Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/morla-0.16.1/modules/test.c
Examining data/morla-0.16.1/src/blanknode.c
Examining data/morla-0.16.1/src/browser.c
Examining data/morla-0.16.1/src/checks.c
Examining data/morla-0.16.1/src/datatype.c
Examining data/morla-0.16.1/src/dialog.c
Examining data/morla-0.16.1/src/edit.c
Examining data/morla-0.16.1/src/file.c
Examining data/morla-0.16.1/src/filechooser.c
Examining data/morla-0.16.1/src/graph.c
Examining data/morla-0.16.1/src/help.c
Examining data/morla-0.16.1/src/info.c
Examining data/morla-0.16.1/src/js.c
Examining data/morla-0.16.1/src/last.c
Examining data/morla-0.16.1/src/maker.c
Examining data/morla-0.16.1/src/merge.c
Examining data/morla-0.16.1/src/module.c
Examining data/morla-0.16.1/src/morla-module.h
Examining data/morla-0.16.1/src/morla.h
Examining data/morla-0.16.1/src/namespace.c
Examining data/morla-0.16.1/src/navigator.c
Examining data/morla-0.16.1/src/ntriples.c
Examining data/morla-0.16.1/src/rdf.c
Examining data/morla-0.16.1/src/rdfs.c
Examining data/morla-0.16.1/src/search.c
Examining data/morla-0.16.1/src/splash.c
Examining data/morla-0.16.1/src/template.c
Examining data/morla-0.16.1/src/textview.c
Examining data/morla-0.16.1/src/unredo.c
Examining data/morla-0.16.1/src/update.c
Examining data/morla-0.16.1/src/query.c
Examining data/morla-0.16.1/src/about.c
Examining data/morla-0.16.1/src/download.c
Examining data/morla-0.16.1/src/editor.h
Examining data/morla-0.16.1/src/gconf.c
Examining data/morla-0.16.1/src/init.c
Examining data/morla-0.16.1/src/main.c
Examining data/morla-0.16.1/src/preferences.c

FINAL RESULTS:

data/morla-0.16.1/src/datatype.c:31:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
      snprintf (s, sizeof (s), c, msg, w); \
data/morla-0.16.1/src/main.c:299:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      fprintf (stderr, PACKAGE " " VERSION ": %s\n", error->message);
data/morla-0.16.1/src/main.c:1517:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  snprintf (s, sizeof (s), PACKAGE " " VERSION " (%s)", u.sysname);
data/morla-0.16.1/src/file.c:511:44:  [3] (buffer) g_get_tmp_dir:
  This function is synonymous with 'getenv("TMP")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
      g_snprintf (s, sizeof (s), "%s%c%d", g_get_tmp_dir (), G_DIR_SEPARATOR,
data/morla-0.16.1/src/file.c:542:45:  [3] (buffer) g_get_tmp_dir:
  This function is synonymous with 'getenv("TMP")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
  return g_strdup_printf ("%s%cIMPOSSIBLE", g_get_tmp_dir (),
data/morla-0.16.1/src/filechooser.c:91:7:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
					 g_get_home_dir ());
data/morla-0.16.1/src/init.c:229:36:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
		g_build_path (G_DIR_SEPARATOR_S, g_get_home_dir (),
data/morla-0.16.1/src/init.c:1660:42:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
  if (!strcmp (g_get_user_config_dir (), g_get_home_dir ()))
data/morla-0.16.1/src/init.c:1664:38:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
    g_build_path (G_DIR_SEPARATOR_S, g_get_home_dir (), "." PACKAGE, NULL);
data/morla-0.16.1/src/init.c:1693:39:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
	    g_build_path (G_DIR_SEPARATOR_S, g_get_home_dir (), "." PACKAGE,
data/morla-0.16.1/src/blanknode.c:56:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  *id = atoi (what);
data/morla-0.16.1/src/download.c:224:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (mem->mm + mem->size, ptr, realsize);
data/morla-0.16.1/src/edit.c:1503:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			       atoi (prev_rdf->predicate +
data/morla-0.16.1/src/edit.c:2010:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  id_a = atoi (a->predicate + len);
data/morla-0.16.1/src/edit.c:2011:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  id_b = atoi (b->predicate + len);
data/morla-0.16.1/src/edit.c:2057:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      tocheck = atoi (rdf->predicate + len);
data/morla-0.16.1/src/edit.c:2149:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  tocheck = atoi (rdf->predicate + len);
data/morla-0.16.1/src/graph.c:411:8:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	      strcat (s, "...");
data/morla-0.16.1/src/init.c:161:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	      last_id = atoi (last);
data/morla-0.16.1/src/init.c:323:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  undo_max_value = atoi (t);
data/morla-0.16.1/src/init.c:333:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  last_document_value = atoi (t);
data/morla-0.16.1/src/init.c:355:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  update_show = atoi (t);
data/morla-0.16.1/src/init.c:365:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  automatic_extensions = atoi (t) == 1 ? TRUE : FALSE;
