Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tracker-2.3.6/docs/tools/ttl2sgml.c
Examining data/tracker-2.3.6/docs/tools/ttl_loader.c
Examining data/tracker-2.3.6/docs/tools/ttl_loader.h
Examining data/tracker-2.3.6/docs/tools/ttl_model.c
Examining data/tracker-2.3.6/docs/tools/ttl_model.h
Examining data/tracker-2.3.6/docs/tools/ttl_sgml.c
Examining data/tracker-2.3.6/docs/tools/ttl_sgml.h
Examining data/tracker-2.3.6/docs/tools/ttlresource2sgml.c
Examining data/tracker-2.3.6/docs/tools/ttlresource2sgml.h
Examining data/tracker-2.3.6/examples/libtracker-miner/tracker-main.c
Examining data/tracker-2.3.6/examples/libtracker-miner/tracker-miner-test.c
Examining data/tracker-2.3.6/examples/libtracker-miner/tracker-miner-test.h
Examining data/tracker-2.3.6/examples/libtracker-sparql/async-connection.c
Examining data/tracker-2.3.6/examples/libtracker-sparql/class-signal.c
Examining data/tracker-2.3.6/src/gvdb/gvdb-builder.c
Examining data/tracker-2.3.6/src/gvdb/gvdb-builder.h
Examining data/tracker-2.3.6/src/gvdb/gvdb-format.h
Examining data/tracker-2.3.6/src/gvdb/gvdb-reader.c
Examining data/tracker-2.3.6/src/gvdb/gvdb-reader.h
Examining data/tracker-2.3.6/src/libtracker-common/tracker-common.h
Examining data/tracker-2.3.6/src/libtracker-common/tracker-date-time.c
Examining data/tracker-2.3.6/src/libtracker-common/tracker-date-time.h
Examining data/tracker-2.3.6/src/libtracker-common/tracker-dbus.c
Examining data/tracker-2.3.6/src/libtracker-common/tracker-dbus.h
Examining data/tracker-2.3.6/src/libtracker-common/tracker-domain-ontology.h
Examining data/tracker-2.3.6/src/libtracker-common/tracker-enums.h
Examining data/tracker-2.3.6/src/libtracker-common/tracker-file-utils.c
Examining data/tracker-2.3.6/src/libtracker-common/tracker-file-utils.h
Examining data/tracker-2.3.6/src/libtracker-common/tracker-ioprio.c
Examining data/tracker-2.3.6/src/libtracker-common/tracker-ioprio.h
Examining data/tracker-2.3.6/src/libtracker-common/tracker-language.c
Examining data/tracker-2.3.6/src/libtracker-common/tracker-language.h
Examining data/tracker-2.3.6/src/libtracker-common/tracker-locale.c
Examining data/tracker-2.3.6/src/libtracker-common/tracker-locale.h
Examining data/tracker-2.3.6/src/libtracker-common/tracker-log.c
Examining data/tracker-2.3.6/src/libtracker-common/tracker-log.h
Examining data/tracker-2.3.6/src/libtracker-common/tracker-parser-libicu.c
Examining data/tracker-2.3.6/src/libtracker-common/tracker-parser-libunistring.c
Examining data/tracker-2.3.6/src/libtracker-common/tracker-parser-utils.c
Examining data/tracker-2.3.6/src/libtracker-common/tracker-parser-utils.h
Examining data/tracker-2.3.6/src/libtracker-common/tracker-parser.h
Examining data/tracker-2.3.6/src/libtracker-common/tracker-sched.c
Examining data/tracker-2.3.6/src/libtracker-common/tracker-sched.h
Examining data/tracker-2.3.6/src/libtracker-common/tracker-type-utils.c
Examining data/tracker-2.3.6/src/libtracker-common/tracker-type-utils.h
Examining data/tracker-2.3.6/src/libtracker-common/tracker-utils.c
Examining data/tracker-2.3.6/src/libtracker-common/tracker-utils.h
Examining data/tracker-2.3.6/src/libtracker-common/tracker-domain-ontology.c
Examining data/tracker-2.3.6/src/libtracker-control/tracker-control.h
Examining data/tracker-2.3.6/src/libtracker-control/tracker-miner-manager.c
Examining data/tracker-2.3.6/src/libtracker-control/tracker-miner-manager.h
Examining data/tracker-2.3.6/src/libtracker-data/tracker-class.c
Examining data/tracker-2.3.6/src/libtracker-data/tracker-class.h
Examining data/tracker-2.3.6/src/libtracker-data/tracker-collation.c
Examining data/tracker-2.3.6/src/libtracker-data/tracker-collation.h
Examining data/tracker-2.3.6/src/libtracker-data/tracker-crc32.c
Examining data/tracker-2.3.6/src/libtracker-data/tracker-crc32.h
Examining data/tracker-2.3.6/src/libtracker-data/tracker-data-backup.c
Examining data/tracker-2.3.6/src/libtracker-data/tracker-data-backup.h
Examining data/tracker-2.3.6/src/libtracker-data/tracker-data-manager.c
Examining data/tracker-2.3.6/src/libtracker-data/tracker-data-manager.h
Examining data/tracker-2.3.6/src/libtracker-data/tracker-data-query.c
Examining data/tracker-2.3.6/src/libtracker-data/tracker-data-query.h
Examining data/tracker-2.3.6/src/libtracker-data/tracker-data-update.c
Examining data/tracker-2.3.6/src/libtracker-data/tracker-data-update.h
Examining data/tracker-2.3.6/src/libtracker-data/tracker-data.h
Examining data/tracker-2.3.6/src/libtracker-data/tracker-db-backup.c
Examining data/tracker-2.3.6/src/libtracker-data/tracker-db-backup.h
Examining data/tracker-2.3.6/src/libtracker-data/tracker-db-config.c
Examining data/tracker-2.3.6/src/libtracker-data/tracker-db-config.h
Examining data/tracker-2.3.6/src/libtracker-data/tracker-db-interface-sqlite.c
Examining data/tracker-2.3.6/src/libtracker-data/tracker-db-interface-sqlite.h
Examining data/tracker-2.3.6/src/libtracker-data/tracker-db-interface.c
Examining data/tracker-2.3.6/src/libtracker-data/tracker-db-interface.h
Examining data/tracker-2.3.6/src/libtracker-data/tracker-db-journal.c
Examining data/tracker-2.3.6/src/libtracker-data/tracker-db-journal.h
Examining data/tracker-2.3.6/src/libtracker-data/tracker-db-manager.c
Examining data/tracker-2.3.6/src/libtracker-data/tracker-db-manager.h
Examining data/tracker-2.3.6/src/libtracker-data/tracker-namespace.c
Examining data/tracker-2.3.6/src/libtracker-data/tracker-namespace.h
Examining data/tracker-2.3.6/src/libtracker-data/tracker-ontologies.c
Examining data/tracker-2.3.6/src/libtracker-data/tracker-ontologies.h
Examining data/tracker-2.3.6/src/libtracker-data/tracker-ontology.c
Examining data/tracker-2.3.6/src/libtracker-data/tracker-ontology.h
Examining data/tracker-2.3.6/src/libtracker-data/tracker-property.c
Examining data/tracker-2.3.6/src/libtracker-data/tracker-property.h
Examining data/tracker-2.3.6/src/libtracker-data/tracker-sparql-grammar.h
Examining data/tracker-2.3.6/src/libtracker-data/tracker-sparql-parser.c
Examining data/tracker-2.3.6/src/libtracker-data/tracker-sparql-parser.h
Examining data/tracker-2.3.6/src/libtracker-data/tracker-sparql-types.c
Examining data/tracker-2.3.6/src/libtracker-data/tracker-sparql-types.h
Examining data/tracker-2.3.6/src/libtracker-data/tracker-sparql.c
