Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gmpc-11.8.16/remote/main.c
Examining data/gmpc-11.8.16/src/browsers/playlist3-current-playlist-browser.h
Examining data/gmpc-11.8.16/src/browsers/server-information.c
Examining data/gmpc-11.8.16/src/browsers/playlist3-tag2-browser.c
Examining data/gmpc-11.8.16/src/browsers/playlist3-playlist-editor.h
Examining data/gmpc-11.8.16/src/browsers/gmpc-nowplaying2.c
Examining data/gmpc-11.8.16/src/browsers/playlist3-find2-browser.c
Examining data/gmpc-11.8.16/src/browsers/playlist3-playlist-editor.c
Examining data/gmpc-11.8.16/src/browsers/gmpc-metadata-browser2.c
Examining data/gmpc-11.8.16/src/browsers/playlist3-current-playlist-browser.c
Examining data/gmpc-11.8.16/src/browsers/playlist3-find2-browser.h
Examining data/gmpc-11.8.16/src/browsers/playlist3-tag2-browser.h
Examining data/gmpc-11.8.16/src/browsers/playlist3-file-browser.h
Examining data/gmpc-11.8.16/src/browsers/playlist3-file-browser.c
Examining data/gmpc-11.8.16/src/main.h
Examining data/gmpc-11.8.16/src/preferences.c
Examining data/gmpc-11.8.16/src/vala/gmpc-url-fetching-gui.c
Examining data/gmpc-11.8.16/src/vala/gmpc-easy-command.c
Examining data/gmpc-11.8.16/src/vala/gmpc-connection.c
Examining data/gmpc-11.8.16/src/vala/gmpc-favorites.c
Examining data/gmpc-11.8.16/src/vala/gmpc-paned-size-group.c
Examining data/gmpc-11.8.16/src/vala/gmpc-test-plugin.c
Examining data/gmpc-11.8.16/src/vala/gmpc-mpddata-treeview-tooltip.c
Examining data/gmpc-11.8.16/src/vala/gmpc-plugin.c
Examining data/gmpc-11.8.16/src/gmpc-version.h
Examining data/gmpc-11.8.16/src/GUI/status_icon.h
Examining data/gmpc-11.8.16/src/GUI/title_header.c
Examining data/gmpc-11.8.16/src/GUI/cmd.c
Examining data/gmpc-11.8.16/src/GUI/thv.c
Examining data/gmpc-11.8.16/src/GUI/thv.h
Examining data/gmpc-11.8.16/src/GUI/control_window.h
Examining data/gmpc-11.8.16/src/GUI/control_window.c
Examining data/gmpc-11.8.16/src/GUI/title_header.h
Examining data/gmpc-11.8.16/src/GUI/cmd.h
Examining data/gmpc-11.8.16/src/GUI/status_icon.c
Examining data/gmpc-11.8.16/src/config1.h
Examining data/gmpc-11.8.16/src/gtktransition.h
Examining data/gmpc-11.8.16/src/revision.h
Examining data/gmpc-11.8.16/src/plugin-internal.h
Examining data/gmpc-11.8.16/src/Providers/HTBackdrops.c
Examining data/gmpc-11.8.16/src/Providers/music-tree.c
Examining data/gmpc-11.8.16/src/Providers/DiscoGS.c
Examining data/gmpc-11.8.16/src/Providers/LyrDB.c
Examining data/gmpc-11.8.16/src/Providers/LastFM.c
Examining data/gmpc-11.8.16/src/Providers/RenderCover.c
Examining data/gmpc-11.8.16/src/Providers/ChartLyrics.c
Examining data/gmpc-11.8.16/src/plugin.c
Examining data/gmpc-11.8.16/src/tray-icon2.h
Examining data/gmpc-11.8.16/src/Widgets/gmpc-metadata-text-label.c
Examining data/gmpc-11.8.16/src/Widgets/gmpc-clicklabel.c
Examining data/gmpc-11.8.16/src/Widgets/gmpc-metadata-backdrop.c
Examining data/gmpc-11.8.16/src/Widgets/gmpc-widgets-popupmenu.c
Examining data/gmpc-11.8.16/src/Widgets/gmpc-song-list.c
Examining data/gmpc-11.8.16/src/Widgets/gmpc-song-links.c
Examining data/gmpc-11.8.16/src/Widgets/gmpc-metadata-similarsongs.c
Examining data/gmpc-11.8.16/src/Widgets/playlist3-messages.h
Examining data/gmpc-11.8.16/src/Widgets/gmpc-metadata-similarartists.c
Examining data/gmpc-11.8.16/src/Widgets/mpd-async-request.h
Examining data/gmpc-11.8.16/src/Widgets/mpd-async-request.c
Examining data/gmpc-11.8.16/src/Widgets/gmpc-image-async.c
Examining data/gmpc-11.8.16/src/Widgets/gmpc-widgets-qtable.c
Examining data/gmpc-11.8.16/src/Widgets/advanced_settings.c
Examining data/gmpc-11.8.16/src/Widgets/gmpc-progress.c
Examining data/gmpc-11.8.16/src/Widgets/playlist3-messages.c
Examining data/gmpc-11.8.16/src/Widgets/GmpcVolume.c
Examining data/gmpc-11.8.16/src/smclient/eggdesktopfile.h
Examining data/gmpc-11.8.16/src/smclient/eggsmclient-osx.c
Examining data/gmpc-11.8.16/src/smclient/eggsmclient-win32.c
Examining data/gmpc-11.8.16/src/smclient/eggsmclient-xsmp.c
