Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libinfinity-0.7.1/infinoted/infinoted-startup.c
Examining data/libinfinity-0.7.1/infinoted/infinoted-dh-params.c
Examining data/libinfinity-0.7.1/infinoted/infinoted-config-reload.c
Examining data/libinfinity-0.7.1/infinoted/infinoted-signal.c
Examining data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-directory-sync.c
Examining data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-note-text.c
Examining data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-note-chat.c
Examining data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-logging.c
Examining data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-traffic-logging.c
Examining data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-linekeeper.c
Examining data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-document-stream.c
Examining data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-dbus.c
Examining data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-certificate-auth.c
Examining data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-record.c
Examining data/libinfinity-0.7.1/infinoted/plugins/util/infinoted-plugin-util-navigate-browser.h
Examining data/libinfinity-0.7.1/infinoted/plugins/util/infinoted-plugin-util-navigate-browser.c
Examining data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-transformation-protection.c
Examining data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-autosave.c
Examining data/libinfinity-0.7.1/infinoted/infinoted-config-reload.h
Examining data/libinfinity-0.7.1/infinoted/infinoted-parameter.h
Examining data/libinfinity-0.7.1/infinoted/infinoted-run.h
Examining data/libinfinity-0.7.1/infinoted/infinoted-plugin-manager.h
Examining data/libinfinity-0.7.1/infinoted/infinoted-signal.h
Examining data/libinfinity-0.7.1/infinoted/infinoted-pam.c
Examining data/libinfinity-0.7.1/infinoted/infinoted-log.h
Examining data/libinfinity-0.7.1/infinoted/infinoted-options.c
Examining data/libinfinity-0.7.1/infinoted/infinoted-main.c
Examining data/libinfinity-0.7.1/infinoted/infinoted-run.c
Examining data/libinfinity-0.7.1/infinoted/infinoted-parameter.c
Examining data/libinfinity-0.7.1/infinoted/infinoted-pam.h
Examining data/libinfinity-0.7.1/infinoted/infinoted-util.h
Examining data/libinfinity-0.7.1/infinoted/infinoted-options.h
Examining data/libinfinity-0.7.1/infinoted/infinoted-util.c
Examining data/libinfinity-0.7.1/infinoted/infinoted-log.c
Examining data/libinfinity-0.7.1/infinoted/infinoted-dh-params.h
Examining data/libinfinity-0.7.1/infinoted/infinoted-plugin-manager.c
Examining data/libinfinity-0.7.1/infinoted/infinoted-startup.h
Examining data/libinfinity-0.7.1/test/inf-test-traffic-replay.c
Examining data/libinfinity-0.7.1/test/inf-test-state-vector.c
Examining data/libinfinity-0.7.1/test/inf-test-reduce-replay.c
Examining data/libinfinity-0.7.1/test/inf-test-daemon.c
Examining data/libinfinity-0.7.1/test/inf-test-tcp-server.c
Examining data/libinfinity-0.7.1/test/inf-test-text-fixline.c
Examining data/libinfinity-0.7.1/test/inf-test-text-replay.c
Examining data/libinfinity-0.7.1/test/inf-test-certificate-validate.c
Examining data/libinfinity-0.7.1/test/inf-test-chunk.c
Examining data/libinfinity-0.7.1/test/inf-test-xmpp-connection.c
Examining data/libinfinity-0.7.1/test/inf-test-mass-join.c
Examining data/libinfinity-0.7.1/test/inf-test-text-quick-write.c
Examining data/libinfinity-0.7.1/test/inf-test-certificate-request.c
Examining data/libinfinity-0.7.1/test/inf-test-browser.c
Examining data/libinfinity-0.7.1/test/inf-test-xmpp-server.c
Examining data/libinfinity-0.7.1/test/util/inf-test-util.h
Examining data/libinfinity-0.7.1/test/util/inf-test-util.c
Examining data/libinfinity-0.7.1/test/inf-test-chat.c
Examining data/libinfinity-0.7.1/test/inf-test-gtk-browser.c
Examining data/libinfinity-0.7.1/test/inf-test-tcp-connection.c
Examining data/libinfinity-0.7.1/test/inf-test-text-cleanup.c
Examining data/libinfinity-0.7.1/test/inf-test-set-acl.c
Examining data/libinfinity-0.7.1/test/inf-test-text-session.c
Examining data/libinfinity-0.7.1/test/inf-test-text-recover.c
Examining data/libinfinity-0.7.1/test/inf-test-text-operations.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-insert-operation.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-delete-operation.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-fixline-buffer.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-operations.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-user.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-default-buffer.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-move-operation.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-default-insert-operation.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-remote-delete-operation.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-filesystem-format.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-filesystem-format.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-default-buffer.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-undo-grouping.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-fixline-buffer.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-default-delete-operation.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-chunk.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-user.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-session.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-undo-grouping.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-delete-operation.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-chunk.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-buffer.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-buffer.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-session.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-remote-delete-operation.