Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/epiphany-browser-3.38.1/embed/contrib/gd-tagged-entry.c
Examining data/epiphany-browser-3.38.1/embed/contrib/gd-tagged-entry.h
Examining data/epiphany-browser-3.38.1/embed/ephy-about-handler.c
Examining data/epiphany-browser-3.38.1/embed/ephy-about-handler.h
Examining data/epiphany-browser-3.38.1/embed/ephy-download.c
Examining data/epiphany-browser-3.38.1/embed/ephy-download.h
Examining data/epiphany-browser-3.38.1/embed/ephy-downloads-manager.c
Examining data/epiphany-browser-3.38.1/embed/ephy-downloads-manager.h
Examining data/epiphany-browser-3.38.1/embed/ephy-embed-container.c
Examining data/epiphany-browser-3.38.1/embed/ephy-embed-container.h
Examining data/epiphany-browser-3.38.1/embed/ephy-embed-event.c
Examining data/epiphany-browser-3.38.1/embed/ephy-embed-event.h
Examining data/epiphany-browser-3.38.1/embed/ephy-embed-prefs.c
Examining data/epiphany-browser-3.38.1/embed/ephy-embed-prefs.h
Examining data/epiphany-browser-3.38.1/embed/ephy-embed-shell.c
Examining data/epiphany-browser-3.38.1/embed/ephy-embed-shell.h
Examining data/epiphany-browser-3.38.1/embed/ephy-embed-utils.c
Examining data/epiphany-browser-3.38.1/embed/ephy-embed-utils.h
Examining data/epiphany-browser-3.38.1/embed/ephy-embed.c
Examining data/epiphany-browser-3.38.1/embed/ephy-embed.h
Examining data/epiphany-browser-3.38.1/embed/ephy-encoding.c
Examining data/epiphany-browser-3.38.1/embed/ephy-encoding.h
Examining data/epiphany-browser-3.38.1/embed/ephy-encodings.c
Examining data/epiphany-browser-3.38.1/embed/ephy-encodings.h
Examining data/epiphany-browser-3.38.1/embed/ephy-file-monitor.c
Examining data/epiphany-browser-3.38.1/embed/ephy-file-monitor.h
Examining data/epiphany-browser-3.38.1/embed/ephy-filters-manager.c
Examining data/epiphany-browser-3.38.1/embed/ephy-filters-manager.h
Examining data/epiphany-browser-3.38.1/embed/ephy-find-toolbar.c
Examining data/epiphany-browser-3.38.1/embed/ephy-find-toolbar.h
Examining data/epiphany-browser-3.38.1/embed/ephy-pdf-handler.c
Examining data/epiphany-browser-3.38.1/embed/ephy-pdf-handler.h
Examining data/epiphany-browser-3.38.1/embed/ephy-reader-handler.c
Examining data/epiphany-browser-3.38.1/embed/ephy-reader-handler.h
Examining data/epiphany-browser-3.38.1/embed/ephy-view-source-handler.c
Examining data/epiphany-browser-3.38.1/embed/ephy-view-source-handler.h
Examining data/epiphany-browser-3.38.1/embed/ephy-web-view.c
Examining data/epiphany-browser-3.38.1/embed/ephy-web-view.h
Examining data/epiphany-browser-3.38.1/embed/web-process-extension/ephy-web-overview-model.c
Examining data/epiphany-browser-3.38.1/embed/web-process-extension/ephy-web-overview-model.h
Examining data/epiphany-browser-3.38.1/embed/web-process-extension/ephy-web-process-extension-main.c
Examining data/epiphany-browser-3.38.1/embed/web-process-extension/ephy-web-process-extension.c
Examining data/epiphany-browser-3.38.1/embed/web-process-extension/ephy-web-process-extension.h
Examining data/epiphany-browser-3.38.1/lib/contrib/eggtreemultidnd.c
Examining data/epiphany-browser-3.38.1/lib/contrib/eggtreemultidnd.h
Examining data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c
Examining data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.h
Examining data/epiphany-browser-3.38.1/lib/ephy-debug.c
Examining data/epiphany-browser-3.38.1/lib/ephy-debug.h
Examining data/epiphany-browser-3.38.1/lib/ephy-dnd.c
Examining data/epiphany-browser-3.38.1/lib/ephy-dnd.h
Examining data/epiphany-browser-3.38.1/lib/ephy-favicon-helpers.c
Examining data/epiphany-browser-3.38.1/lib/ephy-favicon-helpers.h
Examining data/epiphany-browser-3.38.1/lib/ephy-file-helpers.c
Examining data/epiphany-browser-3.38.1/lib/ephy-file-helpers.h
Examining data/epiphany-browser-3.38.1/lib/ephy-flatpak-utils.h
Examining data/epiphany-browser-3.38.1/lib/ephy-gui.c
Examining data/epiphany-browser-3.38.1/lib/ephy-gui.h
Examining data/epiphany-browser-3.38.1/lib/ephy-langs.c
Examining data/epiphany-browser-3.38.1/lib/ephy-langs.h
Examining data/epiphany-browser-3.38.1/lib/ephy-notification-container.c
Examining data/epiphany-browser-3.38.1/lib/ephy-notification-container.h
Examining data/epiphany-browser-3.38.1/lib/ephy-notification.c
Examining data/epiphany-browser-3.38.1/lib/ephy-notification.h
Examining data/epiphany-browser-3.38.1/lib/ephy-permissions-manager.c
Examining data/epiphany-browser-3.38.1/lib/ephy-permissions-manager.h
Examining data/epiphany-browser-3.38.1/lib/ephy-prefs.h
Examining data/epiphany-browser-3.38.1/lib/ephy-profile-utils.c
Examining data/epiphany-browser-3.38.1/lib/ephy-profile-utils.h
Examining data/epiphany-browser-3.38.1/lib/ephy-search-engine-manager.c
Examining data/epiphany-browser-3.38.1/lib/ephy-search-engine-manager.h
Examining data/epiphany-browser-3.38.1/lib/ephy-security-levels.c
Examining data/epiphany-browser-3.38.1/lib/ephy-security-levels.h
Examining data/epiphany-browser-3.38.1/lib/ephy-settings.c
Examining data/epiphany-browser-3.38.1/lib/ephy-settings.h
Examining data/epiphany-browser-3.38.1/lib/ephy-signal-accumulator.c
Examining data/epiphany-browser-3.38.1/lib/ephy-signal-accumulator.h
Examining data/epiphany-browser-3.38.1/lib/ephy-smaps.c
Examining data/epiphany-browser-3.38.1/lib/ephy-smaps.h
Examining data/epiphany-browser-3.38.1/lib/ephy-snapshot-service.c
Examining data/epiphany-browser-3.38.1/lib/ephy-snapshot-service.h
Examining data/epiphany-browser-3.38.1/lib/ephy-sqlite-connection.c
Examining data/epiphany-browser-3.38.1/lib/ephy-sqlite-connection.h
Examining data/epiphany-browser-3.38.1/lib/ephy-sqlite-statement.c
