Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ario-1.6/plugins/mmkeys/ario-mmkeys-plugin.c
Examining data/ario-1.6/plugins/mmkeys/ario-mmkeys-plugin.h
Examining data/ario-1.6/plugins/information/ario-information-plugin.c
Examining data/ario-1.6/plugins/information/ario-information.h
Examining data/ario-1.6/plugins/information/ario-information.c
Examining data/ario-1.6/plugins/information/ario-information-plugin.h
Examining data/ario-1.6/plugins/filesystem/ario-filesystem.c
Examining data/ario-1.6/plugins/filesystem/ario-filesystem.h
Examining data/ario-1.6/plugins/filesystem/ario-filesystem-plugin.h
Examining data/ario-1.6/plugins/filesystem/ario-filesystem-plugin.c
Examining data/ario-1.6/plugins/radios/ario-radios-plugin.h
Examining data/ario-1.6/plugins/radios/ario-radios-plugin.c
Examining data/ario-1.6/plugins/radios/ario-radio.c
Examining data/ario-1.6/plugins/radios/ario-radio.h
Examining data/ario-1.6/bindings/python/override_common.h
Examining data/ario-1.6/bindings/python/override_common.c
Examining data/ario-1.6/src/plugins/ario-python-plugin.h
Examining data/ario-1.6/src/plugins/ario-plugin-info-priv.h
Examining data/ario-1.6/src/plugins/ario-plugin-manager.h
Examining data/ario-1.6/src/plugins/ario-plugin.h
Examining data/ario-1.6/src/plugins/ario-plugins-engine.h
Examining data/ario-1.6/src/plugins/ario-plugin-info.h
Examining data/ario-1.6/src/plugins/ario-module.c
Examining data/ario-1.6/src/plugins/ario-plugins-engine.c
Examining data/ario-1.6/src/plugins/ario-python-plugin.c
Examining data/ario-1.6/src/plugins/ario-plugin-manager.c
Examining data/ario-1.6/src/plugins/ario-python-module.h
Examining data/ario-1.6/src/plugins/ario-plugin-info.c
Examining data/ario-1.6/src/plugins/ario-plugin.c
Examining data/ario-1.6/src/plugins/ario-python-module.c
Examining data/ario-1.6/src/plugins/ario-module.h
Examining data/ario-1.6/src/ario-profiles.h
Examining data/ario-1.6/src/widgets/ario-volume.c
Examining data/ario-1.6/src/widgets/ario-dnd-tree.c
Examining data/ario-1.6/src/widgets/ario-header.h
Examining data/ario-1.6/src/widgets/ario-lyrics-editor.c
Examining data/ario-1.6/src/widgets/ario-status-bar.c
Examining data/ario-1.6/src/widgets/ario-firstlaunch.c
Examining data/ario-1.6/src/widgets/ario-header.c
Examining data/ario-1.6/src/widgets/ario-status-bar.h
Examining data/ario-1.6/src/widgets/ario-playlist.h
Examining data/ario-1.6/src/widgets/ario-songlist.c
Examining data/ario-1.6/src/widgets/ario-connection-widget.h
Examining data/ario-1.6/src/widgets/ario-connection-widget.c
Examining data/ario-1.6/src/widgets/ario-firstlaunch.h
Examining data/ario-1.6/src/widgets/ario-volume.h
Examining data/ario-1.6/src/widgets/ario-songlist.h
Examining data/ario-1.6/src/widgets/ario-dnd-tree.h
Examining data/ario-1.6/src/widgets/ario-lyrics-editor.h
Examining data/ario-1.6/src/widgets/ario-playlist.c
Examining data/ario-1.6/src/lib/libmpdclient.c
Examining data/ario-1.6/src/lib/gtk-builder-helpers.h
Examining data/ario-1.6/src/lib/gtk-builder-helpers.c
Examining data/ario-1.6/src/lib/ario-conf.h
Examining data/ario-1.6/src/lib/ario-conf.c
Examining data/ario-1.6/src/lib/libmpdclient.h
Examining data/ario-1.6/src/ario-util.c
Examining data/ario-1.6/src/ario-avahi.c
Examining data/ario-1.6/src/servers/ario-xmms.c
Examining data/ario-1.6/src/servers/ario-mpd.h
Examining data/ario-1.6/src/servers/ario-server-interface.c
Examining data/ario-1.6/src/servers/ario-mpd2.h
Examining data/ario-1.6/src/servers/ario-mpd.c
Examining data/ario-1.6/src/servers/ario-server-interface.h
Examining data/ario-1.6/src/servers/ario-mpd2.c
Examining data/ario-1.6/src/servers/ario-server.c
Examining data/ario-1.6/src/servers/ario-xmms.h
Examining data/ario-1.6/src/servers/ario-server.h
Examining data/ario-1.6/src/ario-enum-types.h
Examining data/ario-1.6/src/ario-debug.h
Examining data/ario-1.6/src/lyrics/ario-lyrics-letras.c
Examining data/ario-1.6/src/lyrics/ario-lyrics-provider.h
Examining data/ario-1.6/src/lyrics/ario-lyrics-manager.h
Examining data/ario-1.6/src/lyrics/ario-lyrics-manager.c
Examining data/ario-1.6/src/lyrics/ario-lyrics-provider.c
Examining data/ario-1.6/src/lyrics/ario-lyrics-letras.h
Examining data/ario-1.6/src/lyrics/ario-lyrics.h
Examining data/ario-1.6/src/lyrics/ario-lyrics.c
Examining data/ario-1.6/src/playlist/ario-playlist-manager.c
Examining data/ario-1.6/src/playlist/ario-playlist-dynamic.c
Examining data/ario-1.6/src/playlist/ario-playlist-mode.c
Examining data/ario-1.6/src/playlist/ario-playlist-manager.h
Examining data/ario-1.6/src/playlist/ario-playlist-normal.h
Examining data/ario-1.6/src/playlist/ario-playlist-queue.c
Examining data/ario-1.6/src/playlist/ario-playlist-queue.h