Examining data/tracker-2.3.6/src/libtracker-data/tracker-sparql.h
Examining data/tracker-2.3.6/src/libtracker-data/tracker-string-builder.c
Examining data/tracker-2.3.6/src/libtracker-data/tracker-string-builder.h
Examining data/tracker-2.3.6/src/libtracker-data/tracker-uuid.c
Examining data/tracker-2.3.6/src/libtracker-data/tracker-uuid.h
Examining data/tracker-2.3.6/src/libtracker-data/tracker-vtab-triples.c
Examining data/tracker-2.3.6/src/libtracker-data/tracker-vtab-triples.h
Examining data/tracker-2.3.6/src/libtracker-direct/tracker-direct-statement.c
Examining data/tracker-2.3.6/src/libtracker-direct/tracker-direct-statement.h
Examining data/tracker-2.3.6/src/libtracker-direct/tracker-direct.c
Examining data/tracker-2.3.6/src/libtracker-direct/tracker-direct.h
Examining data/tracker-2.3.6/src/libtracker-fts/fts5.c
Examining data/tracker-2.3.6/src/libtracker-fts/fts5.h
Examining data/tracker-2.3.6/src/libtracker-fts/tracker-fts-config.c
Examining data/tracker-2.3.6/src/libtracker-fts/tracker-fts-config.h
Examining data/tracker-2.3.6/src/libtracker-fts/tracker-fts-tokenizer.c
Examining data/tracker-2.3.6/src/libtracker-fts/tracker-fts-tokenizer.h
Examining data/tracker-2.3.6/src/libtracker-fts/tracker-fts.c
Examining data/tracker-2.3.6/src/libtracker-fts/tracker-fts.h
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-crawler.c
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-crawler.h
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-data-provider.c
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-data-provider.h
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-decorator-fs.c
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-decorator-fs.h
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-decorator-private.h
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-decorator.c
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-decorator.h
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-file-data-provider.c
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-file-data-provider.h
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-file-notifier.c
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-file-notifier.h
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-file-system.c
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-file-system.h
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-indexing-tree.c
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-indexing-tree.h
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-miner-enums.h
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-miner-fs.c
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-miner-fs.h
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-miner-object.c
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-miner-object.h
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-miner-online.c
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-miner-online.h
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-miner-proxy.c
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-miner-proxy.h
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-miner.h
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-monitor.c
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-monitor.h
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-priority-queue.c
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-priority-queue.h
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-sparql-buffer.c
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-sparql-buffer.h
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-task-pool.c
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-task-pool.h
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-utils.c
Examining data/tracker-2.3.6/src/libtracker-miner/tracker-utils.h
Examining data/tracker-2.3.6/src/libtracker-sparql/tracker-namespace-manager.c
Examining data/tracker-2.3.6/src/libtracker-sparql/tracker-namespace-manager.h
Examining data/tracker-2.3.6/src/libtracker-sparql/tracker-notifier.c
Examining data/tracker-2.3.6/src/libtracker-sparql/tracker-notifier.h
Examining data/tracker-2.3.6/src/libtracker-sparql/tracker-ontologies.h
Examining data/tracker-2.3.6/src/libtracker-sparql/tracker-resource.c
Examining data/tracker-2.3.6/src/libtracker-sparql/tracker-resource.h
Examining data/tracker-2.3.6/src/libtracker-sparql/tracker-sparql.h
Examining data/tracker-2.3.6/src/libtracker-sparql/tracker-uri.c
Examining data/tracker-2.3.6/src/libtracker-sparql/tracker-uri.h
Examining data/tracker-2.3.6/src/libtracker-sparql/tracker-version.c
Examining data/tracker-2.3.6/src/libtracker-sparql/tracker-version.h
Examining data/tracker-2.3.6/src/tracker/tracker-color.h
Examining data/tracker-2.3.6/src/tracker/tracker-config.c
Examining data/tracker-2.3.6/src/tracker/tracker-config.h
Examining data/tracker-2.3.6/src/tracker/tracker-daemon.c
Examining data/tracker-2.3.6/src/tracker/tracker-daemon.h
Examining data/tracker-2.3.6/src/tracker/tracker-dbus.c
Examining data/tracker-2.3.6/src/tracker/tracker-dbus.h
Examining data/tracker-2.3.6/src/tracker/tracker-export.c
Examining data/tracker-2.3.6/src/tracker/tracker-export.h
Examining data/tracker-2.3.6/src/tracker/tracker-extract.c
Examining data/tracker-2.3.6/src/tracker/tracker-extract.h
Examining data/tracker-2.3.6/src/tracker/tracker-help.c
Examining data/tracker-2.3.6/src/tracker/tracker-help.h
Examining data/tracker-2.3.6/src/tracker/tracker-index.c
Examining data/tracker-2.3.6/src/tracker/tracker-index.h
Examining data/tracker-2.3.6/src/tracker/tracker-info.c
Examining data/tracker-2.3.6/src/tracker/tracker-info.h
Examining data/tracker-2.3.6/src/tracker/tracker-main.c
Examining data/tracker-2.3.6/src/tracker/tracker-process.c
Examining data/tracker-2.3.6/src/tracker/tracker-process.h
Examining data/tracker-2.3.6/src/tracker/tracker-reset.c
Examining data/tracker-2.3.6/src/tracker/tracker-reset.h
Examining data/tracker-2.3.6/src/tracker/tracker-search.c
Examining data/tracker-2.3.6/src/tracker/tracker-search.h
Examining data/tracker-2.3.6/src/tracker/tracker-sparql.c
Examining data/tracker-2.3.6/src/tracker/tracker-sparql.h
Examining data/tracker-2.3.6/src/tracker/tracker-sql.c
Examining data/tracker-2.3.6/src/tracker/tracker-sql.h