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-default-delete-operation.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-insert-operation.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-move-operation.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-default-insert-operation.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-acl-sheet-view.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-browser-model-sort.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-certificate-manager.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-browser-model.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-permissions-dialog.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-account-creation-dialog.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-chat.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-browser-view.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-browser-store.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-connection-view.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-account-creation-dialog.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-browser-model-filter.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-browser-model-filter.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-certificate-dialog.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-io.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-browser-store.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-resources.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-certificate-view.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-browser-view.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-chat.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-acl-sheet-view.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-browser-model.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-certificate-dialog.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-connection-view.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-permissions-dialog.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-io.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-certificate-manager.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-certificate-view.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-resources.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-browser-model-sort.h
Examining data/libinfinity-0.7.1/libinfinity/inf-i18n.h
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-request-log.c
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-no-operation.h
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-undo-grouping.c
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-state-vector.h
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-session-record.h
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-session-replay.h
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-user.h
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-split-operation.h
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-no-operation.c
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-operation.h
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-session-record.c
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-session.h
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-session.c
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-algorithm.c
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-undo-grouping.h
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-split-operation.c
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-session-replay.c
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-state-vector.c
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-request.h
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-operation.c
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-request-log.h
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-user.c
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-request.c
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-algorithm.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-request.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-xmpp-connection.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-session-proxy.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-xml-util.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-xmpp-connection.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-error.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-buffer.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-protocol.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-name-resolver.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-init.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-browser.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-sasl-context.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-certificate-verify.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-xmpp-manager.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-keepalive.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-chat-buffer.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-tcp-connection.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-native-socket.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-cert-util.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-buffer.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-acl.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-chat-session.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-keepalive.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-user.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-user.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-xml-connection.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-acl.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-protocol.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-error.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-xml-util.