Examining data/epiphany-browser-3.38.1/lib/ephy-sqlite-statement.h
Examining data/epiphany-browser-3.38.1/lib/ephy-sqlite.h
Examining data/epiphany-browser-3.38.1/lib/ephy-string.c
Examining data/epiphany-browser-3.38.1/lib/ephy-string.h
Examining data/epiphany-browser-3.38.1/lib/ephy-suggestion.c
Examining data/epiphany-browser-3.38.1/lib/ephy-suggestion.h
Examining data/epiphany-browser-3.38.1/lib/ephy-sync-utils.c
Examining data/epiphany-browser-3.38.1/lib/ephy-sync-utils.h
Examining data/epiphany-browser-3.38.1/lib/ephy-time-helpers.c
Examining data/epiphany-browser-3.38.1/lib/ephy-time-helpers.h
Examining data/epiphany-browser-3.38.1/lib/ephy-uri-helpers.c
Examining data/epiphany-browser-3.38.1/lib/ephy-uri-helpers.h
Examining data/epiphany-browser-3.38.1/lib/ephy-user-agent.c
Examining data/epiphany-browser-3.38.1/lib/ephy-user-agent.h
Examining data/epiphany-browser-3.38.1/lib/ephy-web-app-utils.c
Examining data/epiphany-browser-3.38.1/lib/ephy-web-app-utils.h
Examining data/epiphany-browser-3.38.1/lib/ephy-zoom.c
Examining data/epiphany-browser-3.38.1/lib/ephy-zoom.h
Examining data/epiphany-browser-3.38.1/lib/history/ephy-history-service-hosts-table.c
Examining data/epiphany-browser-3.38.1/lib/history/ephy-history-service-private.h
Examining data/epiphany-browser-3.38.1/lib/history/ephy-history-service-urls-table.c
Examining data/epiphany-browser-3.38.1/lib/history/ephy-history-service-visits-table.c
Examining data/epiphany-browser-3.38.1/lib/history/ephy-history-service.c
Examining data/epiphany-browser-3.38.1/lib/history/ephy-history-service.h
Examining data/epiphany-browser-3.38.1/lib/history/ephy-history-types.c
Examining data/epiphany-browser-3.38.1/lib/history/ephy-history-types.h
Examining data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-service.c
Examining data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-service.h
Examining data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-storage.c
Examining data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-storage.h
Examining data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-utils.c
Examining data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-utils.h
Examining data/epiphany-browser-3.38.1/lib/sync/debug/ephy-sync-debug.c
Examining data/epiphany-browser-3.38.1/lib/sync/debug/ephy-sync-debug.h
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-history-manager.c
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-history-manager.h
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-history-record.c
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-history-record.h
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-open-tabs-manager.c
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-open-tabs-manager.h
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-open-tabs-record.c
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-open-tabs-record.h
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-password-import.c
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-password-import.h
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-password-manager.c
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-password-manager.h
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-password-record.c
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-password-record.h
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.h
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-sync-service.c
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-sync-service.h
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-synchronizable-manager.c
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-synchronizable-manager.h
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-synchronizable.c
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-synchronizable.h
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-tabs-catalog.c
Examining data/epiphany-browser-3.38.1/lib/sync/ephy-tabs-catalog.h
Examining data/epiphany-browser-3.38.1/lib/widgets/contrib/nautilus-floating-bar.c
Examining data/epiphany-browser-3.38.1/lib/widgets/contrib/nautilus-floating-bar.h
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-certificate-dialog.c
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-certificate-dialog.h
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-download-widget.c
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-download-widget.h
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-downloads-popover.c
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-downloads-popover.h
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-downloads-progress-icon.c
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-downloads-progress-icon.h
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-file-chooser.c
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-file-chooser.h
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-location-entry.c
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-location-entry.h
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-security-popover.c
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-security-popover.h
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-title-box.c
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-title-box.h
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-title-widget.c
Examining data/epiphany-browser-3.38.1/lib/widgets/ephy-title-widget.h
Examining data/epiphany-browser-3.38.1/lib/ephy-flatpak-utils.c
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-add-bookmark-popover.c
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-add-bookmark-popover.h