data/morla-0.16.1/src/init.c:375:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    default_height = atoi (attr->value);
data/morla-0.16.1/src/init.c:378:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    default_width = atoi (attr->value);
data/morla-0.16.1/src/init.c:396:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    download_proxy_port = atoi (attr->value);
data/morla-0.16.1/src/init.c:876:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    graph->fontsize = atoi (attr->value);
data/morla-0.16.1/src/init.c:969:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char szDefault[MAX_PATH];
data/morla-0.16.1/src/init.c:1035:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char szDefault[MAX_PATH];
data/morla-0.16.1/src/init.c:1099:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fd = open (file, O_WRONLY | O_CREAT, 0644)) < 0)
data/morla-0.16.1/src/js.c:355:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf (error_return, "morla_alert: illegal argument");
data/morla-0.16.1/src/js.c:376:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf (error_return, "morla_confirm: illegal argument");
data/morla-0.16.1/src/js.c:442:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf (error_return, "morla_set_value: too many argument");
data/morla-0.16.1/src/js.c:448:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf (error_return, "morla_set_value: the argument is not an array");
data/morla-0.16.1/src/namespace.c:180:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      if (ns->prefix[0] == '_' && (i = atoi (ns->prefix + 1)) && max < i)
data/morla-0.16.1/src/preferences.c:1936:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  graph_resource_node.fontsize = atoi (fontname + i + 1);
data/morla-0.16.1/src/preferences.c:2039:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  graph_blank_node.fontsize = atoi (fontname + i + 1);
data/morla-0.16.1/src/preferences.c:2142:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  graph_literal_node.fontsize = atoi (fontname + i + 1);
data/morla-0.16.1/src/preferences.c:2194:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  graph_edge.fontsize = atoi (fontname + i + 1);
data/morla-0.16.1/src/preferences.c:2445:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      fprintf (fl, "fontsize=\"%d\",", atoi (fontname + i + 1));
data/morla-0.16.1/src/preferences.c:2573:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      fprintf (fl, "fontsize=\"%d\",", atoi (fontname + i + 1));
data/morla-0.16.1/src/splash.c:534:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[1024];
data/morla-0.16.1/src/splash.c:578:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[1024];
data/morla-0.16.1/src/template.c:652:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    min_cardinality = atoi (r->object);
data/morla-0.16.1/src/template.c:656:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    max_cardinality = atoi (r->object);
data/morla-0.16.1/src/blanknode.c:48:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen (sp[0]);
data/morla-0.16.1/src/blanknode.c:59:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen (buf);
data/morla-0.16.1/src/blanknode.c:64:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len = strlen (sp[1]);
data/morla-0.16.1/src/datatype.c:284:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen (w);
data/morla-0.16.1/src/datatype.c:338:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen (w);
data/morla-0.16.1/src/datatype.c:365:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen (w);
data/morla-0.16.1/src/datatype.c:437:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen (w);
data/morla-0.16.1/src/datatype.c:465:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen (w);
data/morla-0.16.1/src/datatype.c:497:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen (w);
data/morla-0.16.1/src/datatype.c:523:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen (w);
data/morla-0.16.1/src/datatype.c:539:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen (w);
data/morla-0.16.1/src/datatype.c:553:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen (w);
data/morla-0.16.1/src/datatype.c:575:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen (w);
data/morla-0.16.1/src/datatype.c:589:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen (w);
data/morla-0.16.1/src/datatype.c:617:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen (w);
data/morla-0.16.1/src/dialog.c:238:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      for (i = j = 0, len = strlen (error); i < len; i++)
data/morla-0.16.1/src/edit.c:55:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen (data->node_nsselect);
data/morla-0.16.1/src/edit.c:247:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen (data->node_nsselect);
