Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/autolog-0.40+debian/autolog.c
FINAL RESULTS:
data/autolog-0.40+debian/autolog.c:270:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dev, "/dev/%s" ,utmpp->ut_line); /* append /dev/ to base name */
data/autolog-0.40+debian/autolog.c:302:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(userlst[0].Name, name);
data/autolog-0.40+debian/autolog.c:303:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(userlst[0].Device,utmpp->ut_line);
data/autolog-0.40+debian/autolog.c:318:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(userlst[userfill].Name, name);
data/autolog-0.40+debian/autolog.c:319:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(userlst[userfill].Device,utmpp->ut_line);
data/autolog-0.40+debian/autolog.c:328:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(userlst[userpos].Device,utmpp->ut_line);
data/autolog-0.40+debian/autolog.c:393:2: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(f," %s %d %s %d %d %d %d",
data/autolog-0.40+debian/autolog.c:439:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
ps_cmd = strcpy((char *)malloc(strlen(s)+1),s+3);
data/autolog-0.40+debian/autolog.c:452:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
c_arr[c_idx].name=strcpy((char *)malloc(strlen(s)+1),s);
data/autolog-0.40+debian/autolog.c:454:27: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
c_arr[c_idx].group=strcpy((char *)malloc(strlen(s)+1),s);
data/autolog-0.40+debian/autolog.c:456:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
c_arr[c_idx].line=strcpy((char *)malloc(strlen(s)+1),s);
data/autolog-0.40+debian/autolog.c:562:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name,akt_usr->Name );
data/autolog-0.40+debian/autolog.c:563:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dev, akt_usr->Device);
data/autolog-0.40+debian/autolog.c:575:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ddev,"/dev/%s",dev); /* append /dev/ to base name */
data/autolog-0.40+debian/autolog.c:591:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name,passwd_entry->pw_name);
data/autolog-0.40+debian/autolog.c:747:16: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (!(ps = popen(ps_cmd, "r")) ){
data/autolog-0.40+debian/autolog.c:857:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (mbuf,"clear >%s",dev);
data/autolog-0.40+debian/autolog.c:858:2: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (mbuf);
data/autolog-0.40+debian/autolog.c:878:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (mbuf,"clear >%s",dev);
data/autolog-0.40+debian/autolog.c:879:2: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (mbuf);
data/autolog-0.40+debian/autolog.c:902:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (mbuf,"clear >%s",dev);
data/autolog-0.40+debian/autolog.c:903:2: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (mbuf);
data/autolog-0.40+debian/autolog.c:934:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mbuf, "/usr/bin/mail -s \"++WARNING - LOG-OFF ++\" %s", name);
data/autolog-0.40+debian/autolog.c:936:16: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (!(mprog = popen(mbuf, "w")) ){
data/autolog-0.40+debian/autolog.c:959:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mbuf, "/usr/bin/mail -s \"Logged off, you were idle\" %s", name);
data/autolog-0.40+debian/autolog.c:961:27: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (!(mprog = popen(mbuf, "w")) ){
data/autolog-0.40+debian/autolog.c:975:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mbuf, "/usr/bin/mail -s \"Couldn't log out [%s] \" root",name);
data/autolog-0.40+debian/autolog.c:976:26: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((mprog = popen(mbuf, "w")) == (FILE *) NULL){
data/autolog-0.40+debian/autolog.c:988:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "%-20s %-8s %-5s idle:%3d sess:%3d",
data/autolog-0.40+debian/autolog.c:1003:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_time,"%s",ctime(&pres_time)+3);
data/autolog-0.40+debian/autolog.c:1014:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "** ERROR ** %s", message);
data/autolog-0.40+debian/autolog.c:1042:16: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (!(ps = popen(ps_cmd, "r")) ){
data/autolog-0.40+debian/autolog.c:1058:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mbuf,"Dead , killed: %-10s %5d : %5d",ps_name,uid,pid);
data/autolog-0.40+debian/autolog.c:1069:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(userlst[0].Name, ps_name);
data/autolog-0.40+debian/autolog.c:1075:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mbuf,"Lost, killed: %-10s %5d : %5d",ps_name,uid,pid);
data/autolog-0.40+debian/autolog.c:1080:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mbuf,"Left, killed: %-10s %5d : %5d",ps_name,uid,pid);
data/autolog-0.40+debian/autolog.c:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Name[20]; /* Name of user. */
data/autolog-0.40+debian/autolog.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Device[20]; /* Outputdevice with the minimum idle-time */
data/autolog-0.40+debian/autolog.c:176:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 't': g_idle = atoi(argv[++i]); break;
data/autolog-0.40+debian/autolog.c:177:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'g': g_grace = atoi(argv[++i]); break;
data/autolog-0.40+debian/autolog.c:260:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[STRLEN], name[STRLEN], prname[STRLEN];
data/autolog-0.40+debian/autolog.c:262:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[80];
