Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/event-dance-0.2.0/evd/evd-buffered-input-stream.c
Examining data/event-dance-0.2.0/evd/evd-buffered-input-stream.h
Examining data/event-dance-0.2.0/evd/evd-buffered-output-stream.c
Examining data/event-dance-0.2.0/evd/evd-buffered-output-stream.h
Examining data/event-dance-0.2.0/evd/evd-connection-pool.c
Examining data/event-dance-0.2.0/evd/evd-connection-pool.h
Examining data/event-dance-0.2.0/evd/evd-connection.c
Examining data/event-dance-0.2.0/evd/evd-connection.h
Examining data/event-dance-0.2.0/evd/evd-daemon.c
Examining data/event-dance-0.2.0/evd/evd-daemon.h
Examining data/event-dance-0.2.0/evd/evd-dbus-agent.c
Examining data/event-dance-0.2.0/evd/evd-dbus-agent.h
Examining data/event-dance-0.2.0/evd/evd-dbus-bridge.c
Examining data/event-dance-0.2.0/evd/evd-dbus-bridge.h
Examining data/event-dance-0.2.0/evd/evd-dbus-daemon.c
Examining data/event-dance-0.2.0/evd/evd-dbus-daemon.h
Examining data/event-dance-0.2.0/evd/evd-error.c
Examining data/event-dance-0.2.0/evd/evd-error.h
Examining data/event-dance-0.2.0/evd/evd-http-chunked-decoder.c
Examining data/event-dance-0.2.0/evd/evd-http-chunked-decoder.h
Examining data/event-dance-0.2.0/evd/evd-http-connection.c
Examining data/event-dance-0.2.0/evd/evd-http-connection.h
Examining data/event-dance-0.2.0/evd/evd-http-message.c
Examining data/event-dance-0.2.0/evd/evd-http-message.h
Examining data/event-dance-0.2.0/evd/evd-http-request.c
Examining data/event-dance-0.2.0/evd/evd-http-request.h
Examining data/event-dance-0.2.0/evd/evd-io-stream-group.c
Examining data/event-dance-0.2.0/evd/evd-io-stream-group.h
Examining data/event-dance-0.2.0/evd/evd-io-stream.c
Examining data/event-dance-0.2.0/evd/evd-io-stream.h
Examining data/event-dance-0.2.0/evd/evd-ipc-mechanism.c
Examining data/event-dance-0.2.0/evd/evd-ipc-mechanism.h
Examining data/event-dance-0.2.0/evd/evd-json-filter.c
Examining data/event-dance-0.2.0/evd/evd-json-filter.h
Examining data/event-dance-0.2.0/evd/evd-jsonrpc-http-client.c
Examining data/event-dance-0.2.0/evd/evd-jsonrpc-http-client.h
Examining data/event-dance-0.2.0/evd/evd-jsonrpc-http-server.c
Examining data/event-dance-0.2.0/evd/evd-jsonrpc-http-server.h
Examining data/event-dance-0.2.0/evd/evd-jsonrpc.c
Examining data/event-dance-0.2.0/evd/evd-jsonrpc.h
Examining data/event-dance-0.2.0/evd/evd-longpolling-server.c
Examining data/event-dance-0.2.0/evd/evd-longpolling-server.h
Examining data/event-dance-0.2.0/evd/evd-peer-manager.c
Examining data/event-dance-0.2.0/evd/evd-peer-manager.h
Examining data/event-dance-0.2.0/evd/evd-peer.c
Examining data/event-dance-0.2.0/evd/evd-peer.h
Examining data/event-dance-0.2.0/evd/evd-pki-common.h
Examining data/event-dance-0.2.0/evd/evd-pki-privkey.c
Examining data/event-dance-0.2.0/evd/evd-pki-privkey.h
Examining data/event-dance-0.2.0/evd/evd-pki-pubkey.c
Examining data/event-dance-0.2.0/evd/evd-pki-pubkey.h
Examining data/event-dance-0.2.0/evd/evd-poll.c
Examining data/event-dance-0.2.0/evd/evd-poll.h
Examining data/event-dance-0.2.0/evd/evd-promise.c
Examining data/event-dance-0.2.0/evd/evd-promise.h
Examining data/event-dance-0.2.0/evd/evd-reproxy.c
Examining data/event-dance-0.2.0/evd/evd-reproxy.h
Examining data/event-dance-0.2.0/evd/evd-resolver.c
Examining data/event-dance-0.2.0/evd/evd-resolver.h
Examining data/event-dance-0.2.0/evd/evd-service.c
Examining data/event-dance-0.2.0/evd/evd-service.h
Examining data/event-dance-0.2.0/evd/evd-socket-input-stream.c
Examining data/event-dance-0.2.0/evd/evd-socket-input-stream.h
Examining data/event-dance-0.2.0/evd/evd-socket-output-stream.c
Examining data/event-dance-0.2.0/evd/evd-socket-output-stream.h
Examining data/event-dance-0.2.0/evd/evd-socket.c
Examining data/event-dance-0.2.0/evd/evd-socket.h
Examining data/event-dance-0.2.0/evd/evd-stream-throttle.c
Examining data/event-dance-0.2.0/evd/evd-stream-throttle.h
Examining data/event-dance-0.2.0/evd/evd-throttled-input-stream.c