Examining data/ario-1.6/src/playlist/ario-playlist-normal.c
Examining data/ario-1.6/src/playlist/ario-playlist-dynamic.h
Examining data/ario-1.6/src/playlist/ario-playlist-mode.h
Examining data/ario-1.6/src/shell/ario-shell-preferences.h
Examining data/ario-1.6/src/shell/ario-shell-songinfos.h
Examining data/ario-1.6/src/shell/ario-shell.h
Examining data/ario-1.6/src/shell/ario-shell-similarartists.c
Examining data/ario-1.6/src/shell/ario-shell-songinfos.c
Examining data/ario-1.6/src/shell/ario-shell-coverdownloader.c
Examining data/ario-1.6/src/shell/ario-shell-preferences.c
Examining data/ario-1.6/src/shell/ario-shell.c
Examining data/ario-1.6/src/shell/ario-shell-lyrics.h
Examining data/ario-1.6/src/shell/ario-shell-lyricsselect.h
Examining data/ario-1.6/src/shell/ario-shell-coverdownloader.h
Examining data/ario-1.6/src/shell/ario-shell-coverselect.h
Examining data/ario-1.6/src/shell/ario-shell-coverselect.c
Examining data/ario-1.6/src/shell/ario-shell-lyricsselect.c
Examining data/ario-1.6/src/shell/ario-shell-similarartists.h
Examining data/ario-1.6/src/shell/ario-shell-lyrics.c
Examining data/ario-1.6/src/ario-avahi.h
Examining data/ario-1.6/src/sources/ario-source.c
Examining data/ario-1.6/src/sources/ario-search.c
Examining data/ario-1.6/src/sources/ario-tree-songs.h
Examining data/ario-1.6/src/sources/ario-source-manager.c
Examining data/ario-1.6/src/sources/ario-storedplaylists.c
Examining data/ario-1.6/src/sources/ario-source-manager.h
Examining data/ario-1.6/src/sources/ario-source.h
Examining data/ario-1.6/src/sources/ario-tree.h
Examining data/ario-1.6/src/sources/ario-storedplaylists.h
Examining data/ario-1.6/src/sources/ario-browser.h
Examining data/ario-1.6/src/sources/ario-tree-albums.h
Examining data/ario-1.6/src/sources/ario-search.h
Examining data/ario-1.6/src/sources/ario-tree-songs.c
Examining data/ario-1.6/src/sources/ario-browser.c
Examining data/ario-1.6/src/sources/ario-tree-albums.c
Examining data/ario-1.6/src/sources/ario-tree.c
Examining data/ario-1.6/src/ario-enum-types.c
Examining data/ario-1.6/src/ario-util.h
Examining data/ario-1.6/src/notification/ario-notification-manager.h
Examining data/ario-1.6/src/notification/ario-notifier-gnotif.h
Examining data/ario-1.6/src/notification/ario-notifier-gnotif.c
Examining data/ario-1.6/src/notification/ario-notifier.c
Examining data/ario-1.6/src/notification/ario-notifier.h
Examining data/ario-1.6/src/notification/ario-notification-manager.c
Examining data/ario-1.6/src/ario-profiles.c
Examining data/ario-1.6/src/preferences/ario-stats-preferences.c
Examining data/ario-1.6/src/preferences/ario-cover-preferences.c
Examining data/ario-1.6/src/preferences/ario-browser-preferences.h
Examining data/ario-1.6/src/preferences/ario-stats-preferences.h
Examining data/ario-1.6/src/preferences/ario-cover-preferences.h
Examining data/ario-1.6/src/preferences/ario-playlist-preferences.c
Examining data/ario-1.6/src/preferences/ario-lyrics-preferences.c
Examining data/ario-1.6/src/preferences/ario-connection-preferences.c
Examining data/ario-1.6/src/preferences/ario-server-preferences.h
Examining data/ario-1.6/src/preferences/ario-browser-preferences.c
Examining data/ario-1.6/src/preferences/ario-others-preferences.h
Examining data/ario-1.6/src/preferences/ario-lyrics-preferences.h
Examining data/ario-1.6/src/preferences/ario-server-preferences.c
Examining data/ario-1.6/src/preferences/ario-connection-preferences.h
Examining data/ario-1.6/src/preferences/ario-preferences.h
Examining data/ario-1.6/src/preferences/ario-playlist-preferences.h
Examining data/ario-1.6/src/preferences/ario-others-preferences.c
Examining data/ario-1.6/src/ario-main.c
Examining data/ario-1.6/src/covers/ario-cover-lastfm.h
Examining data/ario-1.6/src/covers/ario-cover-provider.c
Examining data/ario-1.6/src/covers/ario-cover-local.c
Examining data/ario-1.6/src/covers/ario-cover-handler.h
Examining data/ario-1.6/src/covers/ario-cover.h
Examining data/ario-1.6/src/covers/ario-cover-local.h
Examining data/ario-1.6/src/covers/ario-cover-handler.c
Examining data/ario-1.6/src/covers/ario-cover-lastfm.c
Examining data/ario-1.6/src/covers/ario-cover-manager.c
Examining data/ario-1.6/src/covers/ario-cover-provider.h
Examining data/ario-1.6/src/covers/ario-cover-manager.h
Examining data/ario-1.6/src/covers/ario-cover.c
FINAL RESULTS:
data/ario-1.6/src/ario-util.c:432:9: [4] (shell) ShellExecute:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ShellExecute (GetDesktopWindow(), "open", uri, NULL, NULL, SW_SHOW);
data/ario-1.6/src/lib/libmpdclient.c:438:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(connection->buffer,rt+1);
