Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/xmlcopyeditor-1.2.1.3/src/xsllocator.cpp Examining data/xmlcopyeditor-1.2.1.3/src/xmlrulereader.cpp Examining data/xmlcopyeditor-1.2.1.3/src/styledialog.h Examining data/xmlcopyeditor-1.2.1.3/src/findreplacepanel.cpp Examining data/xmlcopyeditor-1.2.1.3/src/xmlassociatedtd.cpp Examining data/xmlcopyeditor-1.2.1.3/src/globalreplacedialog.cpp Examining data/xmlcopyeditor-1.2.1.3/src/mp3album.h Examining data/xmlcopyeditor-1.2.1.3/src/wraplibxml.h Examining data/xmlcopyeditor-1.2.1.3/src/wrapxerces.h Examining data/xmlcopyeditor-1.2.1.3/src/getword.cpp Examining data/xmlcopyeditor-1.2.1.3/src/housestylewriter.cpp Examining data/xmlcopyeditor-1.2.1.3/src/xmltextinfo.h Examining data/xmlcopyeditor-1.2.1.3/src/mynotebook.cpp Examining data/xmlcopyeditor-1.2.1.3/src/xmlparseschemans.cpp Examining data/xmlcopyeditor-1.2.1.3/src/wrapdaisy.cpp Examining data/xmlcopyeditor-1.2.1.3/src/exportdialog.cpp Examining data/xmlcopyeditor-1.2.1.3/src/locationpanel.cpp Examining data/xmlcopyeditor-1.2.1.3/src/xmlctrl.cpp Examining data/xmlcopyeditor-1.2.1.3/src/mp3album.cpp Examining data/xmlcopyeditor-1.2.1.3/src/xmlencodingspy.cpp Examining data/xmlcopyeditor-1.2.1.3/src/dtd2schema.cpp Examining data/xmlcopyeditor-1.2.1.3/src/myipc.h Examining data/xmlcopyeditor-1.2.1.3/src/xmlschemaparser.cpp Examining data/xmlcopyeditor-1.2.1.3/src/threadreaper.h Examining data/xmlcopyeditor-1.2.1.3/src/xmlfilterreader.cpp Examining data/xmlcopyeditor-1.2.1.3/src/getword.h Examining data/xmlcopyeditor-1.2.1.3/src/myprintout.cpp Examining data/xmlcopyeditor-1.2.1.3/src/xmlassociatexsl.h Examining data/xmlcopyeditor-1.2.1.3/src/housestylewriter.h Examining data/xmlcopyeditor-1.2.1.3/src/wrapxerces.cpp Examining data/xmlcopyeditor-1.2.1.3/src/myhtmlpane.cpp Examining data/xmlcopyeditor-1.2.1.3/src/xmlschemagenerator.cpp Examining data/xmlcopyeditor-1.2.1.3/src/commandpanel.cpp Examining data/xmlcopyeditor-1.2.1.3/src/associatedialog.cpp Examining data/xmlcopyeditor-1.2.1.3/src/casehandler.cpp Examining data/xmlcopyeditor-1.2.1.3/src/xmlencodinghandler.cpp Examining data/xmlcopyeditor-1.2.1.3/src/xmlcopyimg.cpp Examining data/xmlcopyeditor-1.2.1.3/src/associatedialog.h Examining data/xmlcopyeditor-1.2.1.3/src/contexthandler.h Examining data/xmlcopyeditor-1.2.1.3/src/contexthandler.cpp Examining data/xmlcopyeditor-1.2.1.3/src/aboutdialog.h Examining data/xmlcopyeditor-1.2.1.3/src/nocasecompare.cpp Examining data/xmlcopyeditor-1.2.1.3/src/xmlshallowvalidator.cpp Examining data/xmlcopyeditor-1.2.1.3/src/xmlctrl.h Examining data/xmlcopyeditor-1.2.1.3/src/parserdata.h Examining data/xmlcopyeditor-1.2.1.3/src/xmlcopyimg.h Examining data/xmlcopyeditor-1.2.1.3/src/xmlutf8reader.h Examining data/xmlcopyeditor-1.2.1.3/src/threadreaper.cpp Examining data/xmlcopyeditor-1.2.1.3/src/xmlpromptgenerator.cpp Examining data/xmlcopyeditor-1.2.1.3/src/xmlassociatexsd.h Examining data/xmlcopyeditor-1.2.1.3/src/globalreplacedialog.h Examining data/xmlcopyeditor-1.2.1.3/src/xmlshallowvalidator.h Examining data/xmlcopyeditor-1.2.1.3/src/commandpanel.h Examining data/xmlcopyeditor-1.2.1.3/src/locationpanel.h Examining data/xmlcopyeditor-1.2.1.3/src/xmltextinfo.cpp Examining data/xmlcopyeditor-1.2.1.3/src/xmlsuppressprodnote.h Examining data/xmlcopyeditor-1.2.1.3/src/pathresolver.h Examining data/xmlcopyeditor-1.2.1.3/src/xercescatalogresolver.h Examining data/xmlcopyeditor-1.2.1.3/src/xmldoc.cpp Examining data/xmlcopyeditor-1.2.1.3/src/styledialog.cpp Examining data/xmlcopyeditor-1.2.1.3/src/binaryfile.h Examining data/xmlcopyeditor-1.2.1.3/src/xmlschemagenerator.h Examining data/xmlcopyeditor-1.2.1.3/src/wrapdaisy.h