Examining data/tracker-2.3.6/src/tracker/tracker-status.c
Examining data/tracker-2.3.6/src/tracker/tracker-status.h
Examining data/tracker-2.3.6/src/tracker/tracker-tag.c
Examining data/tracker-2.3.6/src/tracker/tracker-tag.h
Examining data/tracker-2.3.6/src/tracker-store/tracker-config.c
Examining data/tracker-2.3.6/src/tracker-store/tracker-config.h
Examining data/tracker-2.3.6/src/tracker-store/tracker-events.c
Examining data/tracker-2.3.6/src/tracker-store/tracker-events.h
Examining data/tracker-2.3.6/src/tracker-store/tracker-writeback.c
Examining data/tracker-2.3.6/src/tracker-store/tracker-writeback.h
Examining data/tracker-2.3.6/tests/common/tracker-test-helpers.c
Examining data/tracker-2.3.6/tests/common/tracker-test-helpers.h
Examining data/tracker-2.3.6/tests/functional-tests/ipc/test-bus-query-cancellation.c
Examining data/tracker-2.3.6/tests/gvdb/gvdb-test.c
Examining data/tracker-2.3.6/tests/libtracker-common/tracker-date-time-test.c
Examining data/tracker-2.3.6/tests/libtracker-common/tracker-dbus-test.c
Examining data/tracker-2.3.6/tests/libtracker-common/tracker-file-utils-test.c
Examining data/tracker-2.3.6/tests/libtracker-common/tracker-parser-test.c
Examining data/tracker-2.3.6/tests/libtracker-common/tracker-parser.c
Examining data/tracker-2.3.6/tests/libtracker-common/tracker-sched-test.c
Examining data/tracker-2.3.6/tests/libtracker-common/tracker-type-utils-test.c
Examining data/tracker-2.3.6/tests/libtracker-common/tracker-utils-test.c
Examining data/tracker-2.3.6/tests/libtracker-data/tracker-crc32-test.c
Examining data/tracker-2.3.6/tests/libtracker-data/tracker-db-journal-test.c
Examining data/tracker-2.3.6/tests/libtracker-data/tracker-ontology-change-test.c
Examining data/tracker-2.3.6/tests/libtracker-data/tracker-ontology-test.c
Examining data/tracker-2.3.6/tests/libtracker-data/tracker-sparql-test.c
Examining data/tracker-2.3.6/tests/libtracker-data/tracker-backup-test.c
Examining data/tracker-2.3.6/tests/libtracker-data/tracker-sparql-blank-test.c
Examining data/tracker-2.3.6/tests/libtracker-fts/tracker-fts-test.c
Examining data/tracker-2.3.6/tests/libtracker-miner/empty-gobject.c
Examining data/tracker-2.3.6/tests/libtracker-miner/empty-gobject.h
Examining data/tracker-2.3.6/tests/libtracker-miner/miners-mock.c
Examining data/tracker-2.3.6/tests/libtracker-miner/miners-mock.h
Examining data/tracker-2.3.6/tests/libtracker-miner/thumbnailer-mock.c
Examining data/tracker-2.3.6/tests/libtracker-miner/thumbnailer-mock.h
Examining data/tracker-2.3.6/tests/libtracker-miner/tracker-crawler-test.c
Examining data/tracker-2.3.6/tests/libtracker-miner/tracker-file-enumerator-test.c
Examining data/tracker-2.3.6/tests/libtracker-miner/tracker-file-notifier-test.c
Examining data/tracker-2.3.6/tests/libtracker-miner/tracker-file-system-test.c
Examining data/tracker-2.3.6/tests/libtracker-miner/tracker-indexing-tree-test.c
Examining data/tracker-2.3.6/tests/libtracker-miner/tracker-miner-fs-test.c
Examining data/tracker-2.3.6/tests/libtracker-miner/tracker-monitor-test.c
Examining data/tracker-2.3.6/tests/libtracker-miner/tracker-priority-queue-test.c
Examining data/tracker-2.3.6/tests/libtracker-miner/tracker-task-pool-test.c
Examining data/tracker-2.3.6/tests/libtracker-miner/tracker-thumbnailer-test.c
Examining data/tracker-2.3.6/tests/libtracker-sparql/tracker-resource-test.c
Examining data/tracker-2.3.6/tests/libtracker-sparql/tracker-sparql-test.c
Examining data/tracker-2.3.6/tests/tracker-steroids/tracker-test.c
Examining data/tracker-2.3.6/utils/mtp/mtp-dummy.c
Examining data/tracker-2.3.6/utils/ontology/data-validator.c
Examining data/tracker-2.3.6/utils/ontology/ontology-validator.c
Examining data/tracker-2.3.6/utils/ontology/ttl2graphviz.c
Examining data/tracker-2.3.6/utils/ontology/ttl_graphviz.c
Examining data/tracker-2.3.6/utils/ontology/ttl_graphviz.h
FINAL RESULTS:
data/tracker-2.3.6/src/tracker/tracker-help.c:58:2: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp (path, "man", page, (char *) NULL);
data/tracker-2.3.6/src/tracker/tracker-help.c:70:2: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl ("/bin/sh", "sh", "-c", shell_cmd, (char *) NULL);
data/tracker-2.3.6/tests/libtracker-miner/tracker-file-notifier-test.c:111:2: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (call);
data/tracker-2.3.6/tests/libtracker-miner/tracker-miner-fs-test.c:239:2: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (call);
data/tracker-2.3.6/examples/libtracker-miner/tracker-main.c:102:44: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
if (strcmp (g_get_user_special_dir (dir), g_get_home_dir ()) == 0) {
data/tracker-2.3.6/examples/libtracker-miner/tracker-main.c:138:74: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
tracker_indexing_tree_add_filter(tree, TRACKER_FILTER_PARENT_DIRECTORY, g_get_tmp_dir());
data/tracker-2.3.6/examples/libtracker-miner/tracker-main.c:141:22: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_get_home_dir (),
data/tracker-2.3.6/examples/libtracker-miner/tracker-main.c:146:22: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_get_tmp_dir (),
data/tracker-2.3.6/src/libtracker-common/tracker-domain-ontology.c:43:12: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
{ "HOME", g_get_home_dir },
data/tracker-2.3.6/src/libtracker-common/tracker-file-utils.c:549:30: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
home = g_file_new_for_path (g_get_home_dir ());
data/tracker-2.3.6/src/libtracker-common/tracker-file-utils.c:589:11: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
home = g_get_home_dir ();
data/tracker-2.3.6/src/libtracker-data/tracker-db-interface-sqlite.c:1299:34: [3] (random) g_random_double:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
sqlite3_result_double (context, g_random_double ());
data/tracker-2.3.6/src/libtracker-miner/tracker-monitor.c:219:30: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
file = g_file_new_for_path (g_get_home_dir ());
data/tracker-2.3.6/tests/libtracker-data/tracker-ontology-change-test.c:188:31: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
data_dir = g_build_filename (g_get_tmp_dir (), "tracker-ontology-change-test-XXXXXX", NULL);
data/tracker-2.3.6/tests/libtracker-fts/tracker-fts-test.c:72:27: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