data/ario-1.6/src/lib/libmpdclient.c:627:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(connection->errorStr, output);
data/ario-1.6/src/lib/libmpdclient.h:213:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int random;
data/ario-1.6/src/servers/ario-mpd.c:80:57: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
static void ario_mpd_set_current_random (const gboolean random);
data/ario-1.6/src/servers/ario-mpd.c:870:46: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (instance->parent.random != (gboolean) instance->priv->status->random)
data/ario-1.6/src/servers/ario-mpd.c:870:91: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (instance->parent.random != (gboolean) instance->priv->status->random)
data/ario-1.6/src/servers/ario-mpd.c:871:102: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
g_object_set (G_OBJECT (instance), "random", instance->priv->status->random, NULL);
data/ario-1.6/src/servers/ario-mpd.c:1091:45: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ario_mpd_set_current_random (const gboolean random)
data/ario-1.6/src/servers/ario-mpd.c:1098:60: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mpd_sendRandomCommand (instance->priv->connection, random);
data/ario-1.6/src/servers/ario-mpd2.c:81:57: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
static void ario_mpd_set_current_random (const gboolean random);
data/ario-1.6/src/servers/ario-mpd2.c:1072:46: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (instance->parent.random != mpd_status_get_random (instance->priv->status))
data/ario-1.6/src/servers/ario-mpd2.c:1249:45: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ario_mpd_set_current_random (const gboolean random)
data/ario-1.6/src/servers/ario-mpd2.c:1255:53: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mpd_run_random (instance->priv->connection, random);
data/ario-1.6/src/servers/ario-server-interface.c:425:63: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
g_value_set_boolean (value, server_interface->random);
data/ario-1.6/src/servers/ario-server-interface.c:467:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (server_interface->random != FALSE)
data/ario-1.6/src/servers/ario-server-interface.h:49:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
gboolean random;
data/ario-1.6/src/servers/ario-server-interface.h:109:87: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void (*set_current_random) (const gboolean random);
data/ario-1.6/src/servers/ario-server.c:504:27: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return interface->random;
data/ario-1.6/src/servers/ario-server.c:638:48: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ario_server_set_current_random (const gboolean random)
data/ario-1.6/src/servers/ario-server.c:642:74: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ARIO_SERVER_INTERFACE_GET_CLASS (interface)->set_current_random (random);
data/ario-1.6/src/servers/ario-server.h:320:92: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void ario_server_set_current_random (const gboolean random);
data/ario-1.6/src/servers/ario-xmms.c:78:58: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
static void ario_xmms_set_current_random (const gboolean random);
data/ario-1.6/src/servers/ario-xmms.c:1086:46: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ario_xmms_set_current_random (const gboolean random)
data/ario-1.6/src/widgets/ario-header.c:722:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
gboolean random;
data/ario-1.6/src/widgets/ario-header.c:734:39: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random);
data/ario-1.6/src/ario-avahi.c:190:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[200];
data/ario-1.6/src/ario-avahi.c:264:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[AVAHI_ADDRESS_STR_MAX];
data/ario-1.6/src/ario-profiles.c:143:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
profile->port = atoi ((char *) xml_port);
data/ario-1.6/src/ario-profiles.c:149:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
profile->timeout = atoi ((char *) xml_timeout);
data/ario-1.6/src/ario-profiles.c:190:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
profile->type = atoi ((char *) xml_type);
data/ario-1.6/src/ario-util.c:149:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_snprintf (buf, buf_len, "%02i", atoi (tmp));
data/ario-1.6/src/ario-util.c:151:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_snprintf (buf, buf_len, "%02i", atoi (track));
data/ario-1.6/src/ario-util.c:307:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(download_data->data)[download_data->size], buffer, size*nmemb);
