Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/totem-pl-parser-3.26.5/lib/asprintf.c
Examining data/totem-pl-parser-3.26.5/lib/stub.c
Examining data/totem-pl-parser-3.26.5/lib/totem_internal.h
Examining data/totem-pl-parser-3.26.5/plparse/bswap.h
Examining data/totem-pl-parser-3.26.5/plparse/tests/disc.c
Examining data/totem-pl-parser-3.26.5/plparse/tests/parser.c
Examining data/totem-pl-parser-3.26.5/plparse/totem-disc.c
Examining data/totem-pl-parser-3.26.5/plparse/totem-disc.h
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-amz.c
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-amz.h
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-decode-date.c
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-decode-date.h
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-lines.c
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-lines.h
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-media.c
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-media.h
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-mini.h
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-misc.c
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-misc.h
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-pla.c
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-pla.h
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-pls.c
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-pls.h
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-podcast.c
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-podcast.h
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-private.h
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-qt.c
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-qt.h
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-smil.c
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-smil.h
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-videosite.c
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-videosite.h
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-wm.c
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-wm.h
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-xspf.h
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser.c
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser.h
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-playlist.c
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-playlist.h
Examining data/totem-pl-parser-3.26.5/plparse/videosite-quvi.c
Examining data/totem-pl-parser-3.26.5/plparse/xmllexer.c
Examining data/totem-pl-parser-3.26.5/plparse/xmllexer.h
Examining data/totem-pl-parser-3.26.5/plparse/xmlparser.c
Examining data/totem-pl-parser-3.26.5/plparse/xmlparser.h
Examining data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-xspf.c
FINAL RESULTS:
data/totem-pl-parser-3.26.5/lib/asprintf.c:36:17: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
count = vfprintf(fp, fmt, ap);
data/totem-pl-parser-3.26.5/plparse/xmlparser.c:36:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf sprintf_s
data/totem-pl-parser-3.26.5/plparse/xmlparser.c:429:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(property_name, tok);
data/totem-pl-parser-3.26.5/lib/asprintf.c:27:5: [3] (tmpfile) GetTempFileName:
Temporary file race condition in certain cases (e.g., if run as SYSTEM in
many versions of Windows) (CWE-377).
GetTempFileName ( dir_name, "asprintf", 0, file_name );
data/totem-pl-parser-3.26.5/lib/asprintf.c:14:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir_name[2001];
data/totem-pl-parser-3.26.5/lib/asprintf.c:15:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[2000];
data/totem-pl-parser-3.26.5/lib/asprintf.c:28:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen ( file_name, "w+" );
data/totem-pl-parser-3.26.5/lib/asprintf.c:30:10: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
fp = tmpfile();
data/totem-pl-parser-3.26.5/plparse/tests/parser.c:1216:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res_str[DATE_BUFSIZE];
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-decode-date.c:38:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char gmime_datetok_table[256] = {
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-decode-date.c:302:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tzone[8];
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-decode-date.c:319:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tzone, inptr, len);
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-media.c:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [BUFFER_SIZE+1];
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-media.c:59:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen (fname, "rb");
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-pla.c:69:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer + FORMAT_ID_OFFSET, "iriver UMS PLA");
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-pla.c:150:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer + PATH_OFFSET, converted, written);
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-wm.c:105:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ref, "mmsh", 4);
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-wm.c:148:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ref, "mmsh", 4);
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-xspf.c:257:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi (str);
data/totem-pl-parser-3.26.5/plparse/xmllexer.c:359:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tok + tok_pos, "DOCTYPE", strlen ("DOCTYPE"));
data/totem-pl-parser-3.26.5/plparse/xmllexer.c:369:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tok + tok_pos, "[CDATA[", strlen ("[CDATA["));
data/totem-pl-parser-3.26.5/plparse/xmllexer.c:611:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[6];
data/totem-pl-parser-3.26.5/plparse/xmlparser.c:684:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *root_names[MAX_RECURSION + 1];
data/totem-pl-parser-3.26.5/plparse/xmlparser.c:919:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (argv[i], O_RDONLY);
data/totem-pl-parser-3.26.5/plparse/tests/parser.c:1202:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen (value) > MAX_DESCRIPTION_LEN) {
data/totem-pl-parser-3.26.5/plparse/totem-disc.c:331:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (uri);
data/totem-pl-parser-3.26.5/plparse/totem-disc.c:336:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape1 = g_uri_unescape_string (uri + strlen ("archive://"), NULL);
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-decode-date.c:334:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (tz_offsets[t].name);
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-lines.c:63:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = g_strdup (retval + strlen ("smb:"));