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmark-properties-grid.c
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmark-properties-grid.h
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmark-row.c
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmark-row.h
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmark.c
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmark.h
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmarks-export.c
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmarks-export.h
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmarks-import.c
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmarks-import.h
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmarks-manager.c
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmarks-manager.h
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmarks-popover.c
Examining data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmarks-popover.h
Examining data/epiphany-browser-3.38.1/src/ephy-action-bar-end.c
Examining data/epiphany-browser-3.38.1/src/ephy-action-bar-end.h
Examining data/epiphany-browser-3.38.1/src/ephy-action-bar-start.c
Examining data/epiphany-browser-3.38.1/src/ephy-action-bar-start.h
Examining data/epiphany-browser-3.38.1/src/ephy-action-bar.c
Examining data/epiphany-browser-3.38.1/src/ephy-action-bar.h
Examining data/epiphany-browser-3.38.1/src/ephy-action-helper.c
Examining data/epiphany-browser-3.38.1/src/ephy-action-helper.h
Examining data/epiphany-browser-3.38.1/src/ephy-adaptive-mode.h
Examining data/epiphany-browser-3.38.1/src/ephy-desktop-utils.c
Examining data/epiphany-browser-3.38.1/src/ephy-desktop-utils.h
Examining data/epiphany-browser-3.38.1/src/ephy-encoding-dialog.c
Examining data/epiphany-browser-3.38.1/src/ephy-encoding-dialog.h
Examining data/epiphany-browser-3.38.1/src/ephy-encoding-row.c
Examining data/epiphany-browser-3.38.1/src/ephy-encoding-row.h
Examining data/epiphany-browser-3.38.1/src/ephy-header-bar.c
Examining data/epiphany-browser-3.38.1/src/ephy-header-bar.h
Examining data/epiphany-browser-3.38.1/src/ephy-history-dialog.c
Examining data/epiphany-browser-3.38.1/src/ephy-history-dialog.h
Examining data/epiphany-browser-3.38.1/src/ephy-link.c
Examining data/epiphany-browser-3.38.1/src/ephy-link.h
Examining data/epiphany-browser-3.38.1/src/ephy-location-controller.c
Examining data/epiphany-browser-3.38.1/src/ephy-location-controller.h
Examining data/epiphany-browser-3.38.1/src/ephy-lockdown.c
Examining data/epiphany-browser-3.38.1/src/ephy-lockdown.h
Examining data/epiphany-browser-3.38.1/src/ephy-main.c
Examining data/epiphany-browser-3.38.1/src/ephy-mouse-gesture-controller.c
Examining data/epiphany-browser-3.38.1/src/ephy-mouse-gesture-controller.h
Examining data/epiphany-browser-3.38.1/src/ephy-notebook.c
Examining data/epiphany-browser-3.38.1/src/ephy-notebook.h
Examining data/epiphany-browser-3.38.1/src/ephy-page-row.c
Examining data/epiphany-browser-3.38.1/src/ephy-page-row.h
Examining data/epiphany-browser-3.38.1/src/ephy-pages-button.c
Examining data/epiphany-browser-3.38.1/src/ephy-pages-button.h
Examining data/epiphany-browser-3.38.1/src/ephy-pages-popover.c
Examining data/epiphany-browser-3.38.1/src/ephy-pages-popover.h
Examining data/epiphany-browser-3.38.1/src/ephy-pages-view.c
Examining data/epiphany-browser-3.38.1/src/ephy-pages-view.h
Examining data/epiphany-browser-3.38.1/src/ephy-session.c
Examining data/epiphany-browser-3.38.1/src/ephy-session.h
Examining data/epiphany-browser-3.38.1/src/ephy-shell.c
Examining data/epiphany-browser-3.38.1/src/ephy-shell.h
Examining data/epiphany-browser-3.38.1/src/ephy-suggestion-model.c
Examining data/epiphany-browser-3.38.1/src/ephy-suggestion-model.h
Examining data/epiphany-browser-3.38.1/src/ephy-tab-header-bar.c
Examining data/epiphany-browser-3.38.1/src/ephy-tab-header-bar.h
Examining data/epiphany-browser-3.38.1/src/ephy-tab-label.c
Examining data/epiphany-browser-3.38.1/src/ephy-tab-label.h
Examining data/epiphany-browser-3.38.1/src/ephy-window.c
Examining data/epiphany-browser-3.38.1/src/ephy-window.h
Examining data/epiphany-browser-3.38.1/src/popup-commands.c
Examining data/epiphany-browser-3.38.1/src/popup-commands.h
Examining data/epiphany-browser-3.38.1/src/preferences/clear-data-view.c
Examining data/epiphany-browser-3.38.1/src/preferences/clear-data-view.h
Examining data/epiphany-browser-3.38.1/src/preferences/ephy-data-view.c
Examining data/epiphany-browser-3.38.1/src/preferences/ephy-data-view.h
Examining data/epiphany-browser-3.38.1/src/preferences/ephy-prefs-dialog.c
Examining data/epiphany-browser-3.38.1/src/preferences/ephy-prefs-dialog.h
Examining data/epiphany-browser-3.38.1/src/preferences/ephy-search-engine-dialog.c
Examining data/epiphany-browser-3.38.1/src/preferences/ephy-search-engine-dialog.h
Examining data/epiphany-browser-3.38.1/src/preferences/passwords-view.c
Examining data/epiphany-browser-3.38.1/src/preferences/passwords-view.h
Examining data/epiphany-browser-3.38.1/src/preferences/prefs-appearance-page.c
Examining data/epiphany-browser-3.38.1/src/preferences/prefs-appearance-page.h
Examining data/epiphany-browser-3.38.1/src/preferences/prefs-general-page.c
Examining data/epiphany-browser-3.38.1/src/preferences/prefs-general-page.h
Examining data/epiphany-browser-3.38.1/src/preferences/prefs-privacy-page.c
Examining data/epiphany-browser-3.38.1/src/preferences/prefs-privacy-page.h
Examining data/epiphany-browser-3.38.1/src/preferences/prefs-sync-page.c
Examining data/epiphany-browser-3.38.1/src/preferences/prefs-sync-page.h
Examining data/epiphany-browser-3.38.1/src/preferences/synced-tabs-dialog.c
