Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/python-cmarkgfm-0.4.2/generated/unix/cmarkextensions_export.h
Examining data/python-cmarkgfm-0.4.2/generated/unix/cmark_export.h
Examining data/python-cmarkgfm-0.4.2/generated/unix/cmark_version.h
Examining data/python-cmarkgfm-0.4.2/generated/unix/config.h
Examining data/python-cmarkgfm-0.4.2/generated/windows/cmarkextensions_export.h
Examining data/python-cmarkgfm-0.4.2/generated/windows/cmark_export.h
Examining data/python-cmarkgfm-0.4.2/generated/windows/cmark_version.h
Examining data/python-cmarkgfm-0.4.2/generated/windows/config.h
Examining data/python-cmarkgfm-0.4.2/src/cmarkgfm/cmark.cffi.h
Examining data/python-cmarkgfm-0.4.2/src/cmarkgfm/cmark_module.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/extensions/autolink.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/extensions/autolink.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/extensions/core-extensions.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/extensions/core-extensions.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/extensions/ext_scanners.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/extensions/ext_scanners.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/extensions/strikethrough.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/extensions/strikethrough.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/extensions/table.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/extensions/table.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/extensions/tagfilter.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/extensions/tagfilter.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/arena.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/blocks.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/buffer.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/buffer.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/chunk.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/cmark.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/cmark.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/cmark_ctype.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/cmark_ctype.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/cmark_extension_api.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/commonmark.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/footnotes.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/footnotes.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/houdini.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/houdini_href_e.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/houdini_html_e.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/houdini_html_u.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/html.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/html.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/inlines.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/inlines.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/iterator.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/iterator.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/latex.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/linked_list.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/main.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/man.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/map.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/map.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/node.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/node.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/parser.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/plaintext.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/plugin.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/plugin.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/references.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/references.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/registry.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/registry.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/render.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/render.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/scanners.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/scanners.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/syntax_extension.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/syntax_extension.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/utf8.c
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/utf8.h
Examining data/python-cmarkgfm-0.4.2/third_party/cmark/src/xml.c
FINAL RESULTS:
data/python-cmarkgfm-0.4.2/generated/unix/config.h:43:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf c99_snprintf
data/python-cmarkgfm-0.4.2/generated/unix/config.h:44:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf c99_vsnprintf
data/python-cmarkgfm-0.4.2/generated/windows/config.h:43:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf c99_snprintf
data/python-cmarkgfm-0.4.2/generated/windows/config.h:44:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf c99_vsnprintf
data/python-cmarkgfm-0.4.2/third_party/cmark/src/syntax_extension.c:25:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(res->name, name);
data/python-cmarkgfm-0.4.2/third_party/cmark/extensions/autolink.c:29:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (link_len > len && strncasecmp((char *)link, valid_uris[i], len) == 0 &&
data/python-cmarkgfm-0.4.2/third_party/cmark/extensions/strikethrough.c:12:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[101];
data/python-cmarkgfm-0.4.2/third_party/cmark/src/arena.c:90:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_ptr, ptr, ((size_t *) ptr)[-1]);
data/python-cmarkgfm-0.4.2/third_party/cmark/src/blocks.c:471:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char n[32];
data/python-cmarkgfm-0.4.2/third_party/cmark/src/blocks.c:622:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[4096];
data/python-cmarkgfm-0.4.2/third_party/cmark/src/blocks.c:1187:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((*container)->as.list), data, sizeof(*data));
data/python-cmarkgfm-0.4.2/third_party/cmark/src/blocks.c:1194:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((*container)->as.list), data, sizeof(*data));
data/python-cmarkgfm-0.4.2/third_party/cmark/src/buffer.c:18:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmark_strbuf__initbuf[1];
data/python-cmarkgfm-0.4.2/third_party/cmark/src/chunk.h:71:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, c->data, c->len);
data/python-cmarkgfm-0.4.2/third_party/cmark/src/chunk.h:91:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->data, str, c->len + 1);
data/python-cmarkgfm-0.4.2/third_party/cmark/src/commonmark.c:32:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encoded[ENCODED_SIZE];