Examining data/event-dance-0.2.0/evd/evd-throttled-input-stream.h
Examining data/event-dance-0.2.0/evd/evd-throttled-output-stream.c
Examining data/event-dance-0.2.0/evd/evd-throttled-output-stream.h
Examining data/event-dance-0.2.0/evd/evd-tls-certificate.c
Examining data/event-dance-0.2.0/evd/evd-tls-certificate.h
Examining data/event-dance-0.2.0/evd/evd-tls-common.h
Examining data/event-dance-0.2.0/evd/evd-tls-credentials.c
Examining data/event-dance-0.2.0/evd/evd-tls-credentials.h
Examining data/event-dance-0.2.0/evd/evd-tls-dh-generator.c
Examining data/event-dance-0.2.0/evd/evd-tls-dh-generator.h
Examining data/event-dance-0.2.0/evd/evd-tls-input-stream.c
Examining data/event-dance-0.2.0/evd/evd-tls-input-stream.h
Examining data/event-dance-0.2.0/evd/evd-tls-output-stream.c
Examining data/event-dance-0.2.0/evd/evd-tls-output-stream.h
Examining data/event-dance-0.2.0/evd/evd-tls-privkey.c
Examining data/event-dance-0.2.0/evd/evd-tls-privkey.h
Examining data/event-dance-0.2.0/evd/evd-tls-session.c
Examining data/event-dance-0.2.0/evd/evd-tls-session.h
Examining data/event-dance-0.2.0/evd/evd-transport.c
Examining data/event-dance-0.2.0/evd/evd-transport.h
Examining data/event-dance-0.2.0/evd/evd-utils.c
Examining data/event-dance-0.2.0/evd/evd-utils.h
Examining data/event-dance-0.2.0/evd/evd-web-dir.c
Examining data/event-dance-0.2.0/evd/evd-web-dir.h
Examining data/event-dance-0.2.0/evd/evd-web-selector.c
Examining data/event-dance-0.2.0/evd/evd-web-selector.h
Examining data/event-dance-0.2.0/evd/evd-web-service.c
Examining data/event-dance-0.2.0/evd/evd-web-service.h
Examining data/event-dance-0.2.0/evd/evd-web-transport-server.c
Examining data/event-dance-0.2.0/evd/evd-web-transport-server.h
Examining data/event-dance-0.2.0/evd/evd-websocket-client.c
Examining data/event-dance-0.2.0/evd/evd-websocket-client.h
Examining data/event-dance-0.2.0/evd/evd-websocket-protocol.c
Examining data/event-dance-0.2.0/evd/evd-websocket-protocol.h
Examining data/event-dance-0.2.0/evd/evd-websocket-server.c
Examining data/event-dance-0.2.0/evd/evd-websocket-server.h
Examining data/event-dance-0.2.0/evd/evd.h
Examining data/event-dance-0.2.0/evd/evd-tls-common.c
Examining data/event-dance-0.2.0/examples/dbus-bridge.c
Examining data/event-dance-0.2.0/examples/ping-server.c
Examining data/event-dance-0.2.0/tests/test-all-js.c
Examining data/event-dance-0.2.0/tests/test-pki.c
Examining data/event-dance-0.2.0/tests/test-socket-common.c
Examining data/event-dance-0.2.0/tests/test-socket-context.c
Examining data/event-dance-0.2.0/tests/test-socket.c
Examining data/event-dance-0.2.0/tests/test-websocket-transport.c
Examining data/event-dance-0.2.0/tests/test-dbus-bridge.c
Examining data/event-dance-0.2.0/tests/test-json-filter.c
Examining data/event-dance-0.2.0/tests/test-resolver.c
Examining data/event-dance-0.2.0/tests/test-io-stream-group.c
Examining data/event-dance-0.2.0/tests/test-promise.c
Examining data/event-dance-0.2.0/tests/test-all.c
FINAL RESULTS:
data/event-dance-0.2.0/evd/evd-daemon.c:204:11: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod (self->priv->pid_file,
data/event-dance-0.2.0/evd/evd-websocket-protocol.c:187:21: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
masking_key = g_random_int ();
data/event-dance-0.2.0/evd/evd-websocket-protocol.c:876:13: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
rnd = g_random_int ();
data/event-dance-0.2.0/tests/test-io-stream-group.c:44:20: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
f->listen_port = g_random_int_range (1025, 65535);
data/event-dance-0.2.0/tests/test-socket-context.c:344:15: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
data[i] = g_random_int_range (32, 128);
data/event-dance-0.2.0/tests/test-socket.c:87:10: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
port = g_random_int_range (1024, 0xFFFF-1);
data/event-dance-0.2.0/tests/test-socket.c:105:10: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