path = g_build_filename (g_get_tmp_dir (), "tracker-fts-test-XXXXXX", NULL);
data/tracker-2.3.6/tests/libtracker-miner/tracker-file-enumerator-test.c:42:29: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
url = g_file_new_for_path (g_get_tmp_dir ());
data/tracker-2.3.6/tests/libtracker-miner/tracker-file-notifier-test.c:268:41: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
fixture->test_path = g_build_filename (g_get_tmp_dir (),
data/tracker-2.3.6/tests/libtracker-miner/tracker-miner-fs-test.c:264:27: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
path = g_build_filename (g_get_tmp_dir (), "tracker-miner-fs-test-XXXXXX", NULL);
data/tracker-2.3.6/tests/libtracker-miner/tracker-monitor-test.c:238:66: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
fixture->monitored_directory = g_build_path (G_DIR_SEPARATOR_S, g_get_tmp_dir (), basename, NULL);
data/tracker-2.3.6/tests/libtracker-miner/tracker-monitor-test.c:247:47: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
fixture->not_monitored_directory = g_strdup (g_get_tmp_dir ());
data/tracker-2.3.6/tests/libtracker-miner/tracker-monitor-test.c:1372:54: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
path_for_monitor = g_build_path (G_DIR_SEPARATOR_S, g_get_tmp_dir (), basename, NULL);
data/tracker-2.3.6/tests/libtracker-miner/tracker-monitor-test.c:1379:38: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
file_for_tmp = g_file_new_for_path (g_get_tmp_dir ());
data/tracker-2.3.6/docs/tools/ttl_sgml.c:158:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (path, "w");
data/tracker-2.3.6/docs/tools/ttlresource2sgml.c:700:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (output_file, "w");
data/tracker-2.3.6/src/gvdb/gvdb-builder.c:294:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (chunk->data, string, length);
data/tracker-2.3.6/src/gvdb/gvdb-builder.c:331:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (chunk (sizeof bloom_hdr), &bloom_hdr, sizeof bloom_hdr);
data/tracker-2.3.6/src/gvdb/gvdb-builder.c:332:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (chunk (sizeof table_hdr), &table_hdr, sizeof table_hdr);
data/tracker-2.3.6/src/gvdb/gvdb-reader.c:255:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
hash_value = (hash_value * 33) + ((signed char *) key)[key_length];
data/tracker-2.3.6/src/libtracker-common/tracker-date-time.c:89:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tm.tm_year = atoi (match) - 1900;
data/tracker-2.3.6/src/libtracker-common/tracker-date-time.c:94:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tm.tm_mon = atoi (match) - 1;
data/tracker-2.3.6/src/libtracker-common/tracker-date-time.c:99:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tm.tm_mday = atoi (match);
data/tracker-2.3.6/src/libtracker-common/tracker-date-time.c:104:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tm.tm_hour = atoi (match);
data/tracker-2.3.6/src/libtracker-common/tracker-date-time.c:109:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tm.tm_min = atoi (match);
data/tracker-2.3.6/src/libtracker-common/tracker-date-time.c:114:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tm.tm_sec = atoi (match);
data/tracker-2.3.6/src/libtracker-common/tracker-date-time.c:146:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
offset = atoi (match) * 3600;
data/tracker-2.3.6/src/libtracker-common/tracker-date-time.c:150:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
offset += atoi (match) * 60;
data/tracker-2.3.6/src/libtracker-common/tracker-date-time.c:186:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char milliseconds[4] = "000\0";
data/tracker-2.3.6/src/libtracker-common/tracker-date-time.c:189:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (milliseconds, match + 1, MIN (3, strlen (match + 1)));
data/tracker-2.3.6/src/libtracker-common/tracker-date-time.c:190:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
t += (gdouble) atoi (milliseconds) / 1000;
data/tracker-2.3.6/src/libtracker-common/tracker-log.c:181:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
this_verbosity = atoi (env_verbosity);
data/tracker-2.3.6/src/libtracker-common/tracker-parser-utils.c:78:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (str_aux, str, str_length);
data/tracker-2.3.6/src/libtracker-data/tracker-collation.c:85:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (aux1, str1, len1); aux1[len1] = '\0';
data/tracker-2.3.6/src/libtracker-data/tracker-collation.c:86:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (aux2, str2, len2); aux2[len2] = '\0';
data/tracker-2.3.6/src/libtracker-data/tracker-collation.c:171:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (aux1, str1, len1); aux1[len1] = '\0';
data/tracker-2.3.6/src/libtracker-data/tracker-collation.c:172:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (aux2, str2, len2); aux2[len2] = '\0';
data/tracker-2.3.6/src/libtracker-data/tracker-collation.c:227:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (aux1, str1, len1); aux1[len1] = '\0';
data/tracker-2.3.6/src/libtracker-data/tracker-collation.c:228:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (aux2, str2, len2); aux2[len2] = '\0';
data/tracker-2.3.6/src/libtracker-data/tracker-data-manager.c:1127:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi (object) == 1) {
data/tracker-2.3.6/src/libtracker-data/tracker-db-interface-sqlite.c:935:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[128];
data/tracker-2.3.6/src/libtracker-data/tracker-db-interface-sqlite.c:977:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[128];
data/tracker-2.3.6/src/libtracker-data/tracker-db-interface-sqlite.c:1019:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[128];
data/tracker-2.3.6/src/libtracker-data/tracker-db-interface-sqlite.c:1108:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[128];
data/tracker-2.3.6/src/libtracker-data/tracker-db-interface-sqlite.c:1147:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[128];
data/tracker-2.3.6/src/libtracker-data/tracker-db-journal.c:402:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest + *pos, str, len);
data/tracker-2.3.6/src/libtracker-data/tracker-db-journal.c:2015:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cur = atoi (ptr);
