Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gobject-introspection-1.66.1/examples/girepository/glib-print.c
Examining data/gobject-introspection-1.66.1/examples/library/gi-sample.c
Examining data/gobject-introspection-1.66.1/examples/library/gi-sample.h
Examining data/gobject-introspection-1.66.1/gir/gio-2.0.c
Examining data/gobject-introspection-1.66.1/gir/glib-2.0.c
Examining data/gobject-introspection-1.66.1/gir/gmodule-2.0.c
Examining data/gobject-introspection-1.66.1/gir/gobject-2.0.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/bdz.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/bdz.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/bdz_gen_lookup_table.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/bdz_ph.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/bdz_ph.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/bdz_structs.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/bdz_structs_ph.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/bitbool.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/bmz.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/bmz.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/bmz8.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/bmz8.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/bmz8_structs.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/bmz_structs.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/brz.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/brz.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/brz_structs.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/buffer_entry.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/buffer_entry.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/buffer_manage.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/buffer_manage.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/buffer_manager.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/buffer_manager.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/chd.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/chd.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/chd_ph.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/chd_ph.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/chd_structs.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/chd_structs_ph.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/chm.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/chm.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/chm_structs.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/cmph.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/cmph.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/cmph_structs.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/cmph_structs.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/cmph_time.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/cmph_types.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/compressed_rank.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/compressed_rank.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/compressed_seq.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/compressed_seq.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/debug.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/djb2_hash.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/djb2_hash.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/fch.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/fch.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/fch_buckets.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/fch_buckets.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/fch_structs.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/fnv_hash.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/fnv_hash.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/graph.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/graph.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/hash.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/hash.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/hash_state.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/hashtree.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/hashtree.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/hashtree_structs.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/jenkins_hash.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/jenkins_hash.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/main.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/miller_rabin.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/miller_rabin.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/sdbm_hash.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/sdbm_hash.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/select.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/select.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/select_lookup_tables.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/vqueue.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/vqueue.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/vstack.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/vstack.h
Examining data/gobject-introspection-1.66.1/girepository/cmph/wingetopt.c
Examining data/gobject-introspection-1.66.1/girepository/cmph/wingetopt.h
Examining data/gobject-introspection-1.66.1/girepository/cmph-bdz-test.c
Examining data/gobject-introspection-1.66.1/girepository/docs.c
Examining data/gobject-introspection-1.66.1/girepository/gdump.c
