Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/event-dance-0.2.0/evd/evd-buffered-input-stream.c Examining data/event-dance-0.2.0/evd/evd-buffered-input-stream.h Examining data/event-dance-0.2.0/evd/evd-buffered-output-stream.c Examining data/event-dance-0.2.0/evd/evd-buffered-output-stream.h Examining data/event-dance-0.2.0/evd/evd-connection-pool.c Examining data/event-dance-0.2.0/evd/evd-connection-pool.h Examining data/event-dance-0.2.0/evd/evd-connection.c Examining data/event-dance-0.2.0/evd/evd-connection.h Examining data/event-dance-0.2.0/evd/evd-daemon.c Examining data/event-dance-0.2.0/evd/evd-daemon.h Examining data/event-dance-0.2.0/evd/evd-dbus-agent.c Examining data/event-dance-0.2.0/evd/evd-dbus-agent.h Examining data/event-dance-0.2.0/evd/evd-dbus-bridge.c Examining data/event-dance-0.2.0/evd/evd-dbus-bridge.h Examining data/event-dance-0.2.0/evd/evd-dbus-daemon.c Examining data/event-dance-0.2.0/evd/evd-dbus-daemon.h Examining data/event-dance-0.2.0/evd/evd-error.c Examining data/event-dance-0.2.0/evd/evd-error.h Examining data/event-dance-0.2.0/evd/evd-http-chunked-decoder.c Examining data/event-dance-0.2.0/evd/evd-http-chunked-decoder.h Examining data/event-dance-0.2.0/evd/evd-http-connection.c Examining data/event-dance-0.2.0/evd/evd-http-connection.h Examining data/event-dance-0.2.0/evd/evd-http-message.c Examining data/event-dance-0.2.0/evd/evd-http-message.h Examining data/event-dance-0.2.0/evd/evd-http-request.c Examining data/event-dance-0.2.0/evd/evd-http-request.h Examining data/event-dance-0.2.0/evd/evd-io-stream-group.c Examining data/event-dance-0.2.0/evd/evd-io-stream-group.h Examining data/event-dance-0.2.0/evd/evd-io-stream.c Examining data/event-dance-0.2.0/evd/evd-io-stream.h Examining data/event-dance-0.2.0/evd/evd-ipc-mechanism.c Examining data/event-dance-0.2.0/evd/evd-ipc-mechanism.h Examining data/event-dance-0.2.0/evd/evd-json-filter.c Examining data/event-dance-0.2.0/evd/evd-json-filter.h Examining data/event-dance-0.2.0/evd/evd-jsonrpc-http-client.c Examining data/event-dance-0.2.0/evd/evd-jsonrpc-http-client.h Examining data/event-dance-0.2.0/evd/evd-jsonrpc-http-server.c Examining data/event-dance-0.2.0/evd/evd-jsonrpc-http-server.h Examining data/event-dance-0.2.0/evd/evd-jsonrpc.c Examining data/event-dance-0.2.0/evd/evd-jsonrpc.h Examining data/event-dance-0.2.0/evd/evd-longpolling-server.c Examining data/event-dance-0.2.0/evd/evd-longpolling-server.h Examining data/event-dance-0.2.0/evd/evd-peer-manager.c Examining data/event-dance-0.2.0/evd/evd-peer-manager.h Examining data/event-dance-0.2.0/evd/evd-peer.c Examining data/event-dance-0.2.0/evd/evd-peer.h Examining data/event-dance-0.2.0/evd/evd-pki-common.h Examining data/event-dance-0.2.0/evd/evd-pki-privkey.c Examining data/event-dance-0.2.0/evd/evd-pki-privkey.h Examining data/event-dance-0.2.0/evd/evd-pki-pubkey.c Examining data/event-dance-0.2.0/evd/evd-pki-pubkey.h Examining data/event-dance-0.2.0/evd/evd-poll.c Examining data/event-dance-0.2.0/evd/evd-poll.h Examining data/event-dance-0.2.0/evd/evd-promise.c Examining data/event-dance-0.2.0/evd/evd-promise.h Examining data/event-dance-0.2.0/evd/evd-reproxy.c Examining data/event-dance-0.2.0/evd/evd-reproxy.h Examining data/event-dance-0.2.0/evd/evd-resolver.c Examining data/event-dance-0.2.0/evd/evd-resolver.h Examining data/event-dance-0.2.0/evd/evd-service.c Examining data/event-dance-0.2.0/evd/evd-service.h Examining data/event-dance-0.2.0/evd/evd-socket-input-stream.c Examining data/event-dance-0.2.0/evd/evd-socket-input-stream.h Examining data/event-dance-0.2.0/evd/evd-socket-output-stream.c Examining data/event-dance-0.2.0/evd/evd-socket-output-stream.h Examining data/event-dance-0.2.0/evd/evd-socket.c Examining data/event-dance-0.2.0/evd/evd-socket.h Examining data/event-dance-0.2.0/evd/evd-stream-throttle.c Examining data/event-dance-0.2.0/evd/evd-stream-throttle.h Examining data/event-dance-0.2.0/evd/evd-throttled-input-stream.c Examining data/event-dance-0.2.0/evd/evd-throttled-input-stream.h Examining