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-tcp-connection-private.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-xml-connection.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-tcp-connection.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-request-result.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-local-publisher.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-async-operation.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-browser.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-file-util.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-native-socket.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-request-result.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-certificate-chain.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-discovery.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-discovery-avahi.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-session.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-certificate-chain.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-cert-util.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-sasl-context.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-certificate-verify.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-file-util.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-certificate-credentials.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-xmpp-manager.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-ip-address.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-name-resolver.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-simulated-connection.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-chat-session.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-standalone-io.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-local-publisher.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-browser-iter.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-request.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-discovery.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-ip-address.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-async-operation.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-certificate-credentials.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-io.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-io.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-session-proxy.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-standalone-io.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-init.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-session.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-chat-buffer.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-discovery-avahi.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-browser-iter.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-simulated-connection.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-user-table.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-user-table.c
Examining data/libinfinity-0.7.1/libinfinity/inf-config.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-chat-filesystem-format.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-storage.c
Examining data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-storage.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-account-storage.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-xmpp-server.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-chat-filesystem-format.c
Examining data/libinfinity-0.7.1/libinfinity/server/infd-request.c
Examining data/libinfinity-0.7.1/libinfinity/server/infd-xml-server.c
Examining data/libinfinity-0.7.1/libinfinity/server/infd-note-plugin.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-session-proxy.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-progress-request.c
Examining data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-account-storage.c
Examining data/libinfinity-0.7.1/libinfinity/server/infd-server-pool.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-tcp-server.c
Examining data/libinfinity-0.7.1/libinfinity/server/infd-account-storage.c
Examining data/libinfinity-0.7.1/libinfinity/server/infd-storage.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-xmpp-server.c
Examining data/libinfinity-0.7.1/libinfinity/server/infd-directory.c
Examining data/libinfinity-0.7.1/libinfinity/server/infd-account-storage.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-directory.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-xml-server.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-tcp-server.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-storage.c
Examining data/libinfinity-0.7.1/libinfinity/server/infd-request.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-session-proxy.c
Examining data/libinfinity-0.7.1/libinfinity/server/infd-progress-request.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-server-pool.c
Examining data/libinfinity-0.7.1/libinfinity/inf-define-enum.h
Examining data/libinfinity-0.7.1/libinfinity/inf-signals.h
Examining data/libinfinity-0.7.1/libinfinity/client/infc-request.h
Examining data/libinfinity-0.7.1/libinfinity/client/infc-note-plugin.h
Examining data/libinfinity-0.7.1/libinfinity/client/infc-request-manager.c
Examining data/libinfinity-0.7.1/libinfinity/client/infc-request.c
Examining data/libinfinity-0.7.1/libinfinity/client/infc-progress-request.h
Examining data/libinfinity-0.7.1/libinfinity/client/infc-progress-request.c
Examining data/libinfinity-0.7.1/libinfinity/client/infc-session-proxy.c
Examining data/libinfinity-0.7.1/libinfinity/client/infc-browser.h
Examining data/libinfinity-0.7.1/libinfinity/client/infc-request-manager.h
Examining data/libinfinity-0.7.1/libinfinity/client/infc-session-proxy.h
Examining data/libinfinity-0.7.1/libinfinity/client/infc-browser.c
