Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/roger-router-2.1.6/plugins/evolution/ebook-sources.h Examining data/roger-router-2.1.6/plugins/evolution/evolution.c Examining data/roger-router-2.1.6/plugins/google/google.c Examining data/roger-router-2.1.6/plugins/gtknotify/gtknotify.c Examining data/roger-router-2.1.6/plugins/indicator/indicator.c Examining data/roger-router-2.1.6/plugins/keychain/keychain.c Examining data/roger-router-2.1.6/plugins/osxab/osxab.c Examining data/roger-router-2.1.6/plugins/statusicon/statusicon.c Examining data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c Examining data/roger-router-2.1.6/plugins/vcard/vcard.c Examining data/roger-router-2.1.6/plugins/vcard/vcard.h Examining data/roger-router-2.1.6/plugins/webjournal/webjournal.c Examining data/roger-router-2.1.6/plugins/webjournal/webjournal.h Examining data/roger-router-2.1.6/roger/about.c Examining data/roger-router-2.1.6/roger/about.h Examining data/roger-router-2.1.6/roger/answeringmachine.c Examining data/roger-router-2.1.6/roger/answeringmachine.h Examining data/roger-router-2.1.6/roger/application.c Examining data/roger-router-2.1.6/roger/application.h Examining data/roger-router-2.1.6/roger/assistant.c Examining data/roger-router-2.1.6/roger/assistant.h Examining data/roger-router-2.1.6/roger/contacts.c Examining data/roger-router-2.1.6/roger/contacts.h Examining data/roger-router-2.1.6/roger/contactsearch.c Examining data/roger-router-2.1.6/roger/contactsearch.h Examining data/roger-router-2.1.6/roger/debug.c Examining data/roger-router-2.1.6/roger/debug.h Examining data/roger-router-2.1.6/roger/fax.c Examining data/roger-router-2.1.6/roger/fax.h Examining data/roger-router-2.1.6/roger/gd-two-lines-renderer.c Examining data/roger-router-2.1.6/roger/gd-two-lines-renderer.h Examining data/roger-router-2.1.6/roger/journal.c Examining data/roger-router-2.1.6/roger/journal.h Examining data/roger-router-2.1.6/roger/main.h Examining data/roger-router-2.1.6/roger/main_ui.c Examining data/roger-router-2.1.6/roger/pdf.c Examining data/roger-router-2.1.6/roger/pdf.h Examining data/roger-router-2.1.6/roger/phone.c Examining data/roger-router-2.1.6/roger/phone.h Examining data/roger-router-2.1.6/roger/plugins.c Examining data/roger-router-2.1.6/roger/plugins.h Examining data/roger-router-2.1.6/roger/print.c Examining data/roger-router-2.1.6/roger/print.h Examining data/roger-router-2.1.6/roger/settings.c Examining data/roger-router-2.1.6/roger/settings.h Examining data/roger-router-2.1.6/roger/shortcuts.c Examining data/roger-router-2.1.6/roger/shortcuts.h Examining data/roger-router-2.1.6/roger/uitools.h FINAL RESULTS: data/roger-router-2.1.6/plugins/vcard/vcard.c:805:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len = vsnprintf(ptr, size, format, args); data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:144:71: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. snprintf(file, sizeof(file), "%s/.mozilla-thunderbird/profiles.ini", g_get_home_dir()); data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:148:64: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. snprintf(file, sizeof(file), "%s/.thunderbird/profiles.ini", g_get_home_dir()); data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:164:38: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. result = g_string_append(result, g_get_home_dir()); data/roger-router-2.1.6/plugins/vcard/vcard.c:443:16: [3] (random) g_random_int: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int random = g_random_int() % 62; data/roger-router-2.1.6/plugins/vcard/vcard.c:445:7: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (random > 57) { data/roger-router-2.1.6/plugins/vcard/vcard.c:449:7: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (random > 90) { data/roger-router-2.1.6/plugins/vcard/vcard.c:453:36: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. id = g_string_append_c(id, (char)random); data/roger-router-2.1.6/roger/settings.c:1737:97: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. gtk_file_chooser_set_current_folder(GTK_FILE_CHOOSER(settings->fax_report_directory_chooser), g_get_home_dir()); data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:898:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = open(book, O_RDONLY); data/roger-router-2.1.6/plugins/google/google.c:169:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memset(authorization_code, 0, strlen(authorization_code)); data/roger-router-2.1.6/plugins/google/google.c:502:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnTitle != NULL && strlen(contact->pnTitle) > 0) { data/roger-router-2.1.6/plugins/google/google.c:518:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnPrivatePhone != NULL && strlen(contact->pnPrivatePhone) > 0) { data/roger-router-2.1.6/plugins/google/google.c:525:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnBusinessPhone != NULL && strlen(contact->pnBusinessPhone) > 0) { data/roger-router-2.1.6/plugins/google/google.c:532:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnPrivateMobile != NULL && strlen(contact->pnPrivateMobile) > 0) { data/roger-router-2.1.6/plugins/google/google.c:539:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnPrivateFax != NULL && strlen(contact->pnPrivateFax) > 0) { data/roger-router-2.1.6/plugins/google/google.c:546:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnBusinessFax != NULL && strlen(contact->pnBusinessFax) > 0) { data/roger-router-2.1.6/plugins/google/google.c:555:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnBusinessStreet != NULL && strlen(contact->pnBusinessStreet) > 0) { data/roger-router-2.1.6/plugins/google/google.c:558:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnBusinessCity != NULL && strlen(contact->pnBusinessCity) > 0) { data/roger-router-2.1.6/plugins/google/google.c:561:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnBusinessCountry != NULL && strlen(contact->pnBusinessCountry) > 0) { data/roger-router-2.1.6/plugins/google/google.c:564:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnBusinessZipCode != NULL && strlen(contact->pnBusinessZipCode) > 0) { data/roger-router-2.1.6/plugins/google/google.c:576:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnPrivateStreet != NULL && strlen(contact->pnPrivateStreet) > 0) { data/roger-router-2.1.6/plugins/google/google.c:579:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnPrivateCity != NULL && strlen(contact->pnPrivateCity) > 0) { data/roger-router-2.1.6/plugins/google/google.c:582:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnPrivateCountry != NULL && strlen(contact->pnPrivateCountry) > 0) { data/roger-router-2.1.6/plugins/google/google.c:585:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnPrivateZipCode != NULL && strlen(contact->pnPrivateZipCode) > 0) { data/roger-router-2.1.6/plugins/google/google.c:652:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnFirstName != NULL && strlen(contact->pnFirstName) > 0) { data/roger-router-2.1.6/plugins/google/google.c:657:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnLastName != NULL && strlen(contact->pnLastName) > 0) { data/roger-router-2.1.6/plugins/google/google.c:660:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pnDisplayName != NULL && strlen(contact->pnDisplayName) > 0) { data/roger-router-2.1.6/plugins/google/google.c:663:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnTitle != NULL && strlen(contact->pnTitle) > 0) { data/roger-router-2.1.6/plugins/google/google.c:671:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnCompany != NULL && strlen(contact->pnCompany) > 0) { data/roger-router-2.1.6/plugins/google/google.c:692:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(contact->pnBusinessPhone) <= 0) { data/roger-router-2.1.6/plugins/google/google.c:700:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(contact->pnPrivatePhone) <= 0) { data/roger-router-2.1.6/plugins/google/google.c:708:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(contact->pnPrivateMobile) <= 0) { data/roger-router-2.1.6/plugins/google/google.c:716:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(contact->pnPrivateFax) <= 0) { data/roger-router-2.1.6/plugins/google/google.c:724:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(contact->pnBusinessFax) <= 0) { data/roger-router-2.1.6/plugins/google/google.c:737:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (bBusinessPhone == FALSE && strlen(contact->pnBusinessPhone) > 0) { data/roger-router-2.1.6/plugins/google/google.c:743:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (bBusinessFax == FALSE && strlen(contact->pnBusinessFax) > 0) { data/roger-router-2.1.6/plugins/google/google.c:749:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (bPrivatePhone == FALSE && strlen(contact->pnPrivatePhone) > 0) { data/roger-router-2.1.6/plugins/google/google.c:755:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (bPrivateFax == FALSE && strlen(contact->pnPrivateFax) > 0) { data/roger-router-2.1.6/plugins/google/google.c:761:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (bPrivateMobile == FALSE && strlen(contact->pnPrivateMobile) > 0) { data/roger-router-2.1.6/plugins/google/google.c:770:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnBusinessStreet != NULL && strlen(contact->pnBusinessStreet) > 0) { data/roger-router-2.1.6/plugins/google/google.c:773:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnBusinessCity != NULL && strlen(contact->pnBusinessCity) > 0) { data/roger-router-2.1.6/plugins/google/google.c:776:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnBusinessCountry != NULL && strlen(contact->pnBusinessCountry) > 0) { data/roger-router-2.1.6/plugins/google/google.c:779:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnBusinessZipCode != NULL && strlen(contact->pnBusinessZipCode) > 0) { data/roger-router-2.1.6/plugins/google/google.c:784:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnPrivateStreet != NULL && strlen(contact->pnPrivateStreet) > 0) { data/roger-router-2.1.6/plugins/google/google.c:787:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnPrivateCity != NULL && strlen(contact->pnPrivateCity) > 0) { data/roger-router-2.1.6/plugins/google/google.c:790:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnPrivateCountry != NULL && strlen(contact->pnPrivateCountry) > 0) { data/roger-router-2.1.6/plugins/google/google.c:793:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (contact->pnPrivateZipCode != NULL && strlen(contact->pnPrivateZipCode) > 0) { data/roger-router-2.1.6/plugins/keychain/keychain.c:50:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(SERVICE_NAME), data/roger-router-2.1.6/plugins/keychain/keychain.c:52:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(pwd_name), data/roger-router-2.1.6/plugins/keychain/keychain.c:122:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status = SecKeychainAddGenericPassword(NULL, strlen(SERVICE_NAME), SERVICE_NAME, strlen(pwd_name), pwd_name, strlen(password), password, NULL); data/roger-router-2.1.6/plugins/keychain/keychain.c:122:84: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status = SecKeychainAddGenericPassword(NULL, strlen(SERVICE_NAME), SERVICE_NAME, strlen(pwd_name), pwd_name, strlen(password), password, NULL); data/roger-router-2.1.6/plugins/keychain/keychain.c:122:112: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status = SecKeychainAddGenericPassword(NULL, strlen(SERVICE_NAME), SERVICE_NAME, strlen(pwd_name), pwd_name, strlen(password), password, NULL); data/roger-router-2.1.6/plugins/keychain/keychain.c:137:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status = SecKeychainItemModifyAttributesAndData(item_ref, NULL, (UInt32)strlen(password), password); data/roger-router-2.1.6/plugins/keychain/keychain.c:169:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(SERVICE_NAME), data/roger-router-2.1.6/plugins/keychain/keychain.c:171:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(profile->name), data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:176:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (result->str[strlen(result->str) - 1] == '\n') { data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:177:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result->str[strlen(result->str) - 1] = '\0'; data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:179:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result->str[strlen(result->str)] = '\0'; data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:312:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (text && strlen(text->str)) { data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:321:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (text && strlen(text->str)) { data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:358:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(mork_data + mork_pos - 1, MORK_COLUMN_META, strlen(MORK_COLUMN_META))) { data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:360:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mork_pos += strlen(MORK_COLUMN_META) - 1; data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:398:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(id_str, text->str, pos); data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:401:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(text->str) - pos; data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:403:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sc_str, text->str + pos + 1, size); data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:914:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(file, mork_data, size) == size) { data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:960:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(file, book, sizeof(file) - 1); data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:1066:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (book != NULL && strlen(book) > 0) { data/roger-router-2.1.6/plugins/vcard/vcard.c:97:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(card_data->entry); data/roger-router-2.1.6/plugins/vcard/vcard.c:144:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(card_data->entry); data/roger-router-2.1.6/plugins/vcard/vcard.c:176:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(card_data->entry); data/roger-router-2.1.6/plugins/vcard/vcard.c:206:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(card_data->entry); data/roger-router-2.1.6/plugins/vcard/vcard.c:238:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(card_data->entry); data/roger-router-2.1.6/roger/contacts.c:451:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gtk_widget_set_sensitive(contacts->save_button, strlen(text) > 0); data/roger-router-2.1.6/roger/contacts.c:867:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gchar *sub_name = (gchar*)name + strlen(rm_addressbook_get_name(book)) + 3; data/roger-router-2.1.6/roger/journal.c:264:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (call->duration != NULL && strlen(call->duration) > 0) { data/roger-router-2.1.6/roger/journal.c:528:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(text) > 0) { data/roger-router-2.1.6/roger/phone.c:393:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new[strlen(text) - 1] = '\0'; data/roger-router-2.1.6/roger/print.c:459:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (local_name != NULL && strlen(local_name) > 0) { data/roger-router-2.1.6/roger/print.c:464:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (local_number != NULL && strlen(local_number) > 0) { data/roger-router-2.1.6/roger/print.c:469:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (duration != NULL && strlen(duration) > 0) { ANALYSIS SUMMARY: Hits = 82 Lines analyzed = 16450 in approximately 0.38 seconds (43527 lines/second) Physical Source Lines of Code (SLOC) = 10574 Hits@level = [0] 7 [1] 72 [2] 1 [3] 8 [4] 1 [5] 0 Hits@level+ = [0+] 89 [1+] 82 [2+] 10 [3+] 9 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 8.41687 [1+] 7.75487 [2+] 0.945716 [3+] 0.851144 [4+] 0.0945716 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.