Examining data/xmlcopyeditor-1.2.1.3/src/catalogresolver.h Examining data/xmlcopyeditor-1.2.1.3/src/xmlprodnote.h Examining data/xmlcopyeditor-1.2.1.3/src/casehandler.h Examining data/xmlcopyeditor-1.2.1.3/src/xmlfilterreader.h Examining data/xmlcopyeditor-1.2.1.3/src/xercescatalogresolver.cpp Examining data/xmlcopyeditor-1.2.1.3/src/nocasecompare.h Examining data/xmlcopyeditor-1.2.1.3/src/stringset.h Examining data/xmlcopyeditor-1.2.1.3/src/xmlutf8reader.cpp Examining data/xmlcopyeditor-1.2.1.3/src/wrapexpat.cpp Examining data/xmlcopyeditor-1.2.1.3/src/wraplibxml.cpp Examining data/xmlcopyeditor-1.2.1.3/src/housestyle.h Examining data/xmlcopyeditor-1.2.1.3/src/exportdialog.h Examining data/xmlcopyeditor-1.2.1.3/src/housestylereader.h Examining data/xmlcopyeditor-1.2.1.3/src/xmlparseschemans.h Examining data/xmlcopyeditor-1.2.1.3/src/xmlschemalocator.cpp Examining data/xmlcopyeditor-1.2.1.3/src/rule.h Examining data/xmlcopyeditor-1.2.1.3/src/rule.cpp Examining data/xmlcopyeditor-1.2.1.3/src/xmlprodnote.cpp Examining data/xmlcopyeditor-1.2.1.3/src/xmlencodinghandler.h Examining data/xmlcopyeditor-1.2.1.3/src/dtd2schema.h Examining data/xmlcopyeditor-1.2.1.3/src/xsllocator.h Examining data/xmlcopyeditor-1.2.1.3/src/xmlpromptgenerator.h Examining data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor.h Examining data/xmlcopyeditor-1.2.1.3/src/findreplacepanel.h Examining data/xmlcopyeditor-1.2.1.3/src/wrapaspell.cpp Examining data/xmlcopyeditor-1.2.1.3/src/xmlassociatexsd.cpp Examining data/xmlcopyeditor-1.2.1.3/src/catalogresolver.cpp Examining data/xmlcopyeditor-1.2.1.3/src/xmlassociatedtd.h Examining data/xmlcopyeditor-1.2.1.3/src/replace.h Examining data/xmlcopyeditor-1.2.1.3/src/wrapregex.h Examining data/xmlcopyeditor-1.2.1.3/src/xmlwordcount.h Examining data/xmlcopyeditor-1.2.1.3/src/xmlsuppressprodnote.cpp Examining data/xmlcopyeditor-1.2.1.3/src/mynotebook.h Examining data/xmlcopyeditor-1.2.1.3/src/myhtmlpane.h Examining data/xmlcopyeditor-1.2.1.3/src/wrapexpat.h Examining data/xmlcopyeditor-1.2.1.3/src/housestyle.cpp Examining data/xmlcopyeditor-1.2.1.3/src/aboutdialog.cpp Examining data/xmlcopyeditor-1.2.1.3/src/wrapregex.cpp Examining data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor_private.h Examining data/xmlcopyeditor-1.2.1.3/src/readfile.cpp Examining data/xmlcopyeditor-1.2.1.3/src/myipc.cpp Examining data/xmlcopyeditor-1.2.1.3/src/validationthread.cpp Examining data/xmlcopyeditor-1.2.1.3/src/housestylereader.cpp Examining data/xmlcopyeditor-1.2.1.3/src/xmlrulereader.h Examining data/xmlcopyeditor-1.2.1.3/src/binaryfile.cpp Examining data/xmlcopyeditor-1.2.1.3/src/xmldoc.h Examining data/xmlcopyeditor-1.2.1.3/src/xmlschemalocator.h Examining data/xmlcopyeditor-1.2.1.3/src/wraptempfilename.h Examining data/xmlcopyeditor-1.2.1.3/src/xmlencodingspy.h Examining data/xmlcopyeditor-1.2.1.3/src/xmlassociatexsl.cpp Examining data/xmlcopyeditor-1.2.1.3/src/xmlwordcount.cpp Examining data/xmlcopyeditor-1.2.1.3/src/readfile.h Examining data/xmlcopyeditor-1.2.1.3/src/pathresolver.cpp Examining data/xmlcopyeditor-1.2.1.3/src/mypropertysheet.cpp Examining data/xmlcopyeditor-1.2.1.3/src/xmlschemaparser.h Examining data/xmlcopyeditor-1.2.1.3/src/validationthread.h Examining data/xmlcopyeditor-1.2.1.3/src/mypropertysheet.h Examining data/xmlcopyeditor-1.2.1.3/src/wrapaspell.h Examining data/xmlcopyeditor-1.2.1.3/src/insertpanel.h Examining data/xmlcopyeditor-1.2.1.3/src/insertpanel.cpp Examining data/xmlcopyeditor-1.2.1.3/src/replace.cpp Examining data/xmlcopyeditor-1.2.1.3/src/myprintout.h Examining data/xmlcopyeditor-1.2.1.3/src/wraptempfilename.cpp Examining