data/tracker-2.3.6/src/libtracker-data/tracker-db-manager.c:291:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
version = atoi (contents);
data/tracker-2.3.6/src/libtracker-data/tracker-sparql.c:6590:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tracker_db_statement_bind_int (stmt, i, atoi (binding->literal));
data/tracker-2.3.6/src/libtracker-fts/fts5.c:3310:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pBuf->p[pBuf->n], pData, nData);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:3513:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zRet, pIn, nIn);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:3608:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pEntry->pTerm, pTerm, nTerm);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:3948:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pSpace, p2, p-p2);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:4070:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zOut, zIn, nIn+1);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:4412:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if( zRank ) memcpy(zRank, pRank, p-pRank);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:4432:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if( zRankArgs ) memcpy(zRankArgs, pArgs, p-pArgs);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:4926:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aNew, aIter, sizeof(Fts5PoslistReader) * nIter);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:6069:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pSyn->zTerm, pToken, nToken);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:6428:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p->apChild[p->nChild], pSub->apChild, nByte);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:7213:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zKey[8]; /* Nul-terminated entry key */
data/tracker-2.3.6/src/libtracker-fts/fts5.c:7416:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p->zKey[1], pToken, nToken);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:8686:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(pBuf)->p[(pBuf)->n], pBlob, nBlob); \
data/tracker-2.3.6/src/libtracker-fts/fts5.c:8784:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pOut->aSeg, &pLvl->aSeg[is], sizeof(Fts5StructureSegment));
data/tracker-2.3.6/src/libtracker-fts/fts5.c:12569:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pData->p, doclist.p, doclist.n);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:12804:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf.p[1], pToken, nToken);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:13735:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a, aBlob, n);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:16389:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pAux->zFunc, zName, nName);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:16427:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNew->zName, zName, nName);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:16543:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/tracker-2.3.6/src/libtracker-fts/fts5.c:16547:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, (void*)&pGlobal, sizeof(pGlobal));
data/tracker-2.3.6/src/libtracker-fts/fts5.c:17829:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char aAsciiTokenChar[128] = {
data/tracker-2.3.6/src/libtracker-fts/fts5.c:17842:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aTokenChar[128];
data/tracker-2.3.6/src/libtracker-fts/fts5.c:17885:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->aTokenChar, aAsciiTokenChar, sizeof(aAsciiTokenChar));
data/tracker-2.3.6/src/libtracker-fts/fts5.c:17933:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aFold[64];
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18038:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aTokenChar[128]; /* ASCII range token characters */
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18149:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->aTokenChar, aAsciiTokenChar, sizeof(aAsciiTokenChar));
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18257:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aFold, p->aFold, nFold);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18311:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aBuf[FTS5_PORTER_MAX_TOKEN + 64];
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18398:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nStem], p->zOutput, p->nOutput);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18637:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-2], "ate", 3);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18645:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-2], "ble", 3);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18653:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-2], "ize", 3);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18672:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-7], "ate", 3);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18677:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-6], "tion", 4);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18686:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-4], "ence", 4);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18691:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-4], "ance", 4);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18700:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-4], "ize", 3);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18709:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-4], "log", 3);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18718:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-3], "ble", 3);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18723:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-4], "al", 2);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18728:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-5], "ent", 3);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18733:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-3], "e", 