Examining data/gobject-introspection-1.66.1/girepository/gi-dump-types.c
Examining data/gobject-introspection-1.66.1/girepository/giarginfo.c
Examining data/gobject-introspection-1.66.1/girepository/giarginfo.h
Examining data/gobject-introspection-1.66.1/girepository/gibaseinfo.c
Examining data/gobject-introspection-1.66.1/girepository/gibaseinfo.h
Examining data/gobject-introspection-1.66.1/girepository/gicallableinfo.c
Examining data/gobject-introspection-1.66.1/girepository/gicallableinfo.h
Examining data/gobject-introspection-1.66.1/girepository/giconstantinfo.c
Examining data/gobject-introspection-1.66.1/girepository/giconstantinfo.h
Examining data/gobject-introspection-1.66.1/girepository/gienuminfo.c
Examining data/gobject-introspection-1.66.1/girepository/gienuminfo.h
Examining data/gobject-introspection-1.66.1/girepository/gifieldinfo.c
Examining data/gobject-introspection-1.66.1/girepository/gifieldinfo.h
Examining data/gobject-introspection-1.66.1/girepository/gifunctioninfo.c
Examining data/gobject-introspection-1.66.1/girepository/gifunctioninfo.h
Examining data/gobject-introspection-1.66.1/girepository/giinterfaceinfo.c
Examining data/gobject-introspection-1.66.1/girepository/giinterfaceinfo.h
Examining data/gobject-introspection-1.66.1/girepository/ginvoke.c
Examining data/gobject-introspection-1.66.1/girepository/giobjectinfo.c
Examining data/gobject-introspection-1.66.1/girepository/giobjectinfo.h
Examining data/gobject-introspection-1.66.1/girepository/gipropertyinfo.c
Examining data/gobject-introspection-1.66.1/girepository/gipropertyinfo.h
Examining data/gobject-introspection-1.66.1/girepository/giregisteredtypeinfo.c
Examining data/gobject-introspection-1.66.1/girepository/giregisteredtypeinfo.h
Examining data/gobject-introspection-1.66.1/girepository/girepository-private.h
Examining data/gobject-introspection-1.66.1/girepository/girepository.h
Examining data/gobject-introspection-1.66.1/girepository/girffi.c
Examining data/gobject-introspection-1.66.1/girepository/girffi.h
Examining data/gobject-introspection-1.66.1/girepository/girmodule.c
Examining data/gobject-introspection-1.66.1/girepository/girmodule.h
Examining data/gobject-introspection-1.66.1/girepository/girnode.c
Examining data/gobject-introspection-1.66.1/girepository/girnode.h
Examining data/gobject-introspection-1.66.1/girepository/giroffsets.c
Examining data/gobject-introspection-1.66.1/girepository/girparser.c
Examining data/gobject-introspection-1.66.1/girepository/girparser.h
Examining data/gobject-introspection-1.66.1/girepository/girwriter.c
Examining data/gobject-introspection-1.66.1/girepository/girwriter.h
Examining data/gobject-introspection-1.66.1/girepository/gisignalinfo.c
Examining data/gobject-introspection-1.66.1/girepository/gisignalinfo.h
Examining data/gobject-introspection-1.66.1/girepository/gistructinfo.c
Examining data/gobject-introspection-1.66.1/girepository/gistructinfo.h
Examining data/gobject-introspection-1.66.1/girepository/gitypeinfo.c
Examining data/gobject-introspection-1.66.1/girepository/gitypeinfo.h
Examining data/gobject-introspection-1.66.1/girepository/gitypelib-internal.h
Examining data/gobject-introspection-1.66.1/girepository/gitypelib.c
Examining data/gobject-introspection-1.66.1/girepository/gitypelib.h
Examining data/gobject-introspection-1.66.1/girepository/gitypes.h
Examining data/gobject-introspection-1.66.1/girepository/giunioninfo.c
Examining data/gobject-introspection-1.66.1/girepository/giunioninfo.h
Examining data/gobject-introspection-1.66.1/girepository/giversion.c
Examining data/gobject-introspection-1.66.1/girepository/giversionmacros.h
Examining data/gobject-introspection-1.66.1/girepository/givfuncinfo.c
Examining data/gobject-introspection-1.66.1/girepository/givfuncinfo.h
Examining data/gobject-introspection-1.66.1/girepository/gthash-test.c
Examining data/gobject-introspection-1.66.1/girepository/gthash.c
Examining data/gobject-introspection-1.66.1/girepository/girepository.c
Examining data/gobject-introspection-1.66.1/giscanner/giscannermodule.c
Examining data/gobject-introspection-1.66.1/giscanner/sourcescanner.c
Examining data/gobject-introspection-1.66.1/giscanner/sourcescanner.h
Examining data/gobject-introspection-1.66.1/tests/gimarshallingtests.c
Examining data/gobject-introspection-1.66.1/tests/gimarshallingtests.h
Examining data/gobject-introspection-1.66.1/tests/gitestmacros.h
Examining data/gobject-introspection-1.66.1/tests/offsets/gitestoffsets.c
Examining data/gobject-introspection-1.66.1/tests/offsets/offsets.c
Examining data/gobject-introspection-1.66.1/tests/offsets/offsets.h
Examining data/gobject-introspection-1.66.1/tests/repository/gitestrepo.c
Examining data/gobject-introspection-1.66.1/tests/repository/giteststructinfo.c
Examining data/gobject-introspection-1.66.1/tests/repository/gitestthrows.c
Examining data/gobject-introspection-1.66.1/tests/repository/gitypelibtest.c
Examining data/gobject-introspection-1.66.1/tests/scanner/annotation.c
Examining data/gobject-introspection-1.66.1/tests/scanner/annotation.h
Examining data/gobject-introspection-1.66.1/tests/scanner/barapp.c
Examining data/gobject-introspection-1.66.1/tests/scanner/barapp.h
Examining data/gobject-introspection-1.66.1/tests/scanner/drawable.c
Examining data/gobject-introspection-1.66.1/tests/scanner/drawable.h
Examining data/gobject-introspection-1.66.1/tests/scanner/foo.c
Examining data/gobject-introspection-1.66.1/tests/scanner/foo.h
Examining data/gobject-introspection-1.66.1/tests/scanner/gettype.c
Examining data/gobject-introspection-1.66.1/tests/scanner/gettype.h