data/ario-1.6/src/ario-util.c:651:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char translate[256];
data/ario-1.6/src/lib/ario-conf.c:133:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret = atoi (value);
data/ario-1.6/src/lib/libmpdclient.c:102:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,
data/ario-1.6/src/lib/libmpdclient.c:137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char service[INTLEN+1];
data/ario-1.6/src/lib/libmpdclient.c:231:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&sin.sin_addr.s_addr,(char *)he->h_addr,
data/ario-1.6/src/lib/libmpdclient.c:237:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"address type is not IPv4");
data/ario-1.6/src/lib/libmpdclient.c:246:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"problems creating socket");
data/ario-1.6/src/lib/libmpdclient.c:266:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * mpdTagItemKeys[MPD_TAG_NUM_OF_ITEM_TYPES] =
data/ario-1.6/src/lib/libmpdclient.c:472:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"not done processing current command");
data/ario-1.6/src/lib/libmpdclient.c:536:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"already done processing current command");
data/ario-1.6/src/lib/libmpdclient.c:554:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"buffer overrun");
data/ario-1.6/src/lib/libmpdclient.c:574:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"connection"
data/ario-1.6/src/lib/libmpdclient.c:586:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"connection timeout");
data/ario-1.6/src/lib/libmpdclient.c:600:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr, "expected more list_OK's");
data/ario-1.6/src/lib/libmpdclient.c:611:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,
data/ario-1.6/src/lib/libmpdclient.c:730:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->volume = atoi(re->value);
data/ario-1.6/src/lib/libmpdclient.c:733:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->repeat = atoi(re->value);
data/ario-1.6/src/lib/libmpdclient.c:736:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->random = atoi(re->value);
data/ario-1.6/src/lib/libmpdclient.c:739:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->consume = atoi(re->value);
data/ario-1.6/src/lib/libmpdclient.c:745:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->playlistLength = atoi(re->value);
data/ario-1.6/src/lib/libmpdclient.c:748:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->bitRate = atoi(re->value);
data/ario-1.6/src/lib/libmpdclient.c:765:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->song = atoi(re->value);
data/ario-1.6/src/lib/libmpdclient.c:768:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->songid = atoi(re->value);
data/ario-1.6/src/lib/libmpdclient.c:775:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->elapsedTime = atoi(re->value);
data/ario-1.6/src/lib/libmpdclient.c:776:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->totalTime = atoi(tok+1);
data/ario-1.6/src/lib/libmpdclient.c:783:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->crossfade = atoi(re->value);
data/ario-1.6/src/lib/libmpdclient.c:786:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->updatingDb = atoi(re->value);
data/ario-1.6/src/lib/libmpdclient.c:791:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->sampleRate = atoi(re->value);
data/ario-1.6/src/lib/libmpdclient.c:792:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->bits = atoi(++tok);
data/ario-1.6/src/lib/libmpdclient.c:795:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->channels = atoi(tok+1);
data/ario-1.6/src/lib/libmpdclient.c:811:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"state not found");
data/ario-1.6/src/lib/libmpdclient.c:860:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stats->numberOfArtists = atoi(re->value);
data/ario-1.6/src/lib/libmpdclient.c:863:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stats->numberOfAlbums = atoi(re->value);
data/ario-1.6/src/lib/libmpdclient.c:866:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stats->numberOfSongs = atoi(re->value);
data/ario-1.6/src/lib/libmpdclient.c:923:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stats->numberOfSongs = atoi(re->value);
data/ario-1.6/src/lib/libmpdclient.c:1153:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entity->info.song->pos = atoi(connection->returnElement->value);
data/ario-1.6/src/lib/libmpdclient.c:1157:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"problem parsing song info");
data/ario-1.6/src/lib/libmpdclient.c:1200:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entity->info.song->time = atoi(re->value);