Examining data/gmpc-11.8.16/src/smclient/eggsmclient-private.h
Examining data/gmpc-11.8.16/src/smclient/eggsmclient.h
Examining data/gmpc-11.8.16/src/smclient/eggdesktopfile.c
Examining data/gmpc-11.8.16/src/smclient/eggsmclient.c
Examining data/gmpc-11.8.16/src/Tools/gmpc-metadata-appearance.c
Examining data/gmpc-11.8.16/src/Tools/log.h
Examining data/gmpc-11.8.16/src/Tools/pixbuf-cache.c
Examining data/gmpc-11.8.16/src/Tools/advanced-search.h
Examining data/gmpc-11.8.16/src/Tools/ipc.c
Examining data/gmpc-11.8.16/src/Tools/url-fetcher.c
Examining data/gmpc-11.8.16/src/Tools/mpd-easy-commands.c
Examining data/gmpc-11.8.16/src/Tools/mpd-easy-commands.h
Examining data/gmpc-11.8.16/src/Tools/misc.h
Examining data/gmpc-11.8.16/src/Tools/gmpc_easy_download.c
Examining data/gmpc-11.8.16/src/Tools/advanced-search.c
Examining data/gmpc-11.8.16/src/Tools/mpdinteraction.h
Examining data/gmpc-11.8.16/src/Tools/plugin-man.h
Examining data/gmpc-11.8.16/src/Tools/pixbuf-cache.h
Examining data/gmpc-11.8.16/src/Tools/setup-assistant.c
Examining data/gmpc-11.8.16/src/Tools/mm-keys.h
Examining data/gmpc-11.8.16/src/Tools/setup-assistant.h
Examining data/gmpc-11.8.16/src/Tools/mm-keys.c
Examining data/gmpc-11.8.16/src/Tools/gmpc-database-update-tracker.c
Examining data/gmpc-11.8.16/src/Tools/ipc.h
Examining data/gmpc-11.8.16/src/Tools/gmpc_easy_download.h
Examining data/gmpc-11.8.16/src/Tools/bug-information.h
Examining data/gmpc-11.8.16/src/Tools/gmpc-liststore-sort.c
Examining data/gmpc-11.8.16/src/Tools/gmpc-metadata-prefetcher.c
Examining data/gmpc-11.8.16/src/Tools/misc.c
Examining data/gmpc-11.8.16/src/Tools/log.c
Examining data/gmpc-11.8.16/src/Tools/bug-information.c
Examining data/gmpc-11.8.16/src/Tools/mpdinteraction.c
Examining data/gmpc-11.8.16/src/Tools/plugin-man.c
Examining data/gmpc-11.8.16/src/config1.c
Examining data/gmpc-11.8.16/src/playlist3.h
Examining data/gmpc-11.8.16/src/MetaData/metadata-cache.h
Examining data/gmpc-11.8.16/src/MetaData/metadata.h
Examining data/gmpc-11.8.16/src/MetaData/metadata.c
Examining data/gmpc-11.8.16/src/MetaData/metadata-cache.c
Examining data/gmpc-11.8.16/src/MetaData/metadata-cache-sqlite.c
Examining data/gmpc-11.8.16/src/MetaData/metadata-cache-sqlite.h
Examining data/gmpc-11.8.16/src/preferences.h
Examining data/gmpc-11.8.16/src/config-defaults.h
Examining data/gmpc-11.8.16/src/gmpc-extras.h
Examining data/gmpc-11.8.16/src/options.h
Examining data/gmpc-11.8.16/src/options.c
Examining data/gmpc-11.8.16/src/Plugins/extraplaylist.c
Examining data/gmpc-11.8.16/src/egg/eggcolumnmodel.c
Examining data/gmpc-11.8.16/src/egg/eggcolumnmodel.h
Examining data/gmpc-11.8.16/src/egg/eggcolumnchooserdialog.c
Examining data/gmpc-11.8.16/src/egg/eggcolumnchooserdialog.h
Examining data/gmpc-11.8.16/src/internal-plugins.h
Examining data/gmpc-11.8.16/src/plugin.h
Examining data/gmpc-11.8.16/src/main.c
Examining data/gmpc-11.8.16/src/playlist3.c
Examining data/gmpc-11.8.16/src/tray-icon2.c
Examining data/gmpc-11.8.16/test/DiscoGS/test.c
Examining data/gmpc-11.8.16/test/LastFM/test.c
Examining data/gmpc-11.8.16/test/config/read_conf.c
Examining data/gmpc-11.8.16/test/AsyncImage/async_image_test.c
Examining data/gmpc-11.8.16/test/Misc/misc_test.c
Examining data/gmpc-11.8.16/test/MetaDataCache/mtc_test.c
Examining data/gmpc-11.8.16/test/PixbufCache/pixbuf_cache_test.c
Examining data/gmpc-11.8.16/test/GmpcEasyDownload/ged.c
Examining data/gmpc-11.8.16/test/MpdDataModel/mpd_data_model.c
FINAL RESULTS:
data/gmpc-11.8.16/src/config1.c:447:9: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(cfgo->url, 0600);
data/gmpc-11.8.16/src/Providers/DiscoGS.c:285:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(furl,1024,DISCOGS_API_ROOT"release%s?f=xml&api_key=%s",
data/gmpc-11.8.16/src/Providers/DiscoGS.c:322:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(furl,1024,DISCOGS_API_ROOT"release%s?f=xml&api_key=%s",
data/gmpc-11.8.16/src/Providers/DiscoGS.c:343:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(furl,1024,DISCOGS_API_ROOT"search?type=all&f=xml&q=%s%%20%s&api_key=%s",