1);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18738:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-5], "ous", 3);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18747:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-7], "ize", 3);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18752:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-5], "ate", 3);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18757:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-4], "ate", 3);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18766:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-5], "al", 2);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18771:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-7], "ive", 3);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18776:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-7], "ful", 3);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18781:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-7], "ous", 3);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18790:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-5], "al", 2);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18795:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-5], "ive", 3);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18800:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-6], "ble", 3);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18819:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-4], "ic", 2);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18836:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-5], "ic", 2);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18841:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-5], "ic", 2);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18866:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-5], "al", 2);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18885:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-3], "ee", 2);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18948:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aBuf, pToken, nBuf);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:19956:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pRet->zFts5Tbl, zTab, nTab);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:19957:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pRet->zFts5Db, zDb, nDb);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:20289:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pCsr->zLeTerm, zCopy, pCsr->nLeTerm+1);
data/tracker-2.3.6/src/libtracker-miner/tracker-monitor.c:400:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
limit = atoi (contents);
data/tracker-2.3.6/src/libtracker-sparql/tracker-namespace-manager.c:277:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[MAX_PREFIX_LENGTH + 1] = { 0 };
data/tracker-2.3.6/src/libtracker-sparql/tracker-resource.c:1148:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date_string[256];
data/tracker-2.3.6/src/libtracker-sparql/tracker-resource.c:1161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/tracker-2.3.6/src/tracker/tracker-extract.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char verbosity_str[2];
data/tracker-2.3.6/src/tracker/tracker-process.c:192:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid = atoi (l->data);
data/tracker-2.3.6/src/tracker/tracker-tag.c:538:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_resources = atoi (resources);
data/tracker-2.3.6/tests/libtracker-common/tracker-parser.c:183:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (original_word,
data/tracker-2.3.6/utils/mtp/mtp-dummy.c:353:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
current->fp = fopen (destfile_path, "w");
data/tracker-2.3.6/utils/ontology/ttl2graphviz.c:77:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (output_file, "w");
data/tracker-2.3.6/docs/tools/ttl_model.c:181:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
suffix = &name[strlen (prefix)];
data/tracker-2.3.6/src/gvdb/gvdb-builder.c:288:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (string);
data/tracker-2.3.6/src/gvdb/gvdb-builder.c:382:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
basename = item->key + strlen (item->parent->key);
data/tracker-2.3.6/src/libtracker-common/tracker-date-time.c:118:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
timezoned = (match && strlen (match) > 0);
data/tracker-2.3.6/src/libtracker-common/tracker-date-time.c:137:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (match && strlen (match) > 0) {
data/tracker-2.3.6/src/libtracker-common/tracker-date-time.c:185:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (match && strlen (match) > 0) {
data/tracker-2.3.6/src/libtracker-common/tracker-date-time.c:189:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (milliseconds, match + 1, MIN (3, strlen (match + 1)));
data/tracker-2.3.6/src/libtracker-common/tracker-file-utils.c:616:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = start + (strlen (start)) - 1;
data/tracker-2.3.6/src/libtracker-common/tracker-file-utils.c:739:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_a = strlen (a);
data/tracker-2.3.6/src/libtracker-common/tracker-file-utils.c:741:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_b = strlen (b);
data/tracker-2.3.6/src/libtracker-common/tracker-language.c:518:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
word_length = strlen (word);
data/tracker-2.3.6/src/libtracker-common/tracker-parser-libicu.c:380:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stemmed, strlen (stemmed));
data/tracker-2.3.6/src/libtracker-common/tracker-parser-libicu.c:563:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser->word_length = strlen (processed_word);
data/tracker-2.3.6/src/libtracker-common/tracker-parser-libunistring.c:237:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (word);
data/tracker-2.3.6/src/libtracker-common/tracker-parser-libunistring.c:315:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stemmed, strlen (stemmed));
data/tracker-2.3.6/src/libtracker-common/tracker-parser-libunistring.c:416:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser->word_length = strlen (processed_word);