Examining data/libinfinity-0.7.1/libinfinity/inf-i18n.c
Examining data/libinfinity-0.7.1/libinfinity/inf-dll.c
Examining data/libinfinity-0.7.1/libinfinity/inf-signals.c
Examining data/libinfinity-0.7.1/libinfinity/inf-dll.h
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-central-factory.c
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-object.c
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-central-factory.h
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-central-method.c
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-hosted-group.h
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-joined-group.h
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-group.h
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-method.h
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-manager.h
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-factory.h
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-hosted-group.c
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-group-private.h
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-central-method.h
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-joined-group.c
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-factory.c
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-manager.c
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-object.h
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-group.c
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-method.c
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-registry.h
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-registry.c
Examining data/libinfinity-0.7.1/libinftextgtk/inf-text-gtk-buffer.c
Examining data/libinfinity-0.7.1/libinftextgtk/inf-text-gtk-viewport.h
Examining data/libinfinity-0.7.1/libinftextgtk/inf-text-gtk-hue-chooser.h
Examining data/libinfinity-0.7.1/libinftextgtk/inf-text-gtk-hue-chooser.c
Examining data/libinfinity-0.7.1/libinftextgtk/inf-text-gtk-viewport.c
Examining data/libinfinity-0.7.1/libinftextgtk/inf-text-gtk-view.c
Examining data/libinfinity-0.7.1/libinftextgtk/inf-text-gtk-view.h
Examining data/libinfinity-0.7.1/libinftextgtk/inf-text-gtk-buffer.h

FINAL RESULTS:

data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-traffic-logging.c:69:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vfprintf(info->file, fmt, arglist);
data/libinfinity-0.7.1/infinoted/infinoted-dh-params.c:67:22:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
    g_build_filename(g_get_home_dir(), ".infinoted", "dh.pem", NULL);
data/libinfinity-0.7.1/infinoted/infinoted-options.c:977:22:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
    g_build_filename(g_get_home_dir(), ".infinote", NULL);
data/libinfinity-0.7.1/infinoted/infinoted-util.c:62:18:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
                 g_get_home_dir());
data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-record.c:55:31:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
  basename = g_build_filename(g_get_home_dir(), ".infinoted-records", title, NULL);
data/libinfinity-0.7.1/libinfgtk/inf-gtk-browser-store.c:1082:17:  [3] (random) g_random_int:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  priv->stamp = g_random_int();
data/libinfinity-0.7.1/libinfinity/common/inf-name-resolver.c:373:9:  [3] (random) g_random_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    i = g_random_int_range(0, n_low_prio_srvs);
data/libinfinity-0.7.1/libinfinity/common/inf-name-resolver.c:377:12:  [3] (random) g_random_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    rand = g_random_int_range(0, total_weight);
data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-account-storage.c:1183:53:  [3] (random) g_random_int:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    id_str = g_strdup_printf("fs:user:%s:%x", name, g_random_int());
data/libinfinity-0.7.1/libinftext/inf-text-session.c:1179:43:  [3] (random) g_random_double:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    g_value_set_double(&parameter->value, g_random_double());
data/libinfinity-0.7.1/test/inf-test-certificate-validate.c:424:34:  [3] (buffer) g_get_tmp_dir:
  This function is synonymous with 'getenv("TMP")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
  target_file = g_build_filename(g_get_tmp_dir(), "pinned-test", NULL);
data/libinfinity-0.7.1/test/inf-test-daemon.c:76:39:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
    root_directory = g_build_filename(g_get_home_dir(), ".infinote", NULL);
data/libinfinity-0.7.1/test/inf-test-text-quick-write.c:105:12:  [3] (random) g_random_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  action = g_random_int_range(0, 100000);
data/libinfinity-0.7.1/test/inf-test-text-quick-write.c:163:10:  [3] (random) g_random_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  secs = g_random_int_range(10, 50);
data/libinfinity-0.7.1/test/inf-test-text-session.c:213:44:  [3] (random) g_rand_int:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
      dist_item = g_slist_nth(permutation, g_rand_int(rand) % (dist + 1));
data/libinfinity-0.7.1/test/inf-test-text-session.c:214:14:  [3] (random) g_rand_int:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
      rval = g_rand_int(rand) % (dist + 1);
data/libinfinity-0.7.1/infinoted/infinoted-log.c:135:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char time_msg[128];
data/libinfinity-0.7.1/infinoted/infinoted-log.c:410:22:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    priv->log_file = fopen(path, "a");
data/libinfinity-0.7.1/infinoted/infinoted-pam.c:48:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(new_str, str, size);
data/libinfinity-0.7.1/infinoted/infinoted-pam.c:133:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char msgbuf[128];
data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-document-stream.c:148:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(queue->data + queue->pos + queue->len, data, len);