Examining data/epiphany-browser-3.38.1/src/preferences/synced-tabs-dialog.h
Examining data/epiphany-browser-3.38.1/src/preferences/webapp-additional-urls-dialog.c
Examining data/epiphany-browser-3.38.1/src/preferences/webapp-additional-urls-dialog.h
Examining data/epiphany-browser-3.38.1/src/profile-migrator/ephy-profile-migrator.c
Examining data/epiphany-browser-3.38.1/src/search-provider/ephy-search-provider-main.c
Examining data/epiphany-browser-3.38.1/src/search-provider/ephy-search-provider.c
Examining data/epiphany-browser-3.38.1/src/search-provider/ephy-search-provider.h
Examining data/epiphany-browser-3.38.1/src/window-commands.c
Examining data/epiphany-browser-3.38.1/src/window-commands.h
Examining data/epiphany-browser-3.38.1/tests/ephy-download-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-embed-shell-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-embed-utils-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-encodings-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-file-helpers-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-gsb-service-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-history-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-location-entry-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-migration-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-session-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-shell-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-snapshot-service-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-sqlite-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-string-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-test-utils.c
Examining data/epiphany-browser-3.38.1/tests/ephy-test-utils.h
Examining data/epiphany-browser-3.38.1/tests/ephy-web-app-utils-test.c
Examining data/epiphany-browser-3.38.1/tests/ephy-web-view-test.c
Examining data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-builder.c
Examining data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-builder.h
Examining data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-format.h
Examining data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-reader.c
Examining data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-reader.h
FINAL RESULTS:
data/epiphany-browser-3.38.1/lib/ephy-snapshot-service.c:196:3: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (tmp_path, 0600);
data/epiphany-browser-3.38.1/src/preferences/prefs-general-page.c:572:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
char *system, *text;
data/epiphany-browser-3.38.1/src/preferences/prefs-general-page.c:582:62: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
"System languages (%s)", n_sys_langs), system);
data/epiphany-browser-3.38.1/src/preferences/prefs-general-page.c:591:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
g_free (system);
data/epiphany-browser-3.38.1/src/preferences/prefs-general-page.c:741:62: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
"System languages (%s)", n_sys_langs), system);
data/epiphany-browser-3.38.1/embed/ephy-pdf-handler.c:204:40: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
tmp_file = g_strdup_printf ("%s/%s", g_get_tmp_dir (), g_path_get_basename (suggested_filename));
data/epiphany-browser-3.38.1/lib/ephy-file-helpers.c:95:35: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
full_name = g_build_filename (g_get_tmp_dir (), partial_name,
data/epiphany-browser-3.38.1/lib/ephy-file-helpers.c:118:28: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
return g_build_filename (g_get_home_dir (), _("Downloads"), NULL);
data/epiphany-browser-3.38.1/lib/ephy-file-helpers.c:175:28: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
return g_build_filename (g_get_home_dir (), _("Desktop"), NULL);
data/epiphany-browser-3.38.1/lib/ephy-file-helpers.c:393:20: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_get_tmp_dir ());
data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-service.c:113:61: [3] (random) g_random_double:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
duration = (1 << self->back_off_num_fails++) * 15 * 60 * (g_random_double () + 1);
data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmarks-import.c:233:32: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
filename = g_build_filename (g_get_home_dir (),
data/epiphany-browser-3.38.1/src/window-commands.c:176:32: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
filename = g_build_filename (g_get_home_dir (),
data/epiphany-browser-3.38.1/tests/ephy-gsb-service-test.c:234:31: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
db_path = g_build_filename (g_get_tmp_dir (), "gsb-threats-test.db", NULL);
data/epiphany-browser-3.38.1/tests/ephy-history-test.c:34:34: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
filename = g_build_filename (g_get_tmp_dir (), "epiphany-history-test.db", NULL);
data/epiphany-browser-3.38.1/tests/ephy-sqlite-test.c:35:38: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
temporary_file = g_build_filename (g_get_tmp_dir (), "epiphany-sqlite-test.db", NULL);
data/epiphany-browser-3.38.1/tests/ephy-sqlite-test.c:48:38: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
temporary_file = g_build_filename (g_get_tmp_dir (), "directory-that-does-not-exist", "epiphany_sqlite_test.db", NULL);
data/epiphany-browser-3.38.1/tests/ephy-sqlite-test.c:66:38: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
temporary_file = g_build_filename (g_get_tmp_dir (), "epiphany-sqlite-test.db", NULL);
data/epiphany-browser-3.38.1/tests/ephy-sqlite-test.c:136:38: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