data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditorcopy.h Examining data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor.cpp FINAL RESULTS: data/xmlcopyeditor-1.2.1.3/src/validationthread.cpp:37:18: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. const wxString &system ) data/xmlcopyeditor-1.2.1.3/src/validationthread.cpp:48:13: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. mySystem = system; data/xmlcopyeditor-1.2.1.3/src/validationthread.h:37:35: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. const wxString &system ); data/xmlcopyeditor-1.2.1.3/src/validationthread.h:39:51: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void setBuffer ( const char *buffer, const char *system ); data/xmlcopyeditor-1.2.1.3/src/wrapdaisy.cpp:64:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system ( systemCmd.c_str() ); data/xmlcopyeditor-1.2.1.3/src/wraplibxml.cpp:84:12: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. chars = vsnprintf( (char *) buffer.c_str(), size, msg, args); data/xmlcopyeditor-1.2.1.3/src/xmlctrl.cpp:2062:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. const wxString &system, data/xmlcopyeditor-1.2.1.3/src/xmlctrl.cpp:2080:3: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system data/xmlcopyeditor-1.2.1.3/src/xmlctrl.h:157:20: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. const wxString &system, data/xmlcopyeditor-1.2.1.3/src/mp3album.cpp:51:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char noArray[5]; data/xmlcopyeditor-1.2.1.3/src/mp3album.cpp:61:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( noArray, ( * ( attr + 1 ) ) + 9, 4 ); data/xmlcopyeditor-1.2.1.3/src/mp3album.cpp:63:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). currentNo = atoi ( noArray ); data/xmlcopyeditor-1.2.1.3/src/stringset.h:45:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( key, keyParameter, len * sizeof ( T ) ); data/xmlcopyeditor-1.2.1.3/src/wraplibxml.cpp:493:14: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). FILE *fp = tmpfile(); data/xmlcopyeditor-1.2.1.3/src/wrapregex.cpp:219:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( tmp, number, sizeof ( char ) * len ); data/xmlcopyeditor-1.2.1.3/src/wrapregex.cpp:221:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int i = atoi ( tmp ); data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor.cpp:229:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fdnull = open ( "/dev/null", O_WRONLY, 0 ); data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor.cpp:3072:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ( unsigned char ) docBuffer[0] == 0x00 && data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor.cpp:3073:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ( unsigned char ) docBuffer[1] == 0x00 && data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor.cpp:3074:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ( unsigned char ) docBuffer[2] == 0xFE && data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor.cpp:3075:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ( unsigned char ) docBuffer[3] == 0xFF ) data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor.cpp:3082:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ( unsigned char ) docBuffer[0] == 0xFF && data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor.cpp:3083:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ( unsigned char ) docBuffer[1] == 0xFE && data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor.cpp:3084:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ( unsigned char ) docBuffer[2] == 0x00 && data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor.cpp:3085:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ( unsigned char ) docBuffer[3] == 0x00 ) data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor.cpp:3092:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ( unsigned char ) docBuffer[0] == 0xFE && data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor.cpp:3093:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ( unsigned char ) docBuffer[1] == 0xFF ) data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor.cpp:3100:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ( unsigned char ) docBuffer[0] == 0xFF && data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor.cpp:3101:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ( unsigned char ) docBuffer[1] == 0xFE ) data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor.cpp:3108:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ( unsigned char ) docBuffer[0] == 0xEF && data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor.cpp:3109:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ( unsigned char ) docBuffer[1] == 0xBB && data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor.cpp:3110:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ( unsigned char ) docBuffer[2] == 0xBF ) data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor.cpp:4838:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char bom[4] = "\xEF\xBB\xBF"; data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor.cpp:5938:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ( unsigned char ) buffer[0] == 0xEF && data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor.cpp:5939:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ( unsigned char ) buffer[1] == 0xBB && data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor.cpp:5940:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ( unsigned char ) buffer[2] == 0xBF ) data/xmlcopyeditor-1.2.1.3/src/wrapregex.cpp:115:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen ( s ), data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor.cpp:418:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wideWhat = wxString ( what, wxConvLocal, strlen ( what ) ); data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor.cpp:483:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wideWhat = wxString ( what, wxConvLocal, strlen ( what ) ); data/xmlcopyeditor-1.2.1.3/src/xmlcopyeditor.cpp:2788:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wxString wideError = wxString ( e.what(), wxConvUTF8, strlen ( e.what() ) ); data/xmlcopyeditor-1.2.1.3/src/xmlctrl.cpp:96:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufferLen = strlen ( DEFAULT_XML_DECLARATION_UTF8 ); data/xmlcopyeditor-1.2.1.3/src/xmlencodinghandler.cpp:112:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). start = start + strlen ( anchor ); data/xmlcopyeditor-1.2.1.3/src/xmlencodinghandler.cpp:116:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen ( start ) < 2 ) data/xmlcopyeditor-1.2.1.3/src/xmltextinfo.cpp:68:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). href += strlen ( "href" ); data/xmlcopyeditor-1.2.1.3/src/xsllocator.cpp:53:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( !value || strlen ( value ) < 7 ) ANALYSIS SUMMARY: Hits = 45 Lines analyzed = 26271 in approximately 0.62 seconds (42502 lines/second) Physical Source Lines of Code (SLOC) = 20116 Hits@level = [0] 1 [1] 9 [2] 27 [3] 0 [4] 9 [5] 0 Hits@level+ = [0+] 46 [1+] 45 [2+] 36 [3+] 9 [4+] 9 [5+] 0 Hits/KSLOC@level+ = [0+] 2.28674 [1+] 2.23703 [2+] 1.78962 [3+] 0.447405 [4+] 0.447405 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.