data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-document-stream.c:1416:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&addr.sun_path[1], ADDRESS_NAME, sizeof(ADDRESS_NAME) - 1);
data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-traffic-logging.c:56:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char time_msg[128];
data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-traffic-logging.c:223:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    info->file = fopen(info->filename, "a");
data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-session-record.c:572:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  priv->file = fopen(filename, "w");
data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-state-vector.c:207:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(new_vec->data, vec->data,
data/libinfinity-0.7.1/libinfinity/client/infc-browser.c:1614:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(seq_buffer, "%u", seq);
data/libinfinity-0.7.1/libinfinity/client/infc-session-proxy.c:351:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(seq_buffer, "%u", seq);
data/libinfinity-0.7.1/libinfinity/common/inf-acl.c:891:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(
data/libinfinity-0.7.1/libinfinity/common/inf-acl.c:925:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(
data/libinfinity-0.7.1/libinfinity/common/inf-cert-util.c:91:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[5];
data/libinfinity-0.7.1/libinfinity/common/inf-cert-util.c:1306:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char cert_id[20];
data/libinfinity-0.7.1/libinfinity/common/inf-cert-util.c:1308:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char key_id[20];
data/libinfinity-0.7.1/libinfinity/common/inf-chat-session.c:1209:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    new_file = fopen(log_file, "a");
data/libinfinity-0.7.1/libinfinity/common/inf-chat-session.c:1253:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(priv->log_filename, log_file, len);
data/libinfinity-0.7.1/libinfinity/common/inf-discovery-avahi.c:1457:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char device_name[IF_NAMESIZE];
data/libinfinity-0.7.1/libinfinity/common/inf-file-util.c:260:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  dir_fd = open(path, O_NOFOLLOW | O_RDONLY);
data/libinfinity-0.7.1/libinfinity/common/inf-file-util.c:262:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  dir_fd = open(path, O_RDONLY);
data/libinfinity-0.7.1/libinfinity/common/inf-ip-address.c:129:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(addr->shared.addr6.s6_addr, address, 16);
data/libinfinity-0.7.1/libinfinity/common/inf-ip-address.c:204:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(addr->shared.addr6.s6_addr, shared.addr6.sin6_addr.s6_addr, 16);
data/libinfinity-0.7.1/libinfinity/common/inf-ip-address.c:344:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(shared.addr6.sin6_addr.s6_addr, address->shared.addr6.s6_addr, 16);
data/libinfinity-0.7.1/libinfinity/common/inf-name-resolver.c:460:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ansbuf[4096];
data/libinfinity-0.7.1/libinfinity/common/inf-name-resolver.c:461:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char hostbuf[256];
data/libinfinity-0.7.1/libinfinity/common/inf-session.c:1046:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(id_buf, "%u", g_value_get_uint(&params[i].value));
data/libinfinity-0.7.1/libinfinity/common/inf-session.c:1754:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(num_messages_buf, "%u", sync->messages_total - 2);
data/libinfinity-0.7.1/libinfinity/common/inf-standalone-io.c:195:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[1];
data/libinfinity-0.7.1/libinfinity/common/inf-standalone-io.c:923:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(
data/libinfinity-0.7.1/libinfinity/common/inf-standalone-io.c:929:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(
data/libinfinity-0.7.1/libinfinity/common/inf-tcp-connection.c:423:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(
data/libinfinity-0.7.1/libinfinity/common/inf-tcp-connection.c:438:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(
data/libinfinity-0.7.1/libinfinity/common/inf-tcp-connection.c:1066:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char device_name[IF_NAMESIZE];
data/libinfinity-0.7.1/libinfinity/common/inf-tcp-connection.c:1687:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(priv->queue + priv->front_pos, data, len);
data/libinfinity-0.7.1/libinfinity/common/inf-xml-connection.c:251:31:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  g_return_val_if_fail(iface->open != NULL, FALSE);
data/libinfinity-0.7.1/libinfinity/common/inf-xml-connection.c:253:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  return iface->open(connection, error);
data/libinfinity-0.7.1/libinfinity/common/inf-xml-connection.h:82:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  gboolean (*open)(InfXmlConnection* connection,
data/libinfinity-0.7.1/libinfinity/common/inf-xml-util.c:800:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[sizeof(gint) * 3 + 1];
data/libinfinity-0.7.1/libinfinity/common/inf-xml-util.c:801:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(buffer, "%d", value);
data/libinfinity-0.7.1/libinfinity/common/inf-xml-util.c:820:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[sizeof(glong) * 3 + 1];
data/libinfinity-0.7.1/libinfinity/common/inf-xml-util.c:821:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(buffer, "%ld", value);
data/libinfinity-0.7.1/libinfinity/common/inf-xml-util.c:840:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[sizeof(guint) * 3 + 1];
data/libinfinity-0.7.1/libinfinity/common/inf-xml-util.c:841:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(buffer, "%u", value);