data/event-dance-0.2.0/evd/evd-throttled-output-stream.c Examining data/event-dance-0.2.0/evd/evd-throttled-output-stream.h Examining data/event-dance-0.2.0/evd/evd-tls-certificate.c Examining data/event-dance-0.2.0/evd/evd-tls-certificate.h Examining data/event-dance-0.2.0/evd/evd-tls-common.h Examining data/event-dance-0.2.0/evd/evd-tls-credentials.c Examining data/event-dance-0.2.0/evd/evd-tls-credentials.h Examining data/event-dance-0.2.0/evd/evd-tls-dh-generator.c Examining data/event-dance-0.2.0/evd/evd-tls-dh-generator.h Examining data/event-dance-0.2.0/evd/evd-tls-input-stream.c Examining data/event-dance-0.2.0/evd/evd-tls-input-stream.h Examining data/event-dance-0.2.0/evd/evd-tls-output-stream.c Examining data/event-dance-0.2.0/evd/evd-tls-output-stream.h Examining data/event-dance-0.2.0/evd/evd-tls-privkey.c Examining data/event-dance-0.2.0/evd/evd-tls-privkey.h Examining data/event-dance-0.2.0/evd/evd-tls-session.c Examining data/event-dance-0.2.0/evd/evd-tls-session.h Examining data/event-dance-0.2.0/evd/evd-transport.c Examining data/event-dance-0.2.0/evd/evd-transport.h Examining data/event-dance-0.2.0/evd/evd-utils.c Examining data/event-dance-0.2.0/evd/evd-utils.h Examining data/event-dance-0.2.0/evd/evd-web-dir.c Examining data/event-dance-0.2.0/evd/evd-web-dir.h Examining data/event-dance-0.2.0/evd/evd-web-selector.c Examining data/event-dance-0.2.0/evd/evd-web-selector.h Examining data/event-dance-0.2.0/evd/evd-web-service.c Examining data/event-dance-0.2.0/evd/evd-web-service.h Examining data/event-dance-0.2.0/evd/evd-web-transport-server.c Examining data/event-dance-0.2.0/evd/evd-web-transport-server.h Examining data/event-dance-0.2.0/evd/evd-websocket-client.c Examining data/event-dance-0.2.0/evd/evd-websocket-client.h Examining data/event-dance-0.2.0/evd/evd-websocket-protocol.c Examining data/event-dance-0.2.0/evd/evd-websocket-protocol.h Examining data/event-dance-0.2.0/evd/evd-websocket-server.c Examining data/event-dance-0.2.0/evd/evd-websocket-server.h Examining data/event-dance-0.2.0/evd/evd.h Examining data/event-dance-0.2.0/evd/evd-tls-common.c Examining data/event-dance-0.2.0/examples/dbus-bridge.c Examining data/event-dance-0.2.0/examples/ping-server.c Examining data/event-dance-0.2.0/tests/test-all-js.c Examining data/event-dance-0.2.0/tests/test-pki.c Examining data/event-dance-0.2.0/tests/test-socket-common.c Examining data/event-dance-0.2.0/tests/test-socket-context.c Examining data/event-dance-0.2.0/tests/test-socket.c Examining data/event-dance-0.2.0/tests/test-websocket-transport.c Examining data/event-dance-0.2.0/tests/test-dbus-bridge.c Examining data/event-dance-0.2.0/tests/test-json-filter.c Examining data/event-dance-0.2.0/tests/test-resolver.c Examining data/event-dance-0.2.0/tests/test-io-stream-group.c Examining data/event-dance-0.2.0/tests/test-promise.c Examining data/event-dance-0.2.0/tests/test-all.c FINAL RESULTS: data/event-dance-0.2.0/evd/evd-daemon.c:204:11: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod (self->priv->pid_file, data/event-dance-0.2.0/evd/evd-websocket-protocol.c:187:21: [3] (random) g_random_int: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. masking_key = g_random_int (); data/event-dance-0.2.0/evd/evd-websocket-protocol.c:876:13: [3] (random) g_random_int: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. rnd = g_random_int (); data/event-dance-0.2.0/tests/test-io-stream-group.c:44:20: [3] (random) g_random_int_range: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. f->listen_port = g_random_int_range (1025, 65535); data/event-dance-0.2.0/tests/test-socket-context.c:344:15: [3] (random) g_random_int_range: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. data[i] = g_random_int_range (32, 128); data/event-dance-0.2.0/tests/test-socket.c:87:10: [3] (random) g_random_int_range: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. port = g_random_int_range (1024, 0xFFFF-1); data/event-dance-0.2.0/tests/test-socket.c:105:10: [3] (random) g_random_int_range: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. port = g_random_int_range (1024, 0xFFFF-1); data/event-dance-0.2.0/tests/test-websocket-transport.c:65:20: [3] (random) g_random_int_range: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. f->listen_port = g_random_int_range (1025, 65535); data/event-dance-0.2.0/evd/evd-peer.c:235:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (frame->buf, message, size); data/event-dance-0.2.0/evd/evd-transport.c:422:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (msg->text_buffer, msg->buffer, msg->size); data/event-dance-0.2.0/evd/evd-transport.c:620:43: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (EVD_TRANSPORT_GET_INTERFACE (self)->open != NULL) data/event-dance-0.2.0/evd/evd-transport.c:622:43: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). EVD_TRANSPORT_GET_INTERFACE (self)->open (self, data/event-dance-0.2.0/evd/evd-transport.h:77:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void (* open) (EvdTransport *self, data/event-dance-0.2.0/evd/evd-websocket-protocol.c:384:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&data->masking_key, data->buf->str + data->offset, 4); data/event-dance-0.2.0/evd/evd-websocket-protocol.c:405:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&len, data->buf->str + data->offset, 2); data/event-dance-0.2.0/evd/evd-websocket-protocol.c:417:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&len, data->buf->str + data->offset, 8); data/event-dance-0.2.0/evd/evd-buffered-output-stream.c:610:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (buffer), data/event-dance-0.2.0/evd/evd-buffered-output-stream.c:627:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (buffer), data/event-dance-0.2.0/evd/evd-daemon.c:266:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (0); data/event-dance-0.2.0/evd/evd-dbus-daemon.c:241:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size = read (stdout_fd, buf, 256); data/event-dance-0.2.0/evd/evd-http-connection.c:819:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (chunk_hdr), data/event-dance-0.2.0/evd/evd-http-connection.c:1016:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_string_append_len (buf, st, strlen (st)); data/event-dance-0.2.0/evd/evd-http-connection.c:1030:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_string_append_len (buf, st, strlen (st)); data/event-dance-0.2.0/evd/evd-http-message.c:243:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_string_append_len (buf, st, strlen (st)); data/event-dance-0.2.0/evd/evd-http-request.c:270:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_string_append_len (buf, st, strlen (st)); data/event-dance-0.2.0/evd/evd-http-request.c:326:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). b64_st = g_base64_encode ((guchar *) st, strlen (st)); data/event-dance-0.2.0/evd/evd-http-request.c:361:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (auth_st == NULL || strlen (auth_st) < 7) data/event-dance-0.2.0/evd/evd-http-request.c:407:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cookie = g_strstr_len (cookies[i], strlen (cookie_name) + 1, cookie_name); data/event-dance-0.2.0/evd/evd-json-filter.c:566:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return evd_json_filter_feed_len (self, buffer, strlen (buffer), error); data/event-dance-0.2.0/evd/evd-jsonrpc-http-client.c:388:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (data->buf), data/event-dance-0.2.0/evd/evd-jsonrpc-http-client.c:419:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). soup_message_headers_set_content_length (headers, strlen (data->buf)); data/event-dance-0.2.0/evd/evd-jsonrpc-http-server.c:246:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (message), data/event-dance-0.2.0/evd/evd-jsonrpc-http-server.c:291:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (err_st), data/event-dance-0.2.0/evd/evd-jsonrpc-http-server.c:325:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (error->message), data/event-dance-0.2.0/evd/evd-jsonrpc-http-server.c:366:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (err_st), data/event-dance-0.2.0/evd/evd-jsonrpc.c:787:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen (message); data/event-dance-0.2.0/evd/evd-poll.c:216:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read (self->priv->interrupt_fds[0], buf, 1024) > 0; data/event-dance-0.2.0/evd/evd-socket.c:1642:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *len = strlen (result); data/event-dance-0.2.0/evd/evd-tls-session.c:503:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (self->priv->server_name)); data/event-dance-0.2.0/evd/evd-transport.c:371:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen (text); data/event-dance-0.2.0/evd/evd-web-dir.c:698:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path_without_alias = uri->path + strlen (self->priv->alias); data/event-dance-0.2.0/evd/evd-web-transport-server.c:814:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (base_path[strlen (base_path) - 1] == '/') data/event-dance-0.2.0/evd/evd-websocket-protocol.c:928:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (accept_key == NULL || strlen (accept_key) == 0) data/event-dance-0.2.0/tests/test-all-js.c:112:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). test_name[strlen (test_name)-3] = '\0'; data/event-dance-0.2.0/tests/test-json-filter.c:94:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (wrong[i]), data/event-dance-0.2.0/tests/test-json-filter.c:146:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (evd_json_filter_chunks[i]), data/event-dance-0.2.0/tests/test-pki.c:225:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_assert_cmpint (size, ==, strlen (msg)); data/event-dance-0.2.0/tests/test-pki.c:284:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (msg), data/event-dance-0.2.0/tests/test-pki.c:363:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (msg), data/event-dance-0.2.0/tests/test-pki.c:406:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (msg), data/event-dance-0.2.0/tests/test-socket-common.c:188:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). expected_size = strlen (EVD_SOCKET_TEST_UNREAD_TEXT) + data/event-dance-0.2.0/tests/test-socket-common.c:189:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (EVD_SOCKET_TEST_TEXT1) + data/event-dance-0.2.0/tests/test-socket-common.c:190:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (EVD_SOCKET_TEST_TEXT2); data/event-dance-0.2.0/tests/test-socket-common.c:204:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen (EVD_SOCKET_TEST_UNREAD_TEXT) + data/event-dance-0.2.0/tests/test-socket-common.c:205:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (EVD_SOCKET_TEST_TEXT1) + data/event-dance-0.2.0/tests/test-socket-common.c:206:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (EVD_SOCKET_TEST_TEXT2)) * 2) data/event-dance-0.2.0/tests/test-socket-common.c:221:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). evd_socket_unread (self, EVD_SOCKET_TEST_UNREAD_TEXT, strlen (EVD_SOCKET_TEST_UNREAD_TEXT), &error); data/event-dance-0.2.0/tests/test-socket-common.c:230:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (EVD_SOCKET_TEST_TEXT1), data/event-dance-0.2.0/tests/test-socket-common.c:233:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_assert_cmpint (size, ==, strlen (EVD_SOCKET_TEST_TEXT1)); data/event-dance-0.2.0/tests/test-socket-common.c:237:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (EVD_SOCKET_TEST_TEXT2), data/event-dance-0.2.0/tests/test-socket-common.c:240:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_assert_cmpint (size, ==, strlen (EVD_SOCKET_TEST_TEXT2)); ANALYSIS SUMMARY: Hits = 61 Lines analyzed = 40695 in approximately 0.74 seconds (54740 lines/second) Physical Source Lines of Code (SLOC) = 29032 Hits@level = [0] 3 [1] 45 [2] 8 [3] 7 [4] 0 [5] 1 Hits@level+ = [0+] 64 [1+] 61 [2+] 16 [3+] 8 [4+] 1 [5+] 1 Hits/KSLOC@level+ = [0+] 2.20446 [1+] 2.10113 [2+] 0.551116 [3+] 0.275558 [4+] 0.0344448 [5+] 0.0344448 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.