text)) { tcp2 = strlen(text); }
data/libibtk-0.0.14/src/iintbox.cpp:146:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XTextExtents(fs, text, strlen(text), &dir, &as, &des, &cs);
data/libibtk-0.0.14/src/iintbox.cpp:161:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text, strlen(text));
data/libibtk-0.0.14/src/iintbox.cpp:165:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text, strlen(text));
data/libibtk-0.0.14/src/iintbox.cpp:168:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text, strlen(text));
data/libibtk-0.0.14/src/ilistbox.cpp:90:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XTextExtents(fs, txt[ctr], strlen(txt[ctr]), &dir, &as, &des, &cs);
data/libibtk-0.0.14/src/ilistbox.cpp:99:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XDrawImageString(disp, Wrk[ctr], gc, 0, as, txt[ctr], strlen(txt[ctr]));
data/libibtk-0.0.14/src/irealbox.cpp:100:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(tcp > (long)strlen(text)) tcp = strlen(text);
data/libibtk-0.0.14/src/irealbox.cpp:100:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(tcp > (long)strlen(text)) tcp = strlen(text);
data/libibtk-0.0.14/src/irealbox.cpp:108:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XTextExtents(fs, text, strlen(text), &dir, &as, &des, &cs);
data/libibtk-0.0.14/src/irealbox.cpp:123:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text, strlen(text));
data/libibtk-0.0.14/src/irealbox.cpp:127:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text, strlen(text));
data/libibtk-0.0.14/src/irealbox.cpp:130:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text, strlen(text));
data/libibtk-0.0.14/src/islider.cpp:37:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text = new char[strlen(t)+2];
data/libibtk-0.0.14/src/islider.cpp:107:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XTextExtents(fs, txt, strlen(txt), &dir, &as, &des, &cs);
data/libibtk-0.0.14/src/islider.cpp:122:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(ysize+ysize-(as+des-2))>>1, txt, strlen(txt));
data/libibtk-0.0.14/src/islider.cpp:128:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(ysize+ysize-(as+des-2))>>1, txt, strlen(txt));
data/libibtk-0.0.14/src/islider.cpp:143:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((ysize+ysize-(as+des-2))>>1)-2, txt, strlen(txt));
data/libibtk-0.0.14/src/islider.cpp:151:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((ysize+ysize-(as+des-2))>>1)-2, txt, strlen(txt));
data/libibtk-0.0.14/src/istatbar.cpp:88:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XTextExtents(fs, txt, strlen(txt), &dir, &as, &des, &cs);
data/libibtk-0.0.14/src/istatbar.cpp:95:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(ysize+ysize-(as+des-2))>>1, txt, strlen(txt));
data/libibtk-0.0.14/src/istatbar.cpp:105:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((ysize+ysize-(as+des-2))>>1)-2, txt, strlen(txt));
data/libibtk-0.0.14/src/itextbox.cpp:51:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XTextExtents(fs, txt, strlen(txt), &dir, &as, &des, &cs);
data/libibtk-0.0.14/src/itextbox.cpp:60:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
txt, strlen(txt));
data/libibtk-0.0.14/src/itextbox.cpp:77:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
txt, strlen(txt));
data/libibtk-0.0.14/src/iwindow.cpp:469:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp.nitems = strlen(tit);
ANALYSIS SUMMARY:
Hits = 93
Lines analyzed = 3704 in approximately 0.37 seconds (10007 lines/second)
Physical Source Lines of Code (SLOC) = 2686
Hits@level = [0] 5 [1] 51 [2] 26 [3] 1 [4] 15 [5] 0
Hits@level+ = [0+] 98 [1+] 93 [2+] 42 [3+] 16 [4+] 15 [5+] 0
Hits/KSLOC@level+ = [0+] 36.4855 [1+] 34.624 [2+] 15.6366 [3+] 5.95681 [4+] 5.58451 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.