data/libinfinity-0.7.1/libinfinity/common/inf-xml-util.c:860:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[sizeof(gulong) * 3 + 1];
data/libinfinity-0.7.1/libinfinity/common/inf-xml-util.c:861:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(buffer, "%lu", value);
data/libinfinity-0.7.1/libinfinity/common/inf-xml-util.c:880:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[G_ASCII_DTOSTR_BUF_SIZE];
data/libinfinity-0.7.1/libinfinity/common/inf-xmpp-connection.c:1152:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(data, priv->pull_data, pull_len);
data/libinfinity-0.7.1/libinfinity/server/infd-directory.c:3472:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(id_buf, "%u", node->id);
data/libinfinity-0.7.1/libinfinity/server/infd-directory.c:4379:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(path + len + sep_len, storage_node->name, node_len + 1);
data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-account-storage.c:446:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(salted_password, salt, 16);
data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-account-storage.c:447:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(salted_password + 16, password, password_len);
data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-account-storage.c:448:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(salted_password + 16 + password_len, salt + 16, 16);
data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-storage.c:208:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fd = open(path, O_NOFOLLOW | open_mode, 0644);
data/libinfinity-0.7.1/libinfinity/server/infd-tcp-server.c:594:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(
data/libinfinity-0.7.1/libinfinity/server/infd-tcp-server.c:608:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(
data/libinfinity-0.7.1/libinftext/inf-text-chunk.c:676:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(segment->text + offset_index, text, bytes);
data/libinfinity-0.7.1/libinftext/inf-text-chunk.c:807:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(
data/libinfinity-0.7.1/libinftext/inf-text-chunk.c:829:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(last_merge->text, last->text, last->length);
data/libinfinity-0.7.1/libinftext/inf-text-chunk.c:867:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(new_segment->text, last->text, last->length);
data/libinfinity-0.7.1/libinftext/inf-text-chunk.c:869:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(
data/libinfinity-0.7.1/libinftext/inf-text-chunk.c:883:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(
data/libinfinity-0.7.1/libinftext/inf-text-chunk.c:916:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(
data/libinfinity-0.7.1/libinftext/inf-text-chunk.c:1054:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(
data/libinfinity-0.7.1/libinftext/inf-text-chunk.c:1218:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(result + cur, segment->text, segment->length);
data/libinfinity-0.7.1/test/inf-test-browser.c:228:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[1024];
data/libinfinity-0.7.1/test/inf-test-chat.c:55:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[1024];
data/libinfinity-0.7.1/test/inf-test-text-recover.c:146:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  if(argc > 2) counter = atoi(argv[2]);
data/libinfinity-0.7.1/test/inf-test-text-session.c:409:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    rseed = atoi(argv[1]);
data/libinfinity-0.7.1/test/inf-test-traffic-replay.c:824:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  conn->file = fopen(replay->filename, "r");
data/libinfinity-0.7.1/test/inf-test-traffic-replay.c:1045:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      f = fopen(argv[i], "r");
data/libinfinity-0.7.1/infinoted/infinoted-main.c:65:18:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    prev_umask = umask(0777);
data/libinfinity-0.7.1/infinoted/infinoted-main.c:141:5:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    umask(prev_umask);
data/libinfinity-0.7.1/infinoted/infinoted-options.c:240:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    options->password_len = strlen(options->password);
data/libinfinity-0.7.1/infinoted/infinoted-pam.c:46:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size = strlen(str) + 1;
data/libinfinity-0.7.1/infinoted/infinoted-startup.c:376:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      password_len = strlen(password);
data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-document-stream.c:210:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  errlen = strlen(message);
data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-document-stream.c:291:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  namelen = strlen(inf_user_get_name(ms->user));
data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-record.c:56:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  pos = strlen(basename) + 8;
data/libinfinity-0.7.1/libinfgtk/inf-gtk-account-creation-dialog.c:119:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strlen(name)
data/libinfinity-0.7.1/libinfgtk/inf-gtk-resources.c:5438:31:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  __pragma(section(".CRT$XCU",read)) \
data/libinfinity-0.7.1/libinfgtk/inf-gtk-resources.c:5446:31:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  __pragma(section(".CRT$XCU",read)) \
data/libinfinity-0.7.1/libinfgtk/inf-gtk-resources.c:5458:22:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  section(".CRT$XCU",read)
data/libinfinity-0.7.1/libinfgtk/inf-gtk-resources.c:5465:22:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  section(".CRT$XCU",read)
data/libinfinity-0.7.1/libinfinity/client/infc-browser.c:4427:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        cert_text.size = strlen(cert_text.data);