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-lines.c:215:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
title = params[i] + strlen ("title=");
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-lines.c:217:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
author = params[i] + strlen ("author=");
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-lines.c:219:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copyright = params[i] + strlen ("copyright=");
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-lines.c:221:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
abstract = params[i] + strlen ("abstract=");
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-lines.c:223:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
screensize = params[i] + strlen ("screensize=");
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-lines.c:225:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mode = params[i] + strlen ("mode=");
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-lines.c:227:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = params[i] + strlen ("end=");
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-lines.c:229:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start = params[i] + strlen ("start=");
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-lines.c:324:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = extinfo + strlen(EXTINF);
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-lines.c:349:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = (char *) extinfo + strlen(EXTINF);
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-lines.c:372:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id = strtol (line + strlen (EXTVLCOPT_AUDIOTRACK), &end, 10);
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-lines.c:582:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (data == NULL || totem_pl_parser_is_uri_list (data, strlen (data)) == NULL) {
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-pla.c:74:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buffer + TITLE_OFFSET, title, TITLE_SIZE);
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-pls.c:190:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(gsize)strlen ("[playlist]")) != 0) {
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-pls.c:223:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (g_ascii_strncasecmp (g_strchug (bits[0]), "file", strlen ("file")) == 0)
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-pls.c:229:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_ascii_strdown (bits[0], strlen (bits[0])),
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-podcast.c:352:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_uri = g_strdup_printf ("http%s", uri + strlen (uri_scheme));
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-podcast.c:383:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_uri = strchr (uri + strlen ("zune://subscribe/?"), '=');
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-podcast.c:626:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (data);
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-podcast.c:646:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen ("feedUrl\":\"");
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-qt.c:50:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len <= strlen ("RTSPtextRTSP://"))
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-qt.c:89:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rtspuri = g_strdup (lines[0] + strlen ("RTSPtext"));
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-qt.c:139:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
contents + strlen ("SMILtext"),
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-qt.c:140:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size - strlen ("SMILtext"));
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-qt.c:207:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (data == NULL || totem_pl_parser_is_quicktime (data, strlen (data)) == NULL)
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-wm.c:387:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (data != NULL && totem_pl_parser_is_uri_list (data, strlen (data)) != FALSE) {
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-wm.c:432:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (totem_pl_parser_is_asf (data, strlen (data)) == FALSE) {
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-xspf.c:549:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
doc = xmlParseMemory (contents, strlen (contents));
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser-xspf.c:551:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
doc = xmlRecoverMemory (contents, strlen (contents));
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser.c:871:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (buf);
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser.c:1354:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (g_ascii_strncasecmp (line, key, strlen (key)) == 0) {
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser.c:1399:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (g_ascii_strncasecmp (line, key, strlen (key)) == 0) {
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser.c:2393:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s[strlen (s) - 1] == ':')
data/totem-pl-parser-3.26.5/plparse/totem-pl-parser.c:2394:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s[strlen (s) - 1] = '\0';
data/totem-pl-parser-3.26.5/plparse/xmllexer.c:359:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(tok + tok_pos, "DOCTYPE", strlen ("DOCTYPE"));
data/totem-pl-parser-3.26.5/plparse/xmllexer.c:369:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (tok + tok_pos, "[CDATA[", strlen ("[CDATA["));
data/totem-pl-parser-3.26.5/plparse/xmllexer.c:424:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tok) != 3) {
data/totem-pl-parser-3.26.5/plparse/xmllexer.c:623:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *buf = calloc (strlen (tok) + 1, sizeof(char));
data/totem-pl-parser-3.26.5/plparse/xmlparser.c:332:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*nname_buffer_size = strlen (node_name) + 1;
data/totem-pl-parser-3.26.5/plparse/xmlparser.c:337:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*nname_buffer_size = strlen (node_name) + 1;
data/totem-pl-parser-3.26.5/plparse/xmlparser.c:854:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen (node->name);
ANALYSIS SUMMARY:
Hits = 70
Lines analyzed = 14584 in approximately 0.37 seconds (39385 lines/second)
Physical Source Lines of Code (SLOC) = 10114
Hits@level = [0] 38 [1] 46 [2] 20 [3] 1 [4] 3 [5] 0
Hits@level+ = [0+] 108 [1+] 70 [2+] 24 [3+] 4 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 10.6783 [1+] 6.9211 [2+] 2.37295 [3+] 0.395491 [4+] 0.296619 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.