temporary_file = g_build_filename (g_get_tmp_dir (), "epiphany-sqlite-test.db", NULL);
data/epiphany-browser-3.38.1/tests/ephy-sqlite-test.c:158:38: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
temporary_file = g_build_filename (g_get_tmp_dir (), "epiphany-sqlite-test.db", NULL);
data/epiphany-browser-3.38.1/tests/ephy-sqlite-test.c:202:38: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
temporary_file = g_build_filename (g_get_tmp_dir (), "epiphany-sqlite-test.db", NULL);
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:686:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char first[8] = { 0 };
data/epiphany-browser-3.38.1/lib/ephy-permissions-manager.c:292:64: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
origin = webkit_security_origin_new (tokens[4], tokens[5], atoi (tokens[6]));
data/epiphany-browser-3.38.1/lib/ephy-profile-utils.c:100:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv[8] = { PKGLIBEXECDIR "/" EPHY_PROFILE_MIGRATOR, "-v" };
data/epiphany-browser-3.38.1/lib/ephy-time-helpers.c:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[4], buffer[512];
data/epiphany-browser-3.38.1/lib/ephy-web-app-utils.h:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char install_date[128];
data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-storage.c:1331:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (prefixes + i * GSB_RICE_PREFIX_LEN, &items[i], GSB_RICE_PREFIX_LEN);
data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-utils.c:60:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (reader->data, data, data_len);
data/epiphany-browser-3.38.1/lib/sync/ephy-password-import.c:86:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[16] = {0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20};
data/epiphany-browser-3.38.1/lib/sync/ephy-password-import.c:87:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char salt[9] = {'s', 'a', 'l', 't', 'y', 's', 'a', 'l', 't'};
data/epiphany-browser-3.38.1/lib/sync/ephy-password-import.c:88:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[16];
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:512:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (out, bytes, out_len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:518:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (out + out_len, next, next_len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:593:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (*token_id, out, len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:594:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (*req_hmac_key, out + len, len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:595:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (*request_key, out + 2 * len, len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:635:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (*token_id, out1, len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:636:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (*req_hmac_key, out1 + len, len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:637:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (key_request_key, out1 + 2 * len, len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:646:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (*resp_hmac_key, out2, len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:647:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (*resp_xor_key, out2 + len, 2 * len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:717:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ciphertext, bundle, 2 * len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:718:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (resp_hmac, bundle + 2 * len, len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:734:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (*ka, xored, len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:736:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wrap_kb, xored + len, len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:928:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (out, text, text_len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:1057:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (out, data, out_len);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-service.c:75:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const secrets[LAST_SECRET] = {
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-service.c:203:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data->req_hmac_key, req_hmac_key, 32);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-service.c:205:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data->resp_hmac_key, resp_hmac_key, 32);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-service.c:207:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data->resp_xor_key, resp_xor_key, 2 * 32);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-service.c:627:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
header = (char *)ephy_sync_utils_base64_urlsafe_decode (pieces[0], &len, TRUE);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-service.c:628:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
payload = (char *)ephy_sync_utils_base64_urlsafe_decode (pieces[1], &len, TRUE);
data/epiphany-browser-3.38.1/src/ephy-location-controller.c:112:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
gtk_entry_set_text (entry, (char *)uris[0]);
data/epiphany-browser-3.38.1/src/ephy-location-controller.c:161:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi (split[1]) != 0) {