Examining data/gobject-introspection-1.66.1/tests/scanner/gtkfrob.c
Examining data/gobject-introspection-1.66.1/tests/scanner/gtkfrob.h
Examining data/gobject-introspection-1.66.1/tests/scanner/headeronly.h
Examining data/gobject-introspection-1.66.1/tests/scanner/identfilter.h
Examining data/gobject-introspection-1.66.1/tests/scanner/regress.c
Examining data/gobject-introspection-1.66.1/tests/scanner/regress.h
Examining data/gobject-introspection-1.66.1/tests/scanner/sletter.c
Examining data/gobject-introspection-1.66.1/tests/scanner/sletter.h
Examining data/gobject-introspection-1.66.1/tests/scanner/symbolfilter.h
Examining data/gobject-introspection-1.66.1/tests/scanner/typedefs.c
Examining data/gobject-introspection-1.66.1/tests/scanner/typedefs.h
Examining data/gobject-introspection-1.66.1/tests/scanner/utility.c
Examining data/gobject-introspection-1.66.1/tests/scanner/utility.h
Examining data/gobject-introspection-1.66.1/tests/scanner/warnlib.c
Examining data/gobject-introspection-1.66.1/tests/scanner/warnlib.h
Examining data/gobject-introspection-1.66.1/tests/warn/annotationparser.h
Examining data/gobject-introspection-1.66.1/tests/warn/callback-invalid-scope.h
Examining data/gobject-introspection-1.66.1/tests/warn/callback-missing-scope.h
Examining data/gobject-introspection-1.66.1/tests/warn/common.h
Examining data/gobject-introspection-1.66.1/tests/warn/invalid-allow-none.h
Examining data/gobject-introspection-1.66.1/tests/warn/invalid-array.h
Examining data/gobject-introspection-1.66.1/tests/warn/invalid-closure.h
Examining data/gobject-introspection-1.66.1/tests/warn/invalid-constructor.h
Examining data/gobject-introspection-1.66.1/tests/warn/invalid-element-type.h
Examining data/gobject-introspection-1.66.1/tests/warn/invalid-method.h
Examining data/gobject-introspection-1.66.1/tests/warn/invalid-nullable.h
Examining data/gobject-introspection-1.66.1/tests/warn/invalid-option.h
Examining data/gobject-introspection-1.66.1/tests/warn/invalid-optional.h
Examining data/gobject-introspection-1.66.1/tests/warn/invalid-out.h
Examining data/gobject-introspection-1.66.1/tests/warn/invalid-return.h
Examining data/gobject-introspection-1.66.1/tests/warn/invalid-transfer.h
Examining data/gobject-introspection-1.66.1/tests/warn/missing-element-type.h
Examining data/gobject-introspection-1.66.1/tests/warn/return-gobject.h
Examining data/gobject-introspection-1.66.1/tests/warn/unknown-parameter.h
Examining data/gobject-introspection-1.66.1/tests/warn/unresolved-type.h
Examining data/gobject-introspection-1.66.1/tools/compiler.c
Examining data/gobject-introspection-1.66.1/tools/g-ir-inspect.c
Examining data/gobject-introspection-1.66.1/tools/generate.c
FINAL RESULTS:
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:88:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf((char *)(brz->tmp_dir), "%s/", (char *)tmp_dir);
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:93:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf((char *)(brz->tmp_dir), "%s", (char *)tmp_dir);
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:284:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s%u.cmph",brz->tmp_dir, nflushes);
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:346:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s%u.cmph",brz->tmp_dir, nflushes);
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:392:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s%u.cmph",brz->tmp_dir, i);
data/gobject-introspection-1.66.1/girepository/cmph/cmph.c:116:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*key, keys_vd[cmph_vector->position]);
data/gobject-introspection-1.66.1/girepository/cmph/debug.h:32:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, f, ap);
data/gobject-introspection-1.66.1/girepository/cmph/debug.h:45:77: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DEBUGP(args...) do { fprintf(stderr, "%s:%d ", __FILE__, __LINE__); fprintf(stderr, ## args); } while(0)
data/gobject-introspection-1.66.1/girepository/girnode.c:2366:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((gchar*)&data[start], str);
data/gobject-introspection-1.66.1/girepository/cmph/main.c:91:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
char ch = (char)getopt(argc, argv, "hVvgc:k:a:M:b:t:f:m:d:s:");
data/gobject-introspection-1.66.1/girepository/cmph/main.c:228:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/gobject-introspection-1.66.1/girepository/cmph/wingetopt.c:84:5: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt(int argc, char *argv[], char *opstring)
data/gobject-introspection-1.66.1/girepository/cmph/wingetopt.h:18:6: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt(int argc, char *argv[], char *opstring);
data/gobject-introspection-1.66.1/girepository/cmph/bdz.c:676:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, data->ranktable, sizeof(cmph_uint32)*(data->ranktablesize));
data/gobject-introspection-1.66.1/girepository/cmph/bdz.c:684:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, data->g, sizeof(cmph_uint8)*sizeg);
data/gobject-introspection-1.66.1/girepository/cmph/bdz_gen_lookup_table.c:13:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(argv[1]);
data/gobject-introspection-1.66.1/girepository/cmph/bdz_gen_lookup_table.c:14:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int wordsize = (atoi(argv[2]) >> 1);
data/gobject-introspection-1.66.1/girepository/cmph/bdz_ph.c:579:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, data->g, sizeof(cmph_uint8)*sizeg);