data/tracker-2.3.6/src/libtracker-common/tracker-utils.c:294:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str);
data/tracker-2.3.6/src/libtracker-data/tracker-collation.c:343:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefix_len = strlen (prefix);
data/tracker-2.3.6/src/libtracker-data/tracker-data-backup.c:638:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (tmp_stderr && strlen (tmp_stderr) > 0) {
data/tracker-2.3.6/src/libtracker-data/tracker-db-interface-sqlite.c:1202:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (substr);
data/tracker-2.3.6/src/libtracker-data/tracker-db-interface-sqlite.c:1240:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (substr);
data/tracker-2.3.6/src/libtracker-data/tracker-db-journal.c:737:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
o_len = strlen (object);
data/tracker-2.3.6/src/libtracker-data/tracker-db-journal.c:829:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
o_len = strlen (object);
data/tracker-2.3.6/src/libtracker-data/tracker-db-journal.c:921:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
o_len = strlen (object);
data/tracker-2.3.6/src/libtracker-data/tracker-db-journal.c:1002:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
o_len = strlen (uri);
data/tracker-2.3.6/src/libtracker-data/tracker-db-journal.c:2014:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = f_name + strlen (TRACKER_DB_JOURNAL_FILENAME ".");
data/tracker-2.3.6/src/libtracker-data/tracker-db-manager.c:290:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contents && strlen (contents) <= 2) {
data/tracker-2.3.6/src/libtracker-data/tracker-db-manager.c:373:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contents && strlen (contents) == 0) {
data/tracker-2.3.6/src/libtracker-data/tracker-sparql-parser.c:492:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (rule->string);
data/tracker-2.3.6/src/libtracker-data/tracker-sparql-parser.c:769:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (query);
data/tracker-2.3.6/src/libtracker-data/tracker-sparql-parser.c:789:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (query);
data/tracker-2.3.6/src/libtracker-data/tracker-sparql.c:429:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str);
data/tracker-2.3.6/src/libtracker-data/tracker-string-builder.c:185:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str);
data/tracker-2.3.6/src/libtracker-data/tracker-string-builder.c:197:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (&chunk->string[chunk->len], str, len);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:2815:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( n<0 ) n = (int)strlen(z);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:3324:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nStr = (int)strlen(zStr);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:3509:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nIn = (int)strlen(pIn);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:3842:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nEnum = (int)strlen(zEnum);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:3874:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nCmd = (int)strlen(zCmd);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:3930:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nArg = (int)strlen(zArg) + 1;
data/tracker-2.3.6/src/libtracker-fts/fts5.c:4060:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nIn = (int)strlen(zIn);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:5349:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pExpr->pIndex, p->zTerm, (int)strlen(p->zTerm),
data/tracker-2.3.6/src/libtracker-fts/fts5.c:6153:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (int)strlen(z);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:6221:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rc = fts5ParseTokenize((void*)&sCtx, tflags, zTerm, (int)strlen(zTerm),
data/tracker-2.3.6/src/libtracker-fts/fts5.c:6518:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nByte += (int)strlen(pTerm->zTerm) * 2 + 3 + 2;
data/tracker-2.3.6/src/libtracker-fts/fts5.c:6988:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nTerm = strlen(pTerm->zTerm);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:7318:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iHash = fts5HashKey(nNew, (u8*)p->zKey, (int)strlen(p->zKey));
data/tracker-2.3.6/src/libtracker-fts/fts5.c:7658:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nTerm = (int)strlen(p->zKey);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:9524:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sqlite3Fts5BufferSet(&p->rc,&pIter->term, (int)strlen(zTerm), (u8*)zTerm);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:9604:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sqlite3Fts5BufferSet(&p->rc, &pIter->term, (int)strlen(zTerm),
data/tracker-2.3.6/src/libtracker-fts/fts5.c:10031:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (z ? (int)strlen((const char*)z) : 0);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:12024:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fts5WriteAppendTerm(p, &writer, (int)strlen(zTerm), (const u8*)zTerm);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:16383:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nName = (int)strlen(zName) + 1;
data/tracker-2.3.6/src/libtracker-fts/fts5.c:16421:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nName = (int)strlen(zName) + 1;
data/tracker-2.3.6/src/libtracker-fts/fts5.c:16977:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iOff = (int)strlen(zDefn);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:16980:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iOff += (int)strlen(&zDefn[iOff]);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18052:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = (int)strlen(z);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18389:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( strlen(p->zSuffix)==p->nSuffix );
data/tracker-2.3.6/src/libtracker-fts/fts5.c:18390:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( strlen(p->zOutput)==p->nOutput );