data/epiphany-browser-3.38.1/src/ephy-location-controller.c:171:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
window = g_list_nth_data (windows, atoi (split[1]));
data/epiphany-browser-3.38.1/src/ephy-location-controller.c:177:61: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gtk_notebook_set_current_page (GTK_NOTEBOOK (notebook), atoi (split[0]));
data/epiphany-browser-3.38.1/src/ephy-session.c:1374:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/epiphany-browser-3.38.1/src/ephy-window.c:85:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *accelerators[9];
data/epiphany-browser-3.38.1/src/ephy-window.c:2579:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tab_number = atoi (action_name + strlen ("accel-"));
data/epiphany-browser-3.38.1/src/ephy-window.c:2600:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tab_number = atoi (actions[i] + strlen ("accel-"));
data/epiphany-browser-3.38.1/tests/ephy-gsb-service-test.c:93:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *hashes_hex[64];
data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-builder.c:295:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (chunk->data, string, length);
data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-builder.c:333:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (chunk (sizeof bloom_hdr), &bloom_hdr, sizeof bloom_hdr);
data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-builder.c:334:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (chunk (sizeof table_hdr), &table_hdr, sizeof table_hdr);
data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-reader.c:287:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
hash_value = (hash_value * 33) + ((signed char *) key)[key_length];
data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-reader.c:445:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (fullname, parent_name, parent_length);
data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-reader.c:446:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (fullname + parent_length, name, name_length);
data/epiphany-browser-3.38.1/embed/ephy-about-handler.c:92:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data_length = data_length != -1 ? data_length : (gssize)strlen (data);
data/epiphany-browser-3.38.1/embed/ephy-download.c:241:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
position = strlen (destination_filename);
data/epiphany-browser-3.38.1/embed/ephy-embed-utils.c:283:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return g_strconcat (EPHY_ABOUT_SCHEME, address + strlen ("about"), NULL);
data/epiphany-browser-3.38.1/embed/ephy-encoding.c:103:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q = result = g_malloc (strlen (original) + 1);
data/epiphany-browser-3.38.1/embed/ephy-find-toolbar.c:219:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (toolbar->find_string) == 0) {
data/epiphany-browser-3.38.1/embed/ephy-find-toolbar.c:650:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen (str_value))
data/epiphany-browser-3.38.1/embed/ephy-pdf-handler.c:95:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data_length = MIN (strlen (data), G_MAXSSIZE);
data/epiphany-browser-3.38.1/embed/ephy-pdf-handler.c:225:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modified_uri = original_uri + strlen ("ephy-pdf:");
data/epiphany-browser-3.38.1/embed/ephy-reader-handler.c:95:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data_length = MIN (strlen (data), G_MAXSSIZE);
data/epiphany-browser-3.38.1/embed/ephy-view-source-handler.c:93:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data_length = MIN (strlen (data), G_MAXSSIZE);
data/epiphany-browser-3.38.1/embed/ephy-web-view.c:754:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
view->display_address = ephy_uri_decode (view->address + strlen (EPHY_PDF_SCHEME) + 1);
data/epiphany-browser-3.38.1/embed/ephy-web-view.c:2817:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return view->address + strlen (EPHY_READER_SCHEME) + 1;
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:450:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (old_locale->name) > strlen (locale->name)) {
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:450:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (old_locale->name) > strlen (locale->name)) {
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:655:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (code);
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:744:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (code);
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:819:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (*attr_values) != 2) {
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:827:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (*attr_values) != 3) {
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:835:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (*attr_values) != 3) {
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:843:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (*attr_values) != 2 &&
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:844:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (*attr_values) != 3) {
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:911:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (*attr_values) != 2) {
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:919:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (*attr_values) != 3) {
data/epiphany-browser-3.38.1/lib/contrib/gnome-languages.c:927:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (*attr_values) != 3) {