data/morla-0.16.1/src/edit.c:1252:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (prev_rdf && strncmp (prev_rdf->predicate, RDF_ITEM, strlen (RDF_ITEM)))
data/morla-0.16.1/src/edit.c:1266:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  len = strlen (ns->namespace);
data/morla-0.16.1/src/edit.c:1331:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (prev_rdf && strncmp (prev_rdf->predicate, RDF_ITEM, strlen (RDF_ITEM))
data/morla-0.16.1/src/edit.c:1501:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (prev_rdf && !strncmp (prev_rdf->predicate, RDF_ITEM, strlen (RDF_ITEM)))
data/morla-0.16.1/src/edit.c:1504:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				     strlen (RDF_ITEM)));
data/morla-0.16.1/src/edit.c:1542:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (!strncmp (prev_rdf->predicate, RDF_ITEM, strlen (RDF_ITEM)))
data/morla-0.16.1/src/edit.c:2009:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen (RDF_ITEM);
data/morla-0.16.1/src/edit.c:2021:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  gint len = strlen (RDF_ITEM);
data/morla-0.16.1/src/edit.c:2121:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      gint len = strlen (RDF_ITEM);
data/morla-0.16.1/src/file.c:253:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      for (len = strlen (file) - 1; len >= 0; len--)
data/morla-0.16.1/src/gconf.c:88:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  morla_proxy_enable = (gboolean) (strlen (morla_proxy) && morla_proxy_port);
data/morla-0.16.1/src/gconf.c:138:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  morla_proxy_enable = (gboolean) (strlen (morla_proxy) && morla_proxy_port);
data/morla-0.16.1/src/graph.c:39:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  gint len = strlen (str);
data/morla-0.16.1/src/graph.c:406:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (strlen (rdf->object) > 40)
data/morla-0.16.1/src/graph.c:409:8:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	      strncpy (s, rdf->object, 40);
data/morla-0.16.1/src/help.c:144:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen (uri) > 8)
data/morla-0.16.1/src/help.c:189:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (!(doc = xmlParseMemory (memory, strlen (memory))))
data/morla-0.16.1/src/help.c:195:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (!(ss_doc = xmlParseMemory (ss, strlen (ss))))
data/morla-0.16.1/src/help.c:237:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy (output, (gchar *) ret, len);
data/morla-0.16.1/src/help.c:368:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  html_document_write_stream (help_doc, tmp, strlen (tmp));
data/morla-0.16.1/src/help.c:377:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				  strlen (data.output));
data/morla-0.16.1/src/info.c:326:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      gint len = strlen (tmp);
data/morla-0.16.1/src/init.c:231:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      gint len = strlen (path);
data/morla-0.16.1/src/init.c:764:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  real = rdfs->path + strlen (path);
data/morla-0.16.1/src/init.c:1102:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen (morla_rdfs);
data/morla-0.16.1/src/init.c:1624:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (!strncmp (*str, MORLA_OLD_WEBSITE_1, strlen (MORLA_OLD_WEBSITE_1)))
data/morla-0.16.1/src/init.c:1627:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				    (*str) + strlen (MORLA_OLD_WEBSITE_1));
data/morla-0.16.1/src/init.c:1633:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (!strncmp (*str, MORLA_OLD_WEBSITE_2, strlen (MORLA_OLD_WEBSITE_2)))
data/morla-0.16.1/src/init.c:1636:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				    (*str) + strlen (MORLA_OLD_WEBSITE_2));
data/morla-0.16.1/src/init.c:1642:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (!strncmp (*str, MORLA_OLD_WEBSITE_3, strlen (MORLA_OLD_WEBSITE_3)))
data/morla-0.16.1/src/init.c:1645:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				    (*str) + strlen (MORLA_OLD_WEBSITE_3));
data/morla-0.16.1/src/js.c:184:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  JS_EvaluateScript (cx, global, buffer, strlen (buffer), "script", 0, &rval);
data/morla-0.16.1/src/js.c:253:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      (js->cx, js->global, str, strlen (str), "script", 0, &rval) == JS_FALSE)
data/morla-0.16.1/src/js.c:257:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      (js->cx, js->global, buffer, strlen (buffer), NULL, 0,
data/morla-0.16.1/src/js.c:263:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      (js->cx, js->global, str, strlen (str), "script", 0, &rval) == JS_FALSE)
data/morla-0.16.1/src/js.c:405:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			 strlen (value->value));