data/gmpc-11.8.16/src/Providers/DiscoGS.c:526:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(furl,1024,
data/gmpc-11.8.16/src/Providers/LastFM.c:741:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(furl,1024,LASTFM_API_ROOT"?method=artist.getImages&artist=%s&api_key=%s", artist,LASTFM_API_KEY);
data/gmpc-11.8.16/src/Providers/LastFM.c:757:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(furl,1024,LASTFM_API_ROOT"?method=album.getinfo&artist=%s&album=%s&api_key=%s", artist,album,LASTFM_API_KEY);
data/gmpc-11.8.16/src/Providers/LastFM.c:775:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(furl,1024,LASTFM_API_ROOT"?method=album.getinfo&artist=%s&album=%s&api_key=%s", artist,album,LASTFM_API_KEY);
data/gmpc-11.8.16/src/Providers/LastFM.c:794:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(furl,1024, LASTFM_API_ROOT"?method=artist.getinfo&artist=%s&api_key=%s", artist,LASTFM_API_KEY);
data/gmpc-11.8.16/src/Providers/LastFM.c:810:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(furl,1024,LASTFM_API_ROOT"?method=artist.getsimilar&artist=%s&api_key=%s", artist,LASTFM_API_KEY);
data/gmpc-11.8.16/src/Providers/LastFM.c:843:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(furl,1024,LASTFM_API_ROOT"?method=track.getsimilar&artist=%s&track=%s&api_key=%s", artist,title,LASTFM_API_KEY);
data/gmpc-11.8.16/src/main.c:1091:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(GMPC_COPYRIGHT "\n\n");
data/gmpc-11.8.16/src/Tools/url-fetcher.c:205:25: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
const gchar *tempdir = g_get_tmp_dir();
data/gmpc-11.8.16/src/browsers/playlist3-tag2-browser.c:1463:38: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
gchar *name = g_strdup_printf("%u", g_random_int());
data/gmpc-11.8.16/src/egg/eggcolumnmodel.c:304:22: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
model->stamp = g_random_int ();
data/gmpc-11.8.16/src/GUI/cmd.c:273:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512];
data/gmpc-11.8.16/src/GUI/title_header.c:130:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/gmpc-11.8.16/src/Providers/DiscoGS.c:281:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char furl[1024];
data/gmpc-11.8.16/src/Providers/DiscoGS.c:313:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char furl[1024];
data/gmpc-11.8.16/src/Providers/DiscoGS.c:338:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char furl[1024];
data/gmpc-11.8.16/src/Providers/DiscoGS.c:496:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char furl[1024];
data/gmpc-11.8.16/src/Providers/DiscoGS.c:525:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char furl[1024];
data/gmpc-11.8.16/src/Providers/LastFM.c:735:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char furl[1024];
data/gmpc-11.8.16/src/Providers/LastFM.c:750:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char furl[1024];
data/gmpc-11.8.16/src/Providers/LastFM.c:768:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char furl[1024];
data/gmpc-11.8.16/src/Providers/LastFM.c:788:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char furl[1024];
data/gmpc-11.8.16/src/Providers/LastFM.c:804:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char furl[1024];
data/gmpc-11.8.16/src/Providers/LastFM.c:836:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char furl[1024];
data/gmpc-11.8.16/src/Providers/RenderCover.c:203:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&_data36_->data[_data36_->len], imgdata, (gsize) imgdata_length1);
data/gmpc-11.8.16/src/Tools/gmpc_easy_download.c:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gz_magic[2] = { 0x1f, 0x8b };
data/gmpc-11.8.16/src/Tools/misc.c:356:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
retv[i] = atoi(sp[i]);
data/gmpc-11.8.16/src/Tools/misc.c:488:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int compv = atoi(a->song->date) - atoi(b->song->date);