data/libinfinity-0.7.1/libinfinity/common/inf-cert-util.c:133:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      strlen(desc->dn_common_name)
data/libinfinity-0.7.1/libinfinity/common/inf-chat-session.c:1250:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(log_file);
data/libinfinity-0.7.1/libinfinity/common/inf-standalone-io.c:380:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
              ret = read(priv->events[0].fd, &buf, 1);
data/libinfinity-0.7.1/libinfinity/common/inf-xml-util.c:918:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  inf_xml_util_add_child_text(xml, error->message, strlen(error->message));
data/libinfinity-0.7.1/libinfinity/common/inf-xmpp-connection.c:1478:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for(len = strlen(mechanism); mechlist != NULL; mechlist = strchr(res, ' '))
data/libinfinity-0.7.1/libinfinity/common/inf-xmpp-connection.c:1950:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  inf_xmpp_connection_send_chars(xmpp, reply, strlen(reply));
data/libinfinity-0.7.1/libinfinity/common/inf-xmpp-connection.c:2036:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if(end == NULL) end = begin + strlen(begin);
data/libinfinity-0.7.1/libinfinity/common/inf-xmpp-connection.c:3082:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    inf_xmpp_connection_send_chars(xmpp, request, strlen(request));
data/libinfinity-0.7.1/libinfinity/server/infd-directory.c:4365:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    node_len = strlen(storage_node->name);
data/libinfinity-0.7.1/libinfinity/server/infd-directory.c:6410:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        crq_text.size = strlen(crq_text.data);
data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-account-storage.c:203:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    datum.size = strlen(password_salt);
data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-account-storage.c:234:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    datum.size = strlen(password_hash);
data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-account-storage.c:443:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  password_len = strlen(password);
data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-account-storage.c:1101:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(strlen(name) > 48)
data/libinfinity-0.7.1/libinftextgtk/inf-text-gtk-buffer.c:1575:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      strlen(text), /* I hate strlen. GTK+ should tell us how many bytes. */
data/libinfinity-0.7.1/test/inf-test-browser.c:244:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if(strlen(buffer) != sizeof(buffer) ||
data/libinfinity-0.7.1/test/inf-test-browser.c:247:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      buffer[strlen(buffer)-1] = '\0';
data/libinfinity-0.7.1/test/inf-test-certificate-request.c:165:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      strlen("Armin Burgmeier")
data/libinfinity-0.7.1/test/inf-test-chat.c:69:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if(strlen(buffer) != sizeof(buffer) ||
data/libinfinity-0.7.1/test/inf-test-chat.c:72:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      buffer[strlen(buffer)-1] = '\0';
data/libinfinity-0.7.1/test/inf-test-chat.c:80:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          strlen(buffer),
data/libinfinity-0.7.1/test/inf-test-text-fixline.c:74:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(strlen(check_text) != len || strncmp(check_text, text, len) != 0)
data/libinfinity-0.7.1/test/inf-test-text-fixline.c:117:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strlen(initial_buffer_content),
data/libinfinity-0.7.1/test/inf-test-text-fixline.c:118:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strlen(initial_buffer_content),
data/libinfinity-0.7.1/test/inf-test-text-fixline.c:155:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen(text),
data/libinfinity-0.7.1/test/inf-test-text-fixline.c:156:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen(text),
data/libinfinity-0.7.1/test/inf-test-text-fixline.c:166:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen(text),
data/libinfinity-0.7.1/test/inf-test-text-fixline.c:167:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen(text),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:109:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      strlen(def->text),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:110:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      strlen(def->text),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:192:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:193:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:202:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:203:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:268:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:269:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:279:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:280:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:369:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:370:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:379:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:380:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:544:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:545:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strlen(EXAMPLE_DOCUMENT),

ANALYSIS SUMMARY:

Hits = 146
Lines analyzed = 155139 in approximately 3.60 seconds (43041 lines/second)
Physical Source Lines of Code (SLOC) = 107616
Hits@level = [0] 268 [1]  58 [2]  72 [3]  15 [4]   1 [5]   0
Hits@level+ = [0+] 414 [1+] 146 [2+]  88 [3+]  16 [4+]   1 [5+]   0
Hits/KSLOC@level+ = [0+] 3.84701 [1+] 1.35668 [2+] 0.817722 [3+] 0.148677 [4+] 0.0092923 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.