data/morla-0.16.1/src/js.c:412:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			 (unsigned char *) value->lang, strlen (value->lang));
data/morla-0.16.1/src/js.c:420:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			 strlen (value->datatype));
data/morla-0.16.1/src/js.c:503:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		       strlen (VERSION));
data/morla-0.16.1/src/js.c:544:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  JSString *version = JS_NewStringCopyN (cx, VERSION, strlen (VERSION));
data/morla-0.16.1/src/js.c:564:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      str = JS_NewStringCopyN (cx, value->value, strlen (value->value));
data/morla-0.16.1/src/js.c:577:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      str = JS_NewStringCopyN (cx, value->lang, strlen (value->lang));
data/morla-0.16.1/src/js.c:590:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      str = JS_NewStringCopyN (cx, value->datatype, strlen (value->datatype));
data/morla-0.16.1/src/last.c:59:16:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((ch = fgetc (fl)) != EOF)
data/morla-0.16.1/src/main.c:166:7:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
      strncat (s, (gchar *) l->data, strlen (s));
data/morla-0.16.1/src/main.c:166:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      strncat (s, (gchar *) l->data, strlen (s));
data/morla-0.16.1/src/main.c:169:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
	strncat (s, ", ", strlen (s));
data/morla-0.16.1/src/main.c:169:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strncat (s, ", ", strlen (s));
data/morla-0.16.1/src/main.c:1234:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  remaining_bytes = strlen (name);
data/morla-0.16.1/src/maker.c:1710:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len = strlen (data->node_nsselect);
data/morla-0.16.1/src/maker.c:1947:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (!(len = strlen (data->node_nsselect)))
data/morla-0.16.1/src/namespace.c:83:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  gint len = strlen (data->predicate);
data/morla-0.16.1/src/namespace.c:141:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  len = strlen (ns->namespace);
data/morla-0.16.1/src/namespace.c:215:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len = strlen (r->namespace);
data/morla-0.16.1/src/ntriples.c:150:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  ret = g_malloc (strlen (ptr) + 1);
data/morla-0.16.1/src/preferences.c:1930:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      for (i = strlen (fontname); i != 0; i--)
data/morla-0.16.1/src/preferences.c:2033:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      for (i = strlen (fontname); i != 0; i--)
data/morla-0.16.1/src/preferences.c:2136:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      for (i = strlen (fontname); i != 0; i--)
data/morla-0.16.1/src/preferences.c:2188:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      for (i = strlen (fontname); i != 0; i--)
data/morla-0.16.1/src/preferences.c:2439:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (i = strlen (fontname); i != 0; i--)
data/morla-0.16.1/src/preferences.c:2567:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (i = strlen (fontname); i != 0; i--)
data/morla-0.16.1/src/rdf.c:310:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (i = j = 0, len = strlen (str); i < len; i++)
data/morla-0.16.1/src/rdf.c:618:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  i = strlen (tmp);
data/morla-0.16.1/src/rdf.c:626:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size = strlen (tmp);
data/morla-0.16.1/src/rdf.c:1391:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  ret = g_malloc (strlen (ptr) + 1);
data/morla-0.16.1/src/splash.c:378:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  text_bytelen = strlen (text);
data/morla-0.16.1/src/splash.c:554:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  attr->end_index = strlen (buf);
data/morla-0.16.1/src/splash.c:559:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  attr->end_index = strlen (buf);
data/morla-0.16.1/src/template.c:151:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  gint len = strlen (str);
data/morla-0.16.1/src/template.c:953:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  else if (!strncmp (data->predicate, RDF_ITEM, strlen (RDF_ITEM)))

ANALYSIS SUMMARY:

Hits = 133
Lines analyzed = 34247 in approximately 0.70 seconds (48829 lines/second)
Physical Source Lines of Code (SLOC) = 25010
Hits@level = [0] 164 [1]  88 [2]  35 [3]   7 [4]   3 [5]   0
Hits@level+ = [0+] 297 [1+] 133 [2+]  45 [3+]  10 [4+]   3 [5+]   0
Hits/KSLOC@level+ = [0+] 11.8752 [1+] 5.31787 [2+] 1.79928 [3+] 0.39984 [4+] 0.119952 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.