data/gmpc-11.8.16/src/Tools/misc.c:488:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int compv = atoi(a->song->date) - atoi(b->song->date);
data/gmpc-11.8.16/src/Tools/misc.c:524:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int compv = atoi(a->song->track) - atoi(b->song->track);
data/gmpc-11.8.16/src/Tools/misc.c:524:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int compv = atoi(a->song->track) - atoi(b->song->track);
data/gmpc-11.8.16/src/Tools/mm-keys.c:72:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *keynames[LAST_SIGNAL] = {
data/gmpc-11.8.16/src/Tools/mpd-easy-commands.c:102:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
volume += atoi(param);
data/gmpc-11.8.16/src/Tools/mpd-easy-commands.c:206:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(fields[j]) + i * 60;
data/gmpc-11.8.16/src/Tools/url-fetcher.c:441:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX_PLAYLIST_SIZE];
data/gmpc-11.8.16/src/Widgets/playlist3-messages.c:35:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *error_levels[4] = {
data/gmpc-11.8.16/src/browsers/gmpc-metadata-browser2.c:4759:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GtkButton* open;
data/gmpc-11.8.16/src/browsers/gmpc-metadata-browser2.c:4784:46: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gtk_widget_set_tooltip_text ((GtkWidget*) open, _tmp3_);
data/gmpc-11.8.16/src/browsers/gmpc-metadata-browser2.c:4787:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gtk_container_add ((GtkContainer*) open, (GtkWidget*) _tmp5_);
data/gmpc-11.8.16/src/browsers/gmpc-metadata-browser2.c:4789:63: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gtk_box_pack_start ((GtkBox*) _data18_->hbox, (GtkWidget*) open, FALSE, FALSE, (guint) 0);
data/gmpc-11.8.16/src/browsers/gmpc-metadata-browser2.c:4790:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
g_signal_connect_data (open, "clicked", (GCallback) __lambda63__gtk_button_clicked, block25_data_ref (_data25_), (GClosureNotify) block25_data_unref, 0);
data/gmpc-11.8.16/src/browsers/gmpc-metadata-browser2.c:4817:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_g_object_unref0 (open);
data/gmpc-11.8.16/src/browsers/playlist3-current-playlist-browser.c:962:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[10];
data/gmpc-11.8.16/src/browsers/playlist3-file-browser.c:605:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gboolean open;
data/gmpc-11.8.16/src/browsers/playlist3-file-browser.c:606:95: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gtk_tree_model_get(GTK_TREE_MODEL(pl3_fb_dir_store), iter, PL3_FB_PATH, &path, PL3_FB_OPEN, &open, -1);
data/gmpc-11.8.16/src/browsers/playlist3-tag2-browser.c:463:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[2];
data/gmpc-11.8.16/src/config1.c:90:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/gmpc-11.8.16/src/playlist3.c:1604:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/gmpc-11.8.16/src/playlist3.c:1681:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, " (");
data/gmpc-11.8.16/src/playlist3.c:1682:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, _("paused"));
data/gmpc-11.8.16/src/smclient/eggsmclient-xsmp.c:210:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pid_str[64];
data/gmpc-11.8.16/src/smclient/eggsmclient-xsmp.c:321:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_string_ret[256];
data/gmpc-11.8.16/src/smclient/eggsmclient-xsmp.c:876:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (state_file_path, O_WRONLY | O_CREAT | O_EXCL, 0644);
data/gmpc-11.8.16/src/tray-icon2.c:694:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/gmpc-11.8.16/src/tray-icon2.c:911:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/gmpc-11.8.16/test/MpdDataModel/mpd_data_model.c:117:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_assert_cmpint(atoi(pos), ==, j);
data/gmpc-11.8.16/src/GUI/cmd.c:276:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(buffer[strlen(buffer)-1] == '\n') buffer[strlen(buffer)-1] = '\0';