port = g_random_int_range (1024, 0xFFFF-1);
data/event-dance-0.2.0/tests/test-websocket-transport.c:65:20: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
f->listen_port = g_random_int_range (1025, 65535);
data/event-dance-0.2.0/evd/evd-peer.c:235:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (frame->buf, message, size);
data/event-dance-0.2.0/evd/evd-transport.c:422:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg->text_buffer, msg->buffer, msg->size);
data/event-dance-0.2.0/evd/evd-transport.c:620:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (EVD_TRANSPORT_GET_INTERFACE (self)->open != NULL)
data/event-dance-0.2.0/evd/evd-transport.c:622:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
EVD_TRANSPORT_GET_INTERFACE (self)->open (self,
data/event-dance-0.2.0/evd/evd-transport.h:77:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void (* open) (EvdTransport *self,
data/event-dance-0.2.0/evd/evd-websocket-protocol.c:384:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&data->masking_key, data->buf->str + data->offset, 4);
data/event-dance-0.2.0/evd/evd-websocket-protocol.c:405:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&len, data->buf->str + data->offset, 2);
data/event-dance-0.2.0/evd/evd-websocket-protocol.c:417:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&len, data->buf->str + data->offset, 8);
data/event-dance-0.2.0/evd/evd-buffered-output-stream.c:610:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (buffer),
data/event-dance-0.2.0/evd/evd-buffered-output-stream.c:627:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (buffer),
data/event-dance-0.2.0/evd/evd-daemon.c:266:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (0);
data/event-dance-0.2.0/evd/evd-dbus-daemon.c:241:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = read (stdout_fd, buf, 256);
data/event-dance-0.2.0/evd/evd-http-connection.c:819:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (chunk_hdr),
data/event-dance-0.2.0/evd/evd-http-connection.c:1016:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_string_append_len (buf, st, strlen (st));
data/event-dance-0.2.0/evd/evd-http-connection.c:1030:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_string_append_len (buf, st, strlen (st));
data/event-dance-0.2.0/evd/evd-http-message.c:243:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_string_append_len (buf, st, strlen (st));
data/event-dance-0.2.0/evd/evd-http-request.c:270:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_string_append_len (buf, st, strlen (st));
data/event-dance-0.2.0/evd/evd-http-request.c:326:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b64_st = g_base64_encode ((guchar *) st, strlen (st));
data/event-dance-0.2.0/evd/evd-http-request.c:361:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (auth_st == NULL || strlen (auth_st) < 7)
data/event-dance-0.2.0/evd/evd-http-request.c:407:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cookie = g_strstr_len (cookies[i], strlen (cookie_name) + 1, cookie_name);
data/event-dance-0.2.0/evd/evd-json-filter.c:566:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return evd_json_filter_feed_len (self, buffer, strlen (buffer), error);
data/event-dance-0.2.0/evd/evd-jsonrpc-http-client.c:388:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (data->buf),
data/event-dance-0.2.0/evd/evd-jsonrpc-http-client.c:419:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
soup_message_headers_set_content_length (headers, strlen (data->buf));
data/event-dance-0.2.0/evd/evd-jsonrpc-http-server.c:246:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (message),
data/event-dance-0.2.0/evd/evd-jsonrpc-http-server.c:291:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (err_st),
data/event-dance-0.2.0/evd/evd-jsonrpc-http-server.c:325:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (error->message),
data/event-dance-0.2.0/evd/evd-jsonrpc-http-server.c:366:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (err_st),