data/ario-1.6/src/lib/libmpdclient.c:1204:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entity->info.song->pos = atoi(re->value);
data/ario-1.6/src/lib/libmpdclient.c:1208:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entity->info.song->id = atoi(re->value);
data/ario-1.6/src/lib/libmpdclient.c:1369:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char st[10];
data/ario-1.6/src/lib/libmpdclient.c:1372:32: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(table == MPD_TABLE_ARTIST) strcpy(st,"artist");
data/ario-1.6/src/lib/libmpdclient.c:1373:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if(table == MPD_TABLE_ALBUM) strcpy(st,"album");
data/ario-1.6/src/lib/libmpdclient.c:1376:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"unknown table for list");
data/ario-1.6/src/lib/libmpdclient.c:1419:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
retval = atoi(string);
data/ario-1.6/src/lib/libmpdclient.c:1590:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret = atoi(jobid);
data/ario-1.6/src/lib/libmpdclient.c:1661:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"already in command list mode");
data/ario-1.6/src/lib/libmpdclient.c:1671:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"already in command list mode");
data/ario-1.6/src/lib/libmpdclient.c:1682:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"not in command list mode");
data/ario-1.6/src/lib/libmpdclient.c:1716:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
output->id = atoi(re->value);
data/ario-1.6/src/lib/libmpdclient.c:1722:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
output->enabled = atoi(re->value);
data/ario-1.6/src/lib/libmpdclient.c:1807:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr, "search already in progress");
data/ario-1.6/src/lib/libmpdclient.c:1819:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr, "search already in progress");
data/ario-1.6/src/lib/libmpdclient.c:1830:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr, "search already in progress");
data/ario-1.6/src/lib/libmpdclient.c:1845:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr, "search already in progress");
data/ario-1.6/src/lib/libmpdclient.c:1851:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr, "invalid type specified");
data/ario-1.6/src/lib/libmpdclient.c:1873:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr, "no search in progress");
data/ario-1.6/src/lib/libmpdclient.c:1879:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr, "invalid type specified");
data/ario-1.6/src/lib/libmpdclient.c:1885:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr, "no name specified");
data/ario-1.6/src/lib/libmpdclient.c:1908:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr, "no search in progress");
data/ario-1.6/src/lib/libmpdclient.h:101:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char * mpdTagItemKeys[MPD_TAG_NUM_OF_ITEM_TYPES];
data/ario-1.6/src/lib/libmpdclient.h:144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorStr[MPD_ERRORSTR_MAX_LENGTH+1];
data/ario-1.6/src/lib/libmpdclient.h:151:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MPD_BUFFER_MAX_LENGTH+1];
data/ario-1.6/src/lyrics/ario-lyrics-letras.c:131:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int char_nb = atoi (lyrics->lyrics + i + offset + 2);
data/ario-1.6/src/preferences/ario-browser-preferences.c:155:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a = atoi (splited_conf[i]);
data/ario-1.6/src/servers/ario-server.c:43:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * ArioServerItemNames[ARIO_TAG_COUNT] =
data/ario-1.6/src/servers/ario-xmms.c:108:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * ArioXmmsPattern[ARIO_TAG_COUNT] =
data/ario-1.6/src/servers/ario-xmms.c:1208:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char hex[16] = "0123456789abcdef";
data/ario-1.6/src/shell/ario-shell-songinfos.c:416:60: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
taglib_tag_set_track (tag, atoi (gtk_entry_get_text (GTK_ENTRY (shell_songinfos->priv->track_entry))));
data/ario-1.6/src/shell/ario-shell-songinfos.c:417:59: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
taglib_tag_set_year (tag, atoi (gtk_entry_get_text (GTK_ENTRY (shell_songinfos->priv->date_entry))));
data/ario-1.6/src/sources/ario-browser.c:243:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tag = atoi (splited_conf[i]);
data/ario-1.6/src/widgets/ario-connection-widget.c:548:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[INTLEN];
data/ario-1.6/src/widgets/ario-connection-widget.c:632:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi (tmp);