data/epiphany-browser-3.38.1/lib/ephy-snapshot-service.c:81:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_checksum_update (checksum, (const guchar *)uri, strlen (uri));
data/epiphany-browser-3.38.1/lib/ephy-string.c:121:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (new_str, str, bytes);
data/epiphany-browser-3.38.1/lib/ephy-string.c:122:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (new_str, "…");
data/epiphany-browser-3.38.1/lib/ephy-string.c:152:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str);
data/epiphany-browser-3.38.1/lib/ephy-string.c:154:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = g_string_sized_new (len + 6 * strlen (COLLATION_SENTINEL));
data/epiphany-browser-3.38.1/lib/ephy-string.c:261:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
to_find_len = strlen (to_find);
data/epiphany-browser-3.38.1/lib/ephy-string.c:292:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (string, start, strlen (start) + 1);
data/epiphany-browser-3.38.1/lib/ephy-string.c:312:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (gssize i = strlen (string) - 1; i >= 0 && string[i] == ch; i--)
data/epiphany-browser-3.38.1/lib/ephy-sync-utils.c:82:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
decoded = g_malloc (strlen (hex) / 2);
data/epiphany-browser-3.38.1/lib/ephy-sync-utils.c:83:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (gsize i = 0, j = 0; i < strlen (hex); i += 2, j++)
data/epiphany-browser-3.38.1/lib/ephy-sync-utils.c:115:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = strlen (base64) - 1;
data/epiphany-browser-3.38.1/lib/ephy-sync-utils.c:119:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (start < strlen (base64) && base64[start] == '=')
data/epiphany-browser-3.38.1/lib/ephy-sync-utils.c:158:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
suffix = g_strnfill ((4 - strlen (text) % 4) % 4, '=');
data/epiphany-browser-3.38.1/lib/ephy-web-app-utils.c:130:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name += strlen ("app-");
data/epiphany-browser-3.38.1/lib/ephy-web-app-utils.c:148:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return name + strlen (EPHY_WEB_APP_PROGRAM_NAME_PREFIX);
data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-service.c:199:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
soup_message_set_request (msg, "application/json", SOUP_MEMORY_TAKE, body, strlen (body));
data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-service.c:528:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
soup_message_set_request (msg, "application/json", SOUP_MEMORY_TAKE, body, strlen (body));
data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-utils.c:772:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
has_trailing = path[strlen (path) - 1] == '/';
data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-utils.c:774:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
no_trailing_len = strlen (no_trailing);
data/epiphany-browser-3.38.1/lib/safe-browsing/ephy-gsb-utils.c:843:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_checksum_update (checksum, (const guint8 *)value, strlen (value));
data/epiphany-browser-3.38.1/lib/sync/debug/ephy-sync-debug.c:242:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
soup_message_set_request (msg, content_type, SOUP_MEMORY_COPY, body, strlen (body));
data/epiphany-browser-3.38.1/lib/sync/debug/ephy-sync-debug.c:454:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (storage_key));
data/epiphany-browser-3.38.1/lib/sync/ephy-password-import.c:91:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pbkdf2_hmac_sha1 (strlen (phrase), (unsigned char *)phrase, 1, sizeof (salt), salt, sizeof (key), key);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:222:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (artifacts->ext && strlen (artifacts->ext) > 0) {
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:356:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (artifacts->hash && strlen (artifacts->hash) > 0)
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:360:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (artifacts->ext && strlen (artifacts->ext) > 0) {
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:587:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(const guint8 *)info, strlen (info),
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:629:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(const guint8 *)info_kft, strlen (info_kft),
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:641:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(const guint8 *)info_keys, strlen (info_keys),
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:774:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = ephy_sync_crypto_concat_bytes ((guint8 *)info, strlen (info),
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:779:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp, strlen (info) + 1);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:783:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(guint8 *)info, strlen (info),
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:788:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp, len + strlen (info) + 1);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:875:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
body_b64 = ephy_sync_utils_base64_urlsafe_encode ((guint8 *)body, strlen (body), TRUE);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:876:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