data/python-cmarkgfm-0.4.2/third_party/cmark/src/commonmark.c:175:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char listmarker[LISTMARKER_SIZE];
data/python-cmarkgfm-0.4.2/third_party/cmark/src/commonmark.c:478:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char n[32];
data/python-cmarkgfm-0.4.2/third_party/cmark/src/houdini_html_u.c:16:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strncmp((const char *)s, (const char *)cmark_entities[i].entity, len);
data/python-cmarkgfm-0.4.2/third_party/cmark/src/houdini_html_u.c:16:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strncmp((const char *)s, (const char *)cmark_entities[i].entity, len);
data/python-cmarkgfm-0.4.2/third_party/cmark/src/houdini_html_u.c:18:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
return (const unsigned char *)cmark_entities[i].bytes;
data/python-cmarkgfm-0.4.2/third_party/cmark/src/html.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char n[32];
data/python-cmarkgfm-0.4.2/third_party/cmark/src/html.c:87:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/python-cmarkgfm-0.4.2/third_party/cmark/src/html.c:391:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char n[32];
data/python-cmarkgfm-0.4.2/third_party/cmark/src/html.h:17:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/python-cmarkgfm-0.4.2/third_party/cmark/src/inlines.c:122:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c.data, src->data, len);
data/python-cmarkgfm-0.4.2/third_party/cmark/src/inlines.c:1466:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return (char *) memcpy (result, s, len);
data/python-cmarkgfm-0.4.2/third_party/cmark/src/latex.c:226:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list_number_string[LIST_NUMBER_STRING_SIZE];
data/python-cmarkgfm-0.4.2/third_party/cmark/src/main.c:109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/python-cmarkgfm-0.4.2/third_party/cmark/src/main.c:233:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(argv[files[i]], "rb");
data/python-cmarkgfm-0.4.2/third_party/cmark/src/man.c:132:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list_number_s[LIST_NUMBER_SIZE];
data/python-cmarkgfm-0.4.2/third_party/cmark/src/plaintext.c:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char listmarker[LISTMARKER_SIZE];
data/python-cmarkgfm-0.4.2/third_party/cmark/src/xml.c:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/python-cmarkgfm-0.4.2/third_party/cmark/extensions/autolink.c:27:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(valid_uris[i]);
data/python-cmarkgfm-0.4.2/third_party/cmark/extensions/autolink.c:160:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (size < 4 || memcmp(data, "www.", strlen("www.")) != 0)
data/python-cmarkgfm-0.4.2/third_party/cmark/extensions/autolink.c:220:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
link_end = strlen("://");
data/python-cmarkgfm-0.4.2/third_party/cmark/extensions/table.c:182:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(parent_string));
data/python-cmarkgfm-0.4.2/third_party/cmark/extensions/table.c:205:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(parent_string));
data/python-cmarkgfm-0.4.2/third_party/cmark/extensions/table.c:243:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
table_header->end_column = parent_container->start_column + (int)strlen(parent_string) - 2;
data/python-cmarkgfm-0.4.2/third_party/cmark/extensions/table.c:266:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen((char *)input) - 1 - cmark_parser_get_offset(parser), false);
data/python-cmarkgfm-0.4.2/third_party/cmark/src/buffer.c:99:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string ? (bufsize_t)strlen(string) : 0);
data/python-cmarkgfm-0.4.2/third_party/cmark/src/buffer.c:120:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmark_strbuf_put(buf, (const unsigned char *)string, (bufsize_t)strlen(string));
data/python-cmarkgfm-0.4.2/third_party/cmark/src/chunk.h:88:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c->len = (bufsize_t)strlen(str);
data/python-cmarkgfm-0.4.2/third_party/cmark/src/chunk.h:99:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsize_t len = data ? (bufsize_t)strlen(data) : 0;
data/python-cmarkgfm-0.4.2/third_party/cmark/src/commonmark.c:71:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t code_len = strlen(code);
data/python-cmarkgfm-0.4.2/third_party/cmark/src/commonmark.c:92:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t code_len = strlen(code);
data/python-cmarkgfm-0.4.2/third_party/cmark/src/commonmark.c:243:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
marker_width = (bufsize_t)strlen(listmarker);
data/python-cmarkgfm-0.4.2/third_party/cmark/src/commonmark.c:285:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
info_len = strlen(info);
data/python-cmarkgfm-0.4.2/third_party/cmark/src/commonmark.c:287:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
code_len = strlen(code);
data/python-cmarkgfm-0.4.2/third_party/cmark/src/commonmark.c:370:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
code_len = strlen(code);
data/python-cmarkgfm-0.4.2/third_party/cmark/src/commonmark.c:440:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(title) > 0) {
data/python-cmarkgfm-0.4.2/third_party/cmark/src/commonmark.c:457:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(title) > 0) {
data/python-cmarkgfm-0.4.2/third_party/cmark/src/inlines.c:1456:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (s);
data/python-cmarkgfm-0.4.2/third_party/cmark/src/latex.c:172:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_len = strlen(url);
data/python-cmarkgfm-0.4.2/third_party/cmark/src/latex.c:178:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
title_len = strlen(title);
data/python-cmarkgfm-0.4.2/third_party/cmark/src/main.c:166:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (unparsed && strlen(unparsed) > 0) {
data/python-cmarkgfm-0.4.2/third_party/cmark/src/plaintext.c:95:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
marker_width = (bufsize_t)strlen(listmarker);
data/python-cmarkgfm-0.4.2/third_party/cmark/src/render.c:25:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = (int)strlen(source);
data/python-cmarkgfm-0.4.2/third_party/cmark/src/syntax_extension.c:24:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res->name = (char *) _mem->calloc(1, sizeof(char) * (strlen(name)) + 1);
ANALYSIS SUMMARY:
Hits = 59
Lines analyzed = 31864 in approximately 0.62 seconds (51711 lines/second)
Physical Source Lines of Code (SLOC) = 28451
Hits@level = [0] 54 [1] 26 [2] 28 [3] 0 [4] 5 [5] 0
Hits@level+ = [0+] 113 [1+] 59 [2+] 33 [3+] 5 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 3.97174 [1+] 2.07374 [2+] 1.15989 [3+] 0.175741 [4+] 0.175741 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.