data/event-dance-0.2.0/evd/evd-jsonrpc.c:787:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (message);
data/event-dance-0.2.0/evd/evd-poll.c:216:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read (self->priv->interrupt_fds[0], buf, 1024) > 0;
data/event-dance-0.2.0/evd/evd-socket.c:1642:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len = strlen (result);
data/event-dance-0.2.0/evd/evd-tls-session.c:503:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (self->priv->server_name));
data/event-dance-0.2.0/evd/evd-transport.c:371:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (text);
data/event-dance-0.2.0/evd/evd-web-dir.c:698:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_without_alias = uri->path + strlen (self->priv->alias);
data/event-dance-0.2.0/evd/evd-web-transport-server.c:814:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (base_path[strlen (base_path) - 1] == '/')
data/event-dance-0.2.0/evd/evd-websocket-protocol.c:928:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (accept_key == NULL || strlen (accept_key) == 0)
data/event-dance-0.2.0/tests/test-all-js.c:112:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
test_name[strlen (test_name)-3] = '\0';
data/event-dance-0.2.0/tests/test-json-filter.c:94:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (wrong[i]),
data/event-dance-0.2.0/tests/test-json-filter.c:146:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (evd_json_filter_chunks[i]),
data/event-dance-0.2.0/tests/test-pki.c:225:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint (size, ==, strlen (msg));
data/event-dance-0.2.0/tests/test-pki.c:284:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (msg),
data/event-dance-0.2.0/tests/test-pki.c:363:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (msg),
data/event-dance-0.2.0/tests/test-pki.c:406:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (msg),
data/event-dance-0.2.0/tests/test-socket-common.c:188:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
expected_size = strlen (EVD_SOCKET_TEST_UNREAD_TEXT) +
data/event-dance-0.2.0/tests/test-socket-common.c:189:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (EVD_SOCKET_TEST_TEXT1) +
data/event-dance-0.2.0/tests/test-socket-common.c:190:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (EVD_SOCKET_TEST_TEXT2);
data/event-dance-0.2.0/tests/test-socket-common.c:204:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (EVD_SOCKET_TEST_UNREAD_TEXT) +
data/event-dance-0.2.0/tests/test-socket-common.c:205:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (EVD_SOCKET_TEST_TEXT1) +
data/event-dance-0.2.0/tests/test-socket-common.c:206:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (EVD_SOCKET_TEST_TEXT2)) * 2)
data/event-dance-0.2.0/tests/test-socket-common.c:221:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evd_socket_unread (self, EVD_SOCKET_TEST_UNREAD_TEXT, strlen (EVD_SOCKET_TEST_UNREAD_TEXT), &error);
data/event-dance-0.2.0/tests/test-socket-common.c:230:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (EVD_SOCKET_TEST_TEXT1),
data/event-dance-0.2.0/tests/test-socket-common.c:233:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint (size, ==, strlen (EVD_SOCKET_TEST_TEXT1));
data/event-dance-0.2.0/tests/test-socket-common.c:237:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (EVD_SOCKET_TEST_TEXT2),
data/event-dance-0.2.0/tests/test-socket-common.c:240:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint (size, ==, strlen (EVD_SOCKET_TEST_TEXT2));
ANALYSIS SUMMARY:
Hits = 61
Lines analyzed = 40695 in approximately 0.74 seconds (54740 lines/second)
Physical Source Lines of Code (SLOC) = 29032
Hits@level = [0] 3 [1] 45 [2] 8 [3] 7 [4] 0 [5] 1
Hits@level+ = [0+] 64 [1+] 61 [2+] 16 [3+] 8 [4+] 1 [5+] 1
Hits/KSLOC@level+ = [0+] 2.20446 [1+] 2.10113 [2+] 0.551116 [3+] 0.275558 [4+] 0.0344448 [5+] 0.0344448
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.