data/ario-1.6/src/widgets/ario-playlist.c:1274:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nb = atoi (criterias_str[i]);
data/ario-1.6/src/widgets/ario-playlist.c:1279:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atomic_criteria->tag = atoi (criterias_str[i+2*j+1]);
data/ario-1.6/plugins/filesystem/ario-filesystem.c:484:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
display_path = path + strlen (dir) + 1;
data/ario-1.6/plugins/filesystem/ario-filesystem.c:627:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ((const gchar*) dir) * sizeof(guchar));
data/ario-1.6/plugins/information/ario-information.c:532:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (str) * sizeof(guchar));
data/ario-1.6/plugins/radios/ario-radio.c:696:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (radios->str) * sizeof(guchar));
data/ario-1.6/src/covers/ario-cover-local.c:102:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (musicdir && strlen (musicdir) > 1) {
data/ario-1.6/src/covers/ario-cover-local.c:107:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (filename) > 4
data/ario-1.6/src/lib/libmpdclient.c:293:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = malloc(strlen(arg) * 2 + 1);
data/ario-1.6/src/lib/libmpdclient.c:297:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = strlen(arg)+1; i != 0; --i) {
data/ario-1.6/src/lib/libmpdclient.c:335:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(output,MPD_WELCOME_MESSAGE,strlen(MPD_WELCOME_MESSAGE))) {
data/ario-1.6/src/lib/libmpdclient.c:343:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = &output[strlen(MPD_WELCOME_MESSAGE)];
data/ario-1.6/src/lib/libmpdclient.c:353:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&output[strlen(MPD_WELCOME_MESSAGE)]);
data/ario-1.6/src/lib/libmpdclient.c:370:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(connection->buffer,"");
data/ario-1.6/src/lib/libmpdclient.c:374:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(connection->errorStr,"");
data/ario-1.6/src/lib/libmpdclient.c:439:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
connection->buflen = strlen(connection->buffer);
data/ario-1.6/src/lib/libmpdclient.c:466:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int commandLen = strlen(command);
data/ario-1.6/src/lib/libmpdclient.c:622:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(output,"ACK",strlen("ACK"))==0) {
data/ario-1.6/src/lib/libmpdclient.c:1173:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(re->value)) {
data/ario-1.6/src/lib/libmpdclient.c:1285:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("playlistinfo")+2+INTLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:1293:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("playlistid")+2+INTLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:1301:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("plchanges")+2+LONGLONGLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:1309:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("plchangesposid")+2+LONGLONGLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:1318:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("listall")+2+strlen(sDir)+3;
data/ario-1.6/src/lib/libmpdclient.c:1318:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("listall")+2+strlen(sDir)+3;
data/ario-1.6/src/lib/libmpdclient.c:1328:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("listallinfo")+2+strlen(sDir)+3;
data/ario-1.6/src/lib/libmpdclient.c:1328:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("listallinfo")+2+strlen(sDir)+3;
data/ario-1.6/src/lib/libmpdclient.c:1338:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("lsinfo")+2+strlen(sDir)+3;
data/ario-1.6/src/lib/libmpdclient.c:1338:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("lsinfo")+2+strlen(sDir)+3;
data/ario-1.6/src/lib/libmpdclient.c:1381:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen("list")+1+strlen(sanitArg1)+2+strlen(st)+3;
data/ario-1.6/src/lib/libmpdclient.c:1381:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen("list")+1+strlen(sanitArg1)+2+strlen(st)+3;
data/ario-1.6/src/lib/libmpdclient.c:1381:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen("list")+1+strlen(sanitArg1)+2+strlen(st)+3;
data/ario-1.6/src/lib/libmpdclient.c:1387:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen("list")+1+strlen(st)+2;
data/ario-1.6/src/lib/libmpdclient.c:1387:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen("list")+1+strlen(st)+2;
data/ario-1.6/src/lib/libmpdclient.c:1397:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("add")+2+strlen(sFile)+3;
