Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gdome2-0.8.1+debian/acconfig.h
Examining data/gdome2-0.8.1+debian/libgdome/gdome.c
Examining data/gdome2-0.8.1+debian/libgdome/gdome-events.c
Examining data/gdome2-0.8.1+debian/libgdome/gdome-xpath.c
Examining data/gdome2-0.8.1+debian/libgdome/gdome-util.c
Examining data/gdome2-0.8.1+debian/libgdome/gdome-private-list.c
Examining data/gdome2-0.8.1+debian/libgdome/gdome-refdebug.c
Examining data/gdome2-0.8.1+debian/libgdome/gdome-treegc.c
Examining data/gdome2-0.8.1+debian/libgdome/gdome.h
Examining data/gdome2-0.8.1+debian/libgdome/gdome-events.h
Examining data/gdome2-0.8.1+debian/libgdome/gdome-xpath.h
Examining data/gdome2-0.8.1+debian/libgdome/gdome-util.h
Examining data/gdome2-0.8.1+debian/libgdome/gdome-private-list.h
Examining data/gdome2-0.8.1+debian/libgdome/gdome-refdebug.h
Examining data/gdome2-0.8.1+debian/libgdome/gdome-treegc.h
Examining data/gdome2-0.8.1+debian/libgdome/gdome-libxml-util.h
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-xmldtdutil.c
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-xmlmemory.c
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-str.c
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-text.c
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-comment.c
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-cdata.c
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-attribute.c
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-element.c
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-document.c
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-documentf.c
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-domimpl.c
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-nnodem.c
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-nodel.c
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-node.c
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-pi.c
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-notation.c
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-entity.c
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-xmlutil.c
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-cdatas.c
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-entityref.c
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-xpns.c
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-xmldtdutil.h
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-xmlmemory.h
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-util.h
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-str.h
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-text.h
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-comment.h
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-cdata.h
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-attribute.h
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-element.h
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-document.h
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-documentt.h
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-documentf.h
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-domimpl.h
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-nnodem.h
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-nodel.h
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-node.h
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-pi.h
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-notation.h
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-entity.h
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-xmlutil.h
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-cdatas.h
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-entityref.h
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-xpns.h
Examining data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-documentt.c
Examining data/gdome2-0.8.1+debian/libgdome/events/gdome-evt-mevent.c
Examining data/gdome2-0.8.1+debian/libgdome/events/gdome-evt-eventl.c
Examining data/gdome2-0.8.1+debian/libgdome/events/gdome-evt-event.c
Examining data/gdome2-0.8.1+debian/libgdome/events/gdome-evt-propagation.c
Examining data/gdome2-0.8.1+debian/libgdome/events/gdome-evt-mevent.h
Examining data/gdome2-0.8.1+debian/libgdome/events/gdome-evt-eventl.h
Examining data/gdome2-0.8.1+debian/libgdome/events/gdome-evt-event.h
Examining data/gdome2-0.8.1+debian/libgdome/events/gdome-evt-propagation.h
Examining data/gdome2-0.8.1+debian/libgdome/events/gdome-evt-util.h
Examining data/gdome2-0.8.1+debian/libgdome/xpath/gdome-xpath-xpeval.c
Examining data/gdome2-0.8.1+debian/libgdome/xpath/gdome-xpath-xpnsresolv.c
Examining data/gdome2-0.8.1+debian/libgdome/xpath/gdome-xpath-xpresult.c
Examining data/gdome2-0.8.1+debian/libgdome/xpath/gdome-xpath-xpeval.h
Examining data/gdome2-0.8.1+debian/libgdome/xpath/gdome-xpath-xpresult.h
Examining data/gdome2-0.8.1+debian/libgdome/xpath/gdome-xpath-xpnsresolv.h
Examining data/gdome2-0.8.1+debian/test/test-document.c
Examining data/gdome2-0.8.1+debian/test/test-node.c
Examining data/gdome2-0.8.1+debian/test/test-cdata.c
Examining data/gdome2-0.8.1+debian/test/test-dtd.c
Examining data/gdome2-0.8.1+debian/test/test-element.c
Examining data/gdome2-0.8.1+debian/test/test-nodelist.c
Examining data/gdome2-0.8.1+debian/test/test-namednodemap.c
Examining data/gdome2-0.8.1+debian/test/examplea.c
Examining data/gdome2-0.8.1+debian/test/exampleb.c
Examining data/gdome2-0.8.1+debian/test/examplec.c
Examining data/gdome2-0.8.1+debian/test/test-mevents.c
Examining data/gdome2-0.8.1+debian/test/test-loadsave.c
Examining data/gdome2-0.8.1+debian/test/test-str.c
Examining data/gdome2-0.8.1+debian/test/test-treegc.c
Examining data/gdome2-0.8.1+debian/test/test-xpath.c
Examining data/gdome2-0.8.1+debian/test/test-importnode.c
Examining data/gdome2-0.8.1+debian/test/bench.c
Examining data/gdome2-0.8.1+debian/test/apigen/util.c
Examining data/gdome2-0.8.1+debian/test/apigen/srcutil.c
Examining data/gdome2-0.8.1+debian/test/apigen/apigen.c
Examining data/gdome2-0.8.1+debian/test/apigen/util.h
Examining data/gdome2-0.8.1+debian/test/apigen/srcutil.h
FINAL RESULTS:
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:217:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, modPrefix);
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:219:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, iName);
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:226:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, name);
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:230:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, aName);
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:235:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, params[i].name);
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:262:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, params[i].name);
data/gdome2-0.8.1+debian/test/bench.c:84:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (str->str);
data/gdome2-0.8.1+debian/test/test-mevents.c:32:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (prop, str);
data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-cdata.c:312:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret, str + start, stop - start);
data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-cdata.c:355:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_str, old_str, len1);
data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-cdata.c:356:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_str + len1, arg->str, len2 + 1);
data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-cdata.c:438:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_str, old_str, start);
data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-cdata.c:439:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_str + start, arg->str, len2);
data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-cdata.c:440:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_str + start + len2, old_str + start, len1 - start + 1);