data/gmpc-11.8.16/src/GUI/cmd.c:276:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(buffer[strlen(buffer)-1] == '\n') buffer[strlen(buffer)-1] = '\0';
data/gmpc-11.8.16/src/MetaData/metadata.c:160:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncasecmp(data2->song->file, dir, strlen(dir))==0)
data/gmpc-11.8.16/src/MetaData/metadata.c:205:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
edited->album = g_malloc0((strlen(album)+1)*sizeof(char));
data/gmpc-11.8.16/src/MetaData/metadata.c:206:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(album);
data/gmpc-11.8.16/src/MetaData/metadata.c:225:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
edited->title = g_malloc0((strlen(title)+1)*sizeof(char));
data/gmpc-11.8.16/src/MetaData/metadata.c:226:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(title);
data/gmpc-11.8.16/src/MetaData/metadata.c:950:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(input);
data/gmpc-11.8.16/src/Providers/ChartLyrics.c:287:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp8_ = strlen (lyric);
data/gmpc-11.8.16/src/Providers/DiscoGS.c:284:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(j=strlen(artist_uri); artist_uri[j] != '/' && j > 0; j--);
data/gmpc-11.8.16/src/Providers/DiscoGS.c:321:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(j=strlen(artist_uri); artist_uri[j] != '/' && j > 0; j--);
data/gmpc-11.8.16/src/Providers/music-tree.c:369:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp4_ = strlen (directory);
data/gmpc-11.8.16/src/Tools/misc.c:603:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(string);
data/gmpc-11.8.16/src/Tools/mpd-easy-commands.c:95:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(param) > 0 && current_volume >= 0)
data/gmpc-11.8.16/src/Tools/pixbuf-cache.c:118:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(key);
data/gmpc-11.8.16/src/Tools/url-fetcher.c:293:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(handlers[i], scheme, strlen(handlers[i] - 3)) == 0)
data/gmpc-11.8.16/src/Tools/url-fetcher.c:518:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(url) > 0 && (G_IS_DIR_SEPARATOR(url[0]) || url_validate_url(url)));
data/gmpc-11.8.16/src/Widgets/gmpc-progress.c:220:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp17_ = strlen (a);
data/gmpc-11.8.16/src/Widgets/gmpc-progress.c:224:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp18_ = strlen (a);
data/gmpc-11.8.16/src/Widgets/gmpc-progress.c:449:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp17_ = strlen (a);
data/gmpc-11.8.16/src/Widgets/gmpc-progress.c:453:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp18_ = strlen (a);
data/gmpc-11.8.16/src/Widgets/gmpc-song-list.c:190:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp5_ = strlen (song->albumartist);
data/gmpc-11.8.16/src/Widgets/gmpc-song-list.c:622:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp11_ = strlen (iter->song->albumartist);
data/gmpc-11.8.16/src/browsers/gmpc-metadata-browser2.c:792:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp3_ = strlen (text);
data/gmpc-11.8.16/src/browsers/gmpc-metadata-browser2.c:1152:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp5_ = strlen (ydata->tag);
data/gmpc-11.8.16/src/browsers/gmpc-metadata-browser2.c:1165:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp8_ = strlen (albumartist);
data/gmpc-11.8.16/src/browsers/gmpc-metadata-browser2.c:1373:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp4_ = strlen (text);
data/gmpc-11.8.16/src/browsers/gmpc-metadata-browser2.c:2136:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp11_ = strlen (yi->tag);
data/gmpc-11.8.16/src/browsers/gmpc-metadata-browser2.c:2214:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp5_ = strlen (ydata->tag);
data/gmpc-11.8.16/src/browsers/gmpc-metadata-browser2.c:2227:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp8_ = strlen (albumartist);