data/ario-1.6/src/lib/libmpdclient.c:1397:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("add")+2+strlen(sFile)+3;
data/ario-1.6/src/lib/libmpdclient.c:1409:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("addid")+2+strlen(sFile)+3;
data/ario-1.6/src/lib/libmpdclient.c:1409:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("addid")+2+strlen(sFile)+3;
data/ario-1.6/src/lib/libmpdclient.c:1427:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("delete")+2+INTLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:1435:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("deleteid")+2+INTLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:1444:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("save")+2+strlen(sName)+3;
data/ario-1.6/src/lib/libmpdclient.c:1444:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("save")+2+strlen(sName)+3;
data/ario-1.6/src/lib/libmpdclient.c:1454:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("load")+2+strlen(sName)+3;
data/ario-1.6/src/lib/libmpdclient.c:1454:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("load")+2+strlen(sName)+3;
data/ario-1.6/src/lib/libmpdclient.c:1464:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("rm")+2+strlen(sName)+3;
data/ario-1.6/src/lib/libmpdclient.c:1464:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("rm")+2+strlen(sName)+3;
data/ario-1.6/src/lib/libmpdclient.c:1477:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("rename")+2+strlen(sFrom)+3+strlen(sTo)+3;
data/ario-1.6/src/lib/libmpdclient.c:1477:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("rename")+2+strlen(sFrom)+3+strlen(sTo)+3;
data/ario-1.6/src/lib/libmpdclient.c:1477:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("rename")+2+strlen(sFrom)+3+strlen(sTo)+3;
data/ario-1.6/src/lib/libmpdclient.c:1495:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("play")+2+INTLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:1503:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("playid")+2+INTLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:1515:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("pause")+2+INTLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:1527:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("move")+2+INTLEN+3+INTLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:1535:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("moveid")+2+INTLEN+3+INTLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:1543:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("swap")+2+INTLEN+3+INTLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:1551:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("swapid")+2+INTLEN+3+INTLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:1559:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("seek")+2+INTLEN+3+INTLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:1567:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("seekid")+2+INTLEN+3+INTLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:1576:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("update")+2+strlen(sPath)+3;
data/ario-1.6/src/lib/libmpdclient.c:1576:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("update")+2+strlen(sPath)+3;
data/ario-1.6/src/lib/libmpdclient.c:1602:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("repeat")+2+INTLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:1610:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("random")+2+INTLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:1618:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("consume")+2+INTLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:1626:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("setvol")+2+INTLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:1634:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("volume")+2+INTLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:1642:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("crossfade")+2+INTLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:1651:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("password")+2+strlen(sPass)+3;
data/ario-1.6/src/lib/libmpdclient.c:1651:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("password")+2+strlen(sPass)+3;
data/ario-1.6/src/lib/libmpdclient.c:1737:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("enableoutput")+2+INTLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:1745:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("disableoutput")+2+INTLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:1858:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 5+strlen(strtype)+1;
