Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/python-libtrace-1.6+git20180219/lib/include/plt.h Examining data/python-libtrace-1.6+git20180219/lib/include/pv.h Examining data/python-libtrace-1.6+git20180219/lib/ipp/getrusage.c Examining data/python-libtrace-1.6+git20180219/lib/ipp/ippmodule.c Examining data/python-libtrace-1.6+git20180219/lib/ipp/new-ippmodule.c Examining data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c Examining data/python-libtrace-1.6+git20180219/lib/pldns/pldns.c Examining data/python-libtrace-1.6+git20180219/lib/plt/icmp.c Examining data/python-libtrace-1.6+git20180219/lib/plt/icmp6.c Examining data/python-libtrace-1.6+git20180219/lib/plt/internet.c Examining data/python-libtrace-1.6+git20180219/lib/plt/ip.c Examining data/python-libtrace-1.6+git20180219/lib/plt/ip6.c Examining data/python-libtrace-1.6+git20180219/lib/plt/ipflow.c Examining data/python-libtrace-1.6+git20180219/lib/plt/layers.c Examining data/python-libtrace-1.6+git20180219/lib/plt/outputtrace.c Examining data/python-libtrace-1.6+git20180219/lib/plt/packet.c Examining data/python-libtrace-1.6+git20180219/lib/plt/pltmodule.c Examining data/python-libtrace-1.6+git20180219/lib/plt/sctp.c Examining data/python-libtrace-1.6+git20180219/lib/plt/trace.c Examining data/python-libtrace-1.6+git20180219/lib/plt/udp.c Examining data/python-libtrace-1.6+git20180219/lib/plt/tcp.c FINAL RESULTS: data/python-libtrace-1.6+git20180219/lib/include/plt.h:121:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(plt_err_msg, sizeof(plt_err_msg), fmt, v1) data/python-libtrace-1.6+git20180219/lib/include/plt.h:123:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(plt_err_msg, sizeof(plt_err_msg), fmt, v1, v2) data/python-libtrace-1.6+git20180219/lib/include/plt.h:118:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char plt_err_msg[120]; /* For building libtrace error messages */ data/python-libtrace-1.6+git20180219/lib/ipp/ippmodule.c:62:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char v6a[60]; /* IPprefix result (including /length) */ data/python-libtrace-1.6+git20180219/lib/ipp/ippmodule.c:74:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10]; /* RFC 2373: IPv6 Address Architecture */ data/python-libtrace-1.6+git20180219/lib/ipp/ippmodule.c:100:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%x", a2[0]); data/python-libtrace-1.6+git20180219/lib/ipp/ippmodule.c:107:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, ":%x", a2[j]); data/python-libtrace-1.6+git20180219/lib/ipp/ippmodule.c:184:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nt_addr[IP6_ADDR_LEN+1] = /* Null-filled address value */ data/python-libtrace-1.6+git20180219/lib/ipp/ippmodule.c:226:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nt_addr, addr_s, as_sz); data/python-libtrace-1.6+git20180219/lib/ipp/ippmodule.c:479:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *sp, a[IP6_ADDR_LEN]; data/python-libtrace-1.6+git20180219/lib/ipp/ippmodule.c:563:24: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (length >= 0) sprintf(v6a, "0/%d", length); data/python-libtrace-1.6+git20180219/lib/ipp/ippmodule.c:588:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(&v6a[len], "/%u", length); data/python-libtrace-1.6+git20180219/lib/ipp/ippmodule.c:592:26: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (length < 0) sprintf(v6a, "%u.%u.%u.%u", data/python-libtrace-1.6+git20180219/lib/ipp/ippmodule.c:594:15: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf(v6a, "%u.%u.%u.%u/%u", data/python-libtrace-1.6+git20180219/lib/ipp/ippmodule.c:599:27: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (length >= 0) sprintf(v6e, "/%u", length); data/python-libtrace-1.6+git20180219/lib/ipp/ippmodule.c:721:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *endp = NULL; unsigned char addr[16]; data/python-libtrace-1.6+git20180219/lib/ipp/ippmodule.c:852:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (dcx >= 0) memcpy(a, a2p, dcx*2); data/python-libtrace-1.6+git20180219/lib/ipp/ippmodule.c:853:23: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. y = (x-dcx)*2; memcpy(a + (16-y), a2p + dcx*2, y); data/python-libtrace-1.6+git20180219/lib/ipp/new-ippmodule.c:57:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char v6a[60]; /* String result from v6addr_to_s() */ data/python-libtrace-1.6+git20180219/lib/ipp/new-ippmodule.c:65:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10]; /* RFC 2373: IPv6 Address Architecture */ data/python-libtrace-1.6+git20180219/lib/ipp/new-ippmodule.c:91:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%x", a2[0]); data/python-libtrace-1.6+git20180219/lib/ipp/new-ippmodule.c:98:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, ":%x", a2[j]); data/python-libtrace-1.6+git20180219/lib/ipp/new-ippmodule.c:176:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nt_addr[IP6_ADDR_LEN+1] = /* Null-filled address value */ data/python-libtrace-1.6+git20180219/lib/ipp/new-ippmodule.c:218:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nt_addr, addr_s, as_sz); data/python-libtrace-1.6+git20180219/lib/ipp/new-ippmodule.c:502:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (len >= 0) sprintf(v6a, "0/%u", len); data/python-libtrace-1.6+git20180219/lib/ipp/new-ippmodule.c:508:23: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (len < 0) sprintf(v6a, "%u.%u.%u.%u", data/python-libtrace-1.6+git20180219/lib/ipp/new-ippmodule.c:510:15: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf(v6a, "%u.%u.%u.%u/%u", data/python-libtrace-1.6+git20180219/lib/ipp/new-ippmodule.c:515:24: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (len >= 0) sprintf(v6e, "/%u", len); data/python-libtrace-1.6+git20180219/lib/ipp/new-ippmodule.c:611:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *sp, a[IP6_ADDR_LEN]; data/python-libtrace-1.6+git20180219/lib/ipp/new-ippmodule.c:735:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (dcx >= 0) memcpy(a, a2p, dcx*2); data/python-libtrace-1.6+git20180219/lib/ipp/new-ippmodule.c:736:23: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. y = (x-dcx)*2; memcpy(a + (16-y), a2p + dcx*2, y); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:215:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ipf->fkey.addrs.v4.saddr, psrc_addr, 4); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:216:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ipf->fkey.addrs.v4.daddr, pdst_addr, 4); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:219:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ipf->fkey.addrs.v6.saddr, psrc_addr, 16); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:220:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ipf->fkey.addrs.v6.daddr, pdst_addr, 16); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:243:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. PyObject *result; char key[2+4+32]; data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:246:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key[2], &self->fkey.sport, 2); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:247:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key[4], &self->fkey.dport, 2); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:249:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key[6], self->fkey.addrs.v4.saddr, 4); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:250:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key[10], self->fkey.addrs.v4.daddr, 4); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:254:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key[6], self->fkey.addrs.v6.saddr, 16); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:255:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key[22], self->fkey.addrs.v6.daddr, 16); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:264:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. PyObject *result; char key[2+4+32]; data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:267:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key[2], &self->fkey.dport, 2); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:268:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key[4], &self->fkey.sport, 2); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:270:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key[6], self->fkey.addrs.v4.daddr, 4); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:271:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key[10], self->fkey.addrs.v4.saddr, 4); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:275:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key[6], self->fkey.addrs.v6.daddr, 16); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:276:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key[22], self->fkey.addrs.v6.saddr, 16); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:347:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. PyObject *result; char key[2+4+32]; data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:352:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key[2], &self->fkey.sport, 2); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:353:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key[4], &self->fkey.dport, 2); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:356:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key[2], &self->fkey.dport, 2); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:357:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key[4], &self->fkey.sport, 2); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:361:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key[6], self->fkey.addrs.v4.saddr, 4); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:362:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key[10], self->fkey.addrs.v4.daddr, 4); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:365:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key[6], self->fkey.addrs.v4.daddr, 4); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:366:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key[10], self->fkey.addrs.v4.saddr, 4); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:372:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key[6], self->fkey.addrs.v6.saddr, 16); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:373:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key[22], self->fkey.addrs.v6.daddr, 16); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:376:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key[6], self->fkey.addrs.v6.daddr, 16); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:377:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key[22], self->fkey.addrs.v6.saddr, 16); data/python-libtrace-1.6+git20180219/lib/natkit/natkit.c:553:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr, caddr, ver == 4 ? 4 : 16); data/python-libtrace-1.6+git20180219/lib/pldns/pldns.c:163:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[sx], sa[j], len); sx += len; data/python-libtrace-1.6+git20180219/lib/plt/internet.c:214:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. else memcpy(((libtrace_ip6_t *)lip)->ip_src.s6_addr, ap, 16); data/python-libtrace-1.6+git20180219/lib/plt/internet.c:254:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. else memcpy(((libtrace_ip6_t *)lip)->ip_src.s6_addr, ap, 16); data/python-libtrace-1.6+git20180219/lib/plt/packet.c:96:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dp, vp, vsize); data/python-libtrace-1.6+git20180219/lib/plt/pltmodule.c:31:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char plt_err_msg[120]; data/python-libtrace-1.6+git20180219/lib/plt/pltmodule.c:151:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[50]; data/python-libtrace-1.6+git20180219/lib/plt/trace.c:97:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[60]; data/python-libtrace-1.6+git20180219/lib/ipp/ippmodule.c:564:12: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. else sprintf(v6a, "0"); data/python-libtrace-1.6+git20180219/lib/ipp/ippmodule.c:581:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(&cp[2], &cp[1], &v6a[strlen(v6a)] - cp); data/python-libtrace-1.6+git20180219/lib/ipp/ippmodule.c:587:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = (int)strlen(v6a); data/python-libtrace-1.6+git20180219/lib/ipp/ippmodule.c:769:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int)strlen(str); data/python-libtrace-1.6+git20180219/lib/ipp/new-ippmodule.c:503:12: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. else sprintf(v6a, "0"); data/python-libtrace-1.6+git20180219/lib/ipp/new-ippmodule.c:651:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int)strlen(str); data/python-libtrace-1.6+git20180219/lib/pldns/pldns.c:152:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); /* ldns_rdf_size() gives 'raw' size */ data/python-libtrace-1.6+git20180219/lib/pldns/pldns.c:154:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sz += strlen(sa[j])+1; /* Include trailing blank */ data/python-libtrace-1.6+git20180219/lib/pldns/pldns.c:162:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(sa[j]); data/python-libtrace-1.6+git20180219/lib/pldns/pldns.c:180:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned long len = strlen(rrs); ANALYSIS SUMMARY: Hits = 80 Lines analyzed = 8845 in approximately 0.30 seconds (29459 lines/second) Physical Source Lines of Code (SLOC) = 7460 Hits@level = [0] 35 [1] 10 [2] 68 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 115 [1+] 80 [2+] 70 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 15.4155 [1+] 10.7239 [2+] 9.38338 [3+] 0.268097 [4+] 0.268097 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.