data/autolog-0.40+debian/autolog.c:269:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(prname,"/proc/%d",utmpp->ut_pid); /* append /proc/ to proclist */
data/autolog-0.40+debian/autolog.c:356:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f=fopen(datfname,"w+"))) {
data/autolog-0.40+debian/autolog.c:379:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f=fopen(datfname,"r"))) { return 0; }
data/autolog-0.40+debian/autolog.c:423:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s, iline[LINELEN];
data/autolog-0.40+debian/autolog.c:427:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f=fopen(confname, "r")) ){
data/autolog-0.40+debian/autolog.c:458:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c_arr[c_idx].idle=atoi(s);
data/autolog-0.40+debian/autolog.c:460:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c_arr[c_idx].grace=atoi(s);
data/autolog-0.40+debian/autolog.c:462:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c_arr[c_idx].ban =atoi(s);
data/autolog-0.40+debian/autolog.c:552:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ddev[STRLEN],*gn = ".*";
data/autolog-0.40+debian/autolog.c:553:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[STRLEN], name[STRLEN], prname[STRLEN];
data/autolog-0.40+debian/autolog.c:738:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char prname[LINELEN], iline[LINELEN];
data/autolog-0.40+debian/autolog.c:757:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid = atoi(ps_pid);
data/autolog-0.40+debian/autolog.c:759:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(prname,"/proc/%d",pid); /* append /proc/ to proclist */
data/autolog-0.40+debian/autolog.c:843:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbuf[LINELEN]; /* message buffer */
data/autolog-0.40+debian/autolog.c:851:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(dev, "w")) ){
data/autolog-0.40+debian/autolog.c:873:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(dev, "w")) ){
data/autolog-0.40+debian/autolog.c:897:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(dev, "w")) ){
data/autolog-0.40+debian/autolog.c:987:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[100];
data/autolog-0.40+debian/autolog.c:998:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_time[30];
data/autolog-0.40+debian/autolog.c:1001:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log = fopen(logfname, "a"); /* open to append */
data/autolog-0.40+debian/autolog.c:1013:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[100]; /* Try to log the message. */
data/autolog-0.40+debian/autolog.c:1029:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char prname[LINELEN], iline[LINELEN];
data/autolog-0.40+debian/autolog.c:1037:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbuf[LINELEN]; /* message buffer */
data/autolog-0.40+debian/autolog.c:1052:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid = atoi(ps_pid);
data/autolog-0.40+debian/autolog.c:1054:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(prname,"/proc/%d",pid); /* append /proc/ to proclist */
data/autolog-0.40+debian/autolog.c:276:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(msg)){
data/autolog-0.40+debian/autolog.c:295:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, utmpp->ut_user, UT_NAMESIZE); /* get user name */
data/autolog-0.40+debian/autolog.c:433:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*iline == '#' || strlen(iline) <= 1)
data/autolog-0.40+debian/autolog.c:439:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ps_cmd = strcpy((char *)malloc(strlen(s)+1),s+3);
data/autolog-0.40+debian/autolog.c:452:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c_arr[c_idx].name=strcpy((char *)malloc(strlen(s)+1),s);
data/autolog-0.40+debian/autolog.c:454:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c_arr[c_idx].group=strcpy((char *)malloc(strlen(s)+1),s);
data/autolog-0.40+debian/autolog.c:456:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c_arr[c_idx].line=strcpy((char *)malloc(strlen(s)+1),s);
data/autolog-0.40+debian/autolog.c:523:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(patt+256);
data/autolog-0.40+debian/autolog.c:528:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!re_compile_pattern(patt,strlen(patt),&rpb))
data/autolog-0.40+debian/autolog.c:530:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (re_match(&rpb,strg,strlen(strg),0,0) == strlen(strg))
data/autolog-0.40+debian/autolog.c:530:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (re_match(&rpb,strg,strlen(strg),0,0) == strlen(strg))
data/autolog-0.40+debian/autolog.c:628:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(akt_usr->Device, "."); /* "Flag": user logged out. */
data/autolog-0.40+debian/autolog.c:1004:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_time[strlen(str_time)-1]=0;
data/autolog-0.40+debian/autolog.c:1078:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(strlen(userlst[userpos].Device)==1){ /* "." */
data/autolog-0.40+debian/autolog.c:1088:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i=strlen(iline);
data/autolog-0.40+debian/autolog.c:1095:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i=strlen(iline);
ANALYSIS SUMMARY:
Hits = 83
Lines analyzed = 1099 in approximately 0.08 seconds (13993 lines/second)
Physical Source Lines of Code (SLOC) = 841
Hits@level = [0] 110 [1] 16 [2] 31 [3] 0 [4] 36 [5] 0
Hits@level+ = [0+] 193 [1+] 83 [2+] 67 [3+] 36 [4+] 36 [5+] 0
Hits/KSLOC@level+ = [0+] 229.489 [1+] 98.692 [2+] 79.6671 [3+] 42.8062 [4+] 42.8062 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.