data/tracker-2.3.6/src/libtracker-fts/fts5.c:19928:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bDb = (argc==6 && strlen(argv[1])==4 && memcmp("temp", argv[1], 4)==0);
data/tracker-2.3.6/src/libtracker-fts/fts5.c:19938:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nDb = (int)strlen(zDb)+1;
data/tracker-2.3.6/src/libtracker-fts/fts5.c:19939:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nTab = (int)strlen(zTab)+1;
data/tracker-2.3.6/src/libtracker-miner/tracker-file-system.c:186:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (data->uri_prefix);
data/tracker-2.3.6/src/libtracker-miner/tracker-file-system.c:257:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen (parent_uri);
data/tracker-2.3.6/src/libtracker-miner/tracker-indexing-tree.c:763:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str);
data/tracker-2.3.6/src/libtracker-miner/tracker-monitor.c:486:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen (old_prefix) + 1;
data/tracker-2.3.6/src/libtracker-sparql/tracker-namespace-manager.c:237:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (prefix) > MAX_PREFIX_LENGTH) {
data/tracker-2.3.6/src/libtracker-sparql/tracker-namespace-manager.c:290:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (prefix, compact_uri, colon_pos - 1);
data/tracker-2.3.6/src/tracker/tracker-config.c:98:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = MAX (len, strlen (swp->schema));
data/tracker-2.3.6/src/tracker/tracker-config.c:157:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = MAX (len, strlen (name));
data/tracker-2.3.6/src/tracker/tracker-daemon.c:635:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_strndup (key, strlen (key) - 1),
data/tracker-2.3.6/src/tracker/tracker-daemon.c:846:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (watch_filter && strlen (watch_filter) > 0) {
data/tracker-2.3.6/src/tracker/tracker-daemon.c:1319:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
paused_length = strlen (_("PAUSED"));
data/tracker-2.3.6/src/tracker/tracker-daemon.c:1325:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
longest_miner_name_length = MAX (longest_miner_name_length, strlen (name));
data/tracker-2.3.6/src/tracker/tracker-main.c:174:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (longest < strlen (commands[i].cmd))
data/tracker-2.3.6/src/tracker/tracker-main.c:175:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
longest = strlen(commands[i].cmd);
data/tracker-2.3.6/src/tracker/tracker-main.c:188:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mput_char (' ', longest - strlen (commands[i].cmd));
data/tracker-2.3.6/src/tracker/tracker-reset.c:194:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
response[strlen (response) - 1] = '\0';
data/tracker-2.3.6/src/tracker/tracker-search.c:1534:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint end = strlen (term) - 1;
data/tracker-2.3.6/src/tracker/tracker-sparql.c:223:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_strndup (key, strlen (key) - 1),
data/tracker-2.3.6/src/tracker/tracker-sparql.c:811:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset_end = (p - text_down) + strlen (highlight_text) + strlen (SNIPPET_BEGIN);
data/tracker-2.3.6/src/tracker/tracker-sparql.c:811:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset_end = (p - text_down) + strlen (highlight_text) + strlen (SNIPPET_BEGIN);
data/tracker-2.3.6/src/tracker/tracker-sparql.c:814:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += offset_end + strlen (SNIPPET_END);
data/tracker-2.3.6/tests/gvdb/gvdb-test.c:139:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
GvdbTable *read;
data/tracker-2.3.6/tests/gvdb/gvdb-test.c:149:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
g_assert (read);
data/tracker-2.3.6/tests/gvdb/gvdb-test.c:150:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
g_assert (gvdb_table_is_valid (read));
data/tracker-2.3.6/tests/gvdb/gvdb-test.c:152:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
g_assert (gvdb_table_has_value (read, "key1"));
data/tracker-2.3.6/tests/gvdb/gvdb-test.c:153:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
value = gvdb_table_get_value (read, "key1");
data/tracker-2.3.6/tests/gvdb/gvdb-test.c:160:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gvdb_table_unref (read);
data/tracker-2.3.6/tests/gvdb/gvdb-test.c:188:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
GvdbTable *read, *read_ref;
data/tracker-2.3.6/tests/gvdb/gvdb-test.c:202:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
g_assert (read && gvdb_table_is_valid (read));
data/tracker-2.3.6/tests/gvdb/gvdb-test.c:202:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
g_assert (read && gvdb_table_is_valid (read));
data/tracker-2.3.6/tests/gvdb/gvdb-test.c:205:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_ref = gvdb_table_ref (read);
data/tracker-2.3.6/tests/gvdb/gvdb-test.c:214:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gvdb_table_unref (read);
data/tracker-2.3.6/tests/libtracker-common/tracker-parser-test.c:116:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (testdata->str),
data/tracker-2.3.6/tests/libtracker-common/tracker-parser-test.c:177:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (testdata->str),
data/tracker-2.3.6/tests/libtracker-common/tracker-parser-test.c:251:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (testdata->str),
data/tracker-2.3.6/tests/libtracker-common/tracker-parser.c:143:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (text),
data/tracker-2.3.6/tests/libtracker-miner/tracker-miner-fs-test.c:371:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen (root_uri) + 2);
data/tracker-2.3.6/tests/libtracker-miner/tracker-monitor-test.c:321:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (contents);
ANALYSIS SUMMARY:
Hits = 230
Lines analyzed = 117431 in approximately 2.43 seconds (48379 lines/second)
Physical Source Lines of Code (SLOC) = 81866
Hits@level = [0] 21 [1] 100 [2] 108 [3] 18 [4] 4 [5] 0
Hits@level+ = [0+] 251 [1+] 230 [2+] 130 [3+] 22 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 3.06599 [1+] 2.80947 [2+] 1.58796 [3+] 0.268732 [4+] 0.0488603 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.