data/gmpc-11.8.16/src/browsers/gmpc-metadata-browser2.c:2312:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp6_ = strlen (ydata->tag);
data/gmpc-11.8.16/src/browsers/gmpc-metadata-browser2.c:2325:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp9_ = strlen (albumartist);
data/gmpc-11.8.16/src/browsers/gmpc-metadata-browser2.c:3866:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp3_ = strlen (ydata->tag);
data/gmpc-11.8.16/src/browsers/gmpc-metadata-browser2.c:3879:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp6_ = strlen (albumartist);
data/gmpc-11.8.16/src/browsers/gmpc-metadata-browser2.c:5297:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp78_ = strlen (_data24_->but_song->date);
data/gmpc-11.8.16/src/browsers/gmpc-metadata-browser2.c:6629:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp2_ = strlen (self);
data/gmpc-11.8.16/src/browsers/gmpc-metadata-browser2.c:6656:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp0_ = strlen (path);
data/gmpc-11.8.16/src/browsers/gmpc-nowplaying2.c:697:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp2_ = strlen (self);
data/gmpc-11.8.16/src/browsers/gmpc-nowplaying2.c:724:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp0_ = strlen (path);
data/gmpc-11.8.16/src/browsers/gmpc-nowplaying2.c:2463:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp203_ = strlen (iter->song->date);
data/gmpc-11.8.16/src/browsers/playlist3-current-playlist-browser.c:298:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text2) > 0)
data/gmpc-11.8.16/src/browsers/playlist3-current-playlist-browser.c:327:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) == 0)
data/gmpc-11.8.16/src/browsers/playlist3-current-playlist-browser.c:1008:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) != 0 && mpd_check_connected(connection))
data/gmpc-11.8.16/src/browsers/playlist3-playlist-editor.c:627:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gtk_entry_get_text(entry)) > 0)
data/gmpc-11.8.16/src/browsers/playlist3-playlist-editor.c:639:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gtk_entry_get_text(entry)) > 0)
data/gmpc-11.8.16/src/browsers/playlist3-tag2-browser.c:433:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) == 0)
data/gmpc-11.8.16/src/browsers/playlist3-tag2-browser.c:588:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gtk_entry_get_text(GTK_ENTRY(te_i->sentry))) > 0)
data/gmpc-11.8.16/src/browsers/playlist3-tag2-browser.c:846:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gtk_entry_get_text(GTK_ENTRY(te->sentry))) == 0)
data/gmpc-11.8.16/src/config1.c:95:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(fp)) != EOF)
data/gmpc-11.8.16/src/config1.c:100:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/gmpc-11.8.16/src/config1.c:105:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/gmpc-11.8.16/src/config1.c:117:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/gmpc-11.8.16/src/config1.c:122:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/gmpc-11.8.16/src/config1.c:127:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/gmpc-11.8.16/src/config1.c:148:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/gmpc-11.8.16/src/config1.c:155:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/gmpc-11.8.16/src/config1.c:164:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/gmpc-11.8.16/src/config1.c:179:29: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(fp)) == ' ') ;
data/gmpc-11.8.16/src/config1.c:184:25: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/gmpc-11.8.16/src/config1.c:191:29: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/gmpc-11.8.16/src/config1.c:210:25: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/gmpc-11.8.16/src/config1.c:225:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/gmpc-11.8.16/src/config1.c:228:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/gmpc-11.8.16/src/config1.c:249:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cfgo->total_size = sizeof(config_obj) + strlen(cfgo->url);