data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-cdata.c:522:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_str, old_str, start);
data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-cdata.c:523:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_str + start, old_str + stop, len1 - stop);
data/gdome2-0.8.1+debian/test/apigen/apigen.c:418:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fddest = fopen (modInfo.outfile, "a")) == NULL)
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:74:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmp, "->");
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:77:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmp, "super.");
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:106:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZE];
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:111:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fdsrc = fopen (srcFilename, "r")) == NULL) {
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:117:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fddest = fopen (modInfo->outfile, "a")) == NULL) {
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:192:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fddest = fopen (modInfo->outfile, "a")) == NULL) {
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:214:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, "\treturn ");
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:216:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, "((Gdome_");
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:220:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " *)self)->vtab->");
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:224:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, "super.");
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:227:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " (");
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:229:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, "(Gdome");
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:231:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " *)");
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:233:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, "self, ");
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:236:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, ", ");
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:238:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, "exc);\n");
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:254:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, "\treturn ");
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:257:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf+i, name+3, strlen (name)-5);
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:260:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " (");
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:263:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, ", ");
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:266:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, ");\n");
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:280:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZE];
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:286:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fdsrc = fopen (srcFilename, "r")) == NULL) {
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:292:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fddest = fopen (modInfo->outfile, "a")) == NULL) {
data/gdome2-0.8.1+debian/test/test-mevents.c:27:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prop[128];
data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-cdata.c:352:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen (old_str);
data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-cdata.c:353:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen (arg->str);
data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-cdata.c:428:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen (old_str);
data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-cdata.c:429:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen (arg->str);
data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-cdata.c:519:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen (old_str);
data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-document.c:483:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = xmlNewCDataBlock (priv->n, data->str, strlen (data->str));
data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-domimpl.c:448:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (buffer);
data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-domimpl.c:641:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (buffer);
data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-str.c:236:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (index < 0 || index >= strlen (self->str)) {
data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-str.c:284:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_self = strlen (self->str);
data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-str.c:285:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_str = strlen (suffix->str);
data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-str.c:305:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (self != NULL && strlen (self->str) > 0)
data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-str.c:321:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen (self->str);
data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-str.c:340:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_self = strlen (self->str);
data/gdome2-0.8.1+debian/libgdome/gdomecore/gdome-xml-str.c:341:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_str = strlen (prefix->str);
data/gdome2-0.8.1+debian/test/apigen/apigen.c:420:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!fwrite (modInfo.outfilehead, strlen (modInfo.outfilehead), 1, fddest))
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:212:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (buf, "\t");
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:218:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (buf, "_");
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:252:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (buf, "\t");
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:256:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (buf);
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:257:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (buf+i, name+3, strlen (name)-5);
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:258:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen (name)-5+i]='\0';
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:265:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen (buf)-2] = '\0';
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:323:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (params[i].type[strlen(params[i].type)-1] == '*')
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:325:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!strcmp (params[i].type, "void") && strlen (params[i].name) == 0)
data/gdome2-0.8.1+debian/test/apigen/srcutil.c:335:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen (tmp)-2] = '\0';
data/gdome2-0.8.1+debian/test/test-str.c:57:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(str1->str) && ret; i++)
data/gdome2-0.8.1+debian/test/test-str.c:85:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (gdome_str_length (str1) != strlen (str1->str))
ANALYSIS SUMMARY:
Hits = 70
Lines analyzed = 39214 in approximately 1.11 seconds (35315 lines/second)
Physical Source Lines of Code (SLOC) = 23268
Hits@level = [0] 388 [1] 28 [2] 34 [3] 0 [4] 8 [5] 0
Hits@level+ = [0+] 458 [1+] 70 [2+] 42 [3+] 8 [4+] 8 [5+] 0
Hits/KSLOC@level+ = [0+] 19.6837 [1+] 3.00842 [2+] 1.80505 [3+] 0.34382 [4+] 0.34382 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.