header_b64 = ephy_sync_utils_base64_urlsafe_encode ((guint8 *)header, strlen (header), TRUE);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-crypto.c:920:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize text_len = strlen (text);
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-service.c:480:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
request_body, strlen (request_body));
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-service.c:548:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data->request_body, strlen (data->request_body));
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-service.c:567:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (self->storage_credentials_key),
data/epiphany-browser-3.38.1/lib/sync/ephy-sync-service.c:774:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
request_body, strlen (request_body));
data/epiphany-browser-3.38.1/lib/widgets/contrib/nautilus-floating-bar.c:140:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (self->primary_label) > 0);
data/epiphany-browser-3.38.1/lib/widgets/contrib/nautilus-floating-bar.c:142:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (self->details_label) > 0);
data/epiphany-browser-3.38.1/lib/widgets/ephy-location-entry.c:221:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
address + strlen (EPHY_ABOUT_SCHEME) + 1);
data/epiphany-browser-3.38.1/lib/widgets/ephy-location-entry.c:247:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
selection, strlen (selection));
data/epiphany-browser-3.38.1/lib/widgets/ephy-location-entry.c:559:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (url) > 5 && g_str_has_prefix (url, "http:") && url[5] != '/')
data/epiphany-browser-3.38.1/lib/widgets/ephy-location-entry.c:561:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen (url) > 6 && g_str_has_prefix (url, "https:") && url[6] != '/')
data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmark-row.c:168:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (title) == 0) {
data/epiphany-browser-3.38.1/src/bookmarks/ephy-bookmarks-import.c:486:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!g_markup_parse_context_parse (context, buf, strlen (buf), &my_error)) {
data/epiphany-browser-3.38.1/src/ephy-location-controller.c:154:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_auto (GStrv) split = g_strsplit (content + strlen ("ephy-tab://"), "@", -1);
data/epiphany-browser-3.38.1/src/ephy-suggestion-model.c:320:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (title) == 0)
data/epiphany-browser-3.38.1/src/ephy-suggestion-model.c:369:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (url->title) == 0)
data/epiphany-browser-3.38.1/src/ephy-suggestion-model.c:561:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (data->query) > 0) {
data/epiphany-browser-3.38.1/src/ephy-tab-label.c:110:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (str && strlen (str) != 0) {
data/epiphany-browser-3.38.1/src/ephy-window.c:2579:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tab_number = atoi (action_name + strlen ("accel-"));
data/epiphany-browser-3.38.1/src/ephy-window.c:2600:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int tab_number = atoi (actions[i] + strlen ("accel-"));
data/epiphany-browser-3.38.1/src/ephy-window.c:4117:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_editable_set_position (GTK_EDITABLE (location_gtk_entry), strlen (entry_text));
data/epiphany-browser-3.38.1/src/profile-migrator/ephy-profile-migrator.c:1381:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (g_output_stream_write (G_OUTPUT_STREAM (output_stream), new_data, strlen (new_data), NULL, &error) == -1) {
data/epiphany-browser-3.38.1/src/search-provider/ephy-search-provider.c:215:95: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
results[i] + strlen ("special:search:"))));
data/epiphany-browser-3.38.1/src/search-provider/ephy-search-provider.c:225:95: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
results[i] + strlen ("special:load:"))));
data/epiphany-browser-3.38.1/src/window-commands.c:1642:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
title = g_strdup (host + strlen ("www."));
data/epiphany-browser-3.38.1/src/window-commands.c:1966:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen (suggested_filename)) {
data/epiphany-browser-3.38.1/tests/ephy-download-test.c:64:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HTML_STRING, strlen (HTML_STRING));
data/epiphany-browser-3.38.1/tests/ephy-snapshot-service-test.c:223:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
response, strlen (response));
data/epiphany-browser-3.38.1/tests/ephy-web-view-test.c:59:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HTML_STRING, strlen (HTML_STRING));
data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-builder.c:288:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (string);
data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-builder.c:395:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
basename = item->key + strlen (item->parent->key);
data/epiphany-browser-3.38.1/third-party/gvdb/gvdb-reader.c:443:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parent_length = strlen (parent_name);
ANALYSIS SUMMARY:
Hits = 159
Lines analyzed = 90486 in approximately 2.07 seconds (43762 lines/second)
Physical Source Lines of Code (SLOC) = 64913
Hits@level = [0] 7 [1] 91 [2] 47 [3] 16 [4] 4 [5] 1
Hits@level+ = [0+] 166 [1+] 159 [2+] 68 [3+] 21 [4+] 5 [5+] 1
Hits/KSLOC@level+ = [0+] 2.55727 [1+] 2.44943 [2+] 1.04756 [3+] 0.32351 [4+] 0.0770262 [5+] 0.0154052
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.