data/gmpc-11.8.16/src/config1.c:278:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cfgo->total_size -= strlen(cfgo->url);
data/gmpc-11.8.16/src/config1.c:310:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cfg->total_size += sizeof(config_node) + strlen(class);
data/gmpc-11.8.16/src/config1.c:396:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = (temp->value) ? strlen(temp->value) : 0;
data/gmpc-11.8.16/src/config1.c:709:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cfg->total_size -= strlen(node->name);
data/gmpc-11.8.16/src/config1.c:714:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cfg->total_size -= strlen(node->value);
data/gmpc-11.8.16/src/config1.c:773:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cfg->total_size += sizeof(config_node) + strlen(key);
data/gmpc-11.8.16/src/config1.c:778:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(newnode->value) == strlen(value)
data/gmpc-11.8.16/src/config1.c:778:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(newnode->value) == strlen(value)
data/gmpc-11.8.16/src/config1.c:779:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& !memcmp(newnode->value, value, strlen(newnode->value))))
data/gmpc-11.8.16/src/config1.c:787:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cfg->total_size -= strlen(newnode->value);
data/gmpc-11.8.16/src/config1.c:793:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cfg->total_size += strlen(value);
data/gmpc-11.8.16/src/playlist3.c:1678:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mpd_song_markup(buffer, 1024 - strlen(_("paused") - 4),
data/gmpc-11.8.16/src/playlist3.c:1683:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buffer, ")");
data/gmpc-11.8.16/src/playlist3.c:1967:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(revision))
data/gmpc-11.8.16/src/plugin.c:540:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(plug->path, homedir, strlen(homedir)) == 0)
data/gmpc-11.8.16/src/smclient/eggsmclient-xsmp.c:1154:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pv.length = strlen (value);
data/gmpc-11.8.16/src/smclient/eggsmclient-xsmp.c:1187:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pv.length = strlen (values->pdata[i]);
data/gmpc-11.8.16/src/smclient/eggsmclient-xsmp.c:1216:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prop->vals[0].length = strlen (value);
data/gmpc-11.8.16/src/vala/gmpc-easy-command.c:186:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp2_ = strlen (self);
data/gmpc-11.8.16/src/vala/gmpc-easy-command.c:229:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp2_ = strlen (key);
data/gmpc-11.8.16/src/vala/gmpc-easy-command.c:230:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp3_ = strlen (value);
data/gmpc-11.8.16/src/vala/gmpc-easy-command.c:236:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp4_ = strlen (key);
data/gmpc-11.8.16/src/vala/gmpc-easy-command.c:251:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp10_ = strlen (pattern);
data/gmpc-11.8.16/src/vala/gmpc-easy-command.c:406:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp0_ = strlen (value_unsplit);
data/gmpc-11.8.16/src/vala/gmpc-easy-command.c:481:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp12_ = strlen (value);
data/gmpc-11.8.16/src/vala/gmpc-easy-command.c:482:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp13_ = strlen (name);
data/gmpc-11.8.16/src/vala/gmpc-easy-command.c:486:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp14_ = strlen (name);
ANALYSIS SUMMARY:
Hits = 151
Lines analyzed = 64481 in approximately 3.22 seconds (20052 lines/second)
Physical Source Lines of Code (SLOC) = 51383
Hits@level = [0] 49 [1] 91 [2] 45 [3] 3 [4] 11 [5] 1
Hits@level+ = [0+] 200 [1+] 151 [2+] 60 [3+] 15 [4+] 12 [5+] 1
Hits/KSLOC@level+ = [0+] 3.89234 [1+] 2.93872 [2+] 1.1677 [3+] 0.291925 [4+] 0.23354 [5+] 0.0194617
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.