data/ario-1.6/src/lib/libmpdclient.c:1894:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string)+1+strlen(strtype)+2+strlen(arg)+2;
data/ario-1.6/src/lib/libmpdclient.c:1894:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string)+1+strlen(strtype)+2+strlen(arg)+2;
data/ario-1.6/src/lib/libmpdclient.c:1894:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string)+1+strlen(strtype)+2+strlen(arg)+2;
data/ario-1.6/src/lib/libmpdclient.c:1913:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(connection->request)+2;
data/ario-1.6/src/lib/libmpdclient.c:1933:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("listplaylistinfo")+2+strlen(arg)+3;
data/ario-1.6/src/lib/libmpdclient.c:1933:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("listplaylistinfo")+2+strlen(arg)+3;
data/ario-1.6/src/lib/libmpdclient.c:1951:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("listplaylist")+2+strlen(arg)+3;
data/ario-1.6/src/lib/libmpdclient.c:1951:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("listplaylist")+2+strlen(arg)+3;
data/ario-1.6/src/lib/libmpdclient.c:1962:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("playlistclear")+2+strlen(sPath)+3;
data/ario-1.6/src/lib/libmpdclient.c:1962:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("playlistclear")+2+strlen(sPath)+3;
data/ario-1.6/src/lib/libmpdclient.c:1975:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("playlistadd")+2+strlen(sPlaylist)+3+strlen(sPath)+3;
data/ario-1.6/src/lib/libmpdclient.c:1975:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("playlistadd")+2+strlen(sPlaylist)+3+strlen(sPath)+3;
data/ario-1.6/src/lib/libmpdclient.c:1975:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("playlistadd")+2+strlen(sPlaylist)+3+strlen(sPath)+3;
data/ario-1.6/src/lib/libmpdclient.c:1988:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("playlistmove")+
data/ario-1.6/src/lib/libmpdclient.c:1989:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
2+strlen(sPlaylist)+3+INTLEN+3+INTLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:2002:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("playlistdelete")+2+strlen(sPlaylist)+3+INTLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:2002:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen("playlistdelete")+2+strlen(sPlaylist)+3+INTLEN+3;
data/ario-1.6/src/lib/libmpdclient.c:2026:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (re->name &&!strncmp (re->name, "changed", strlen ("changed"))) {
data/ario-1.6/src/lyrics/ario-lyrics-letras.c:110:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
begin += strlen("<p><p>");
data/ario-1.6/src/lyrics/ario-lyrics-letras.c:126:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = (char *) g_malloc0 (strlen(lyrics->lyrics));
data/ario-1.6/src/lyrics/ario-lyrics-letras.c:127:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i + offset < strlen(lyrics->lyrics); ++i)
data/ario-1.6/src/plugins/ario-plugin-manager.c:397:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_len = strlen (case_normalized_key);
data/ario-1.6/src/preferences/ario-server-preferences.c:194:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (last_update_char && strlen(last_update_char))
data/ario-1.6/src/preferences/ario-server-preferences.c:195:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
last_update_char[strlen (last_update_char)-1] = '\0';
data/ario-1.6/src/servers/ario-xmms.c:1213:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rv = g_malloc0 (strlen (url) * 3 + 1);
data/ario-1.6/src/servers/ario-xmms.c:1427:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_length = strlen (url) + 1;
data/ario-1.6/src/sources/ario-search.c:236:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cmp_str[i]);
data/ario-1.6/src/sources/ario-storedplaylists.c:625:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (str_playlists->str) * sizeof(guchar));
data/ario-1.6/src/sources/ario-tree.c:525:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (string->str) * sizeof(guchar));
data/ario-1.6/src/widgets/ario-lyrics-editor.c:340:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen (lyrics->lyrics)) {
data/ario-1.6/src/widgets/ario-songlist.c:377:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (songlists->str) * sizeof(guchar));
ANALYSIS SUMMARY:
Hits = 209
Lines analyzed = 41193 in approximately 0.88 seconds (46733 lines/second)
Physical Source Lines of Code (SLOC) = 28628
Hits@level = [0] 64 [1] 100 [2] 83 [3] 23 [4] 3 [5] 0
Hits@level+ = [0+] 273 [1+] 209 [2+] 109 [3+] 26 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 9.53612 [1+] 7.30054 [2+] 3.80746 [3+] 0.908202 [4+] 0.104793 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.