data/gobject-introspection-1.66.1/girepository/cmph/bmz.c:591:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, data->g, sizeof(cmph_uint32)*data->n);
data/gobject-introspection-1.66.1/girepository/cmph/bmz8.c:599:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, data->g, sizeof(cmph_uint8)*data->n);
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:46:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)(brz->tmp_dir), "/var/tmp/");
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:285:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmp_fd = fopen(filename, "wb");
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:300:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + memory_usage, &keylen, sizeof(keylen));
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:301:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + memory_usage + sizeof(keylen), key, (size_t)keylen);
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:347:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmp_fd = fopen(filename, "wb");
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:537:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &buflenh1, sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:538:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+sizeof(cmph_uint32), bufh1, (size_t)buflenh1);
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:539:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+sizeof(cmph_uint32)+buflenh1, &buflenh2, sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:540:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+2*sizeof(cmph_uint32)+buflenh1, bufh2, (size_t)buflenh2);
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:541:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
for (i = 0; i < n; i++) memcpy(buf+2*sizeof(cmph_uint32)+buflenh1+buflenh2+i,(fchf->g + i), (size_t)1);
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:558:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &buflenh1, sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:559:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+sizeof(cmph_uint32), bufh1, (size_t)buflenh1);
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:560:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+sizeof(cmph_uint32)+buflenh1, &buflenh2, sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:561:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+2*sizeof(cmph_uint32)+buflenh1, bufh2, (size_t)buflenh2);
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:562:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+2*sizeof(cmph_uint32)+buflenh1+buflenh2,bmzf->g, (size_t)n);
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:762:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &(data->algo), sizeof(data->algo));
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:767:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &h0_type, sizeof(h0_type));
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:775:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &(data->k), sizeof(data->k));
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:784:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &h1_type, sizeof(h1_type));
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:789:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &h2_type, sizeof(h2_type));
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:793:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, data->size, sizeof(cmph_uint8)*data->k);
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:797:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, data->offset, sizeof(cmph_uint32)*data->k);
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:834:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g_i, data->g[i], sizeof(cmph_uint8)*n);
data/gobject-introspection-1.66.1/girepository/cmph/buffer_entry.c:32:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer_entry->fd = fopen(filename, "rb");
data/gobject-introspection-1.66.1/girepository/cmph/buffer_entry.c:69:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (copied_bytes != 0) memcpy(keylen, buffer_entry->buff + buffer_entry->pos, (size_t)copied_bytes);
data/gobject-introspection-1.66.1/girepository/cmph/buffer_entry.c:72:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(keylen + copied_bytes, buffer_entry->buff + buffer_entry->pos, (size_t)lacked_bytes);
data/gobject-introspection-1.66.1/girepository/cmph/buffer_entry.c:78:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, keylen, sizeof(*keylen));
data/gobject-introspection-1.66.1/girepository/cmph/buffer_entry.c:83:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + sizeof(*keylen), buffer_entry->buff + buffer_entry->pos, (size_t)copied_bytes);
data/gobject-introspection-1.66.1/girepository/cmph/buffer_entry.c:87:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+sizeof(*keylen)+copied_bytes, buffer_entry->buff + buffer_entry->pos, (size_t)lacked_bytes);
data/gobject-introspection-1.66.1/girepository/cmph/chd.c:254:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr8, data->packed_cr, data->packed_cr_size);
data/gobject-introspection-1.66.1/girepository/cmph/chd.c:261:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr8, data->packed_chd_phf, data->packed_chd_phf_size);
data/gobject-introspection-1.66.1/girepository/cmph/chm.c:345:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, data->g, sizeof(cmph_uint32)*data->n);
data/gobject-introspection-1.66.1/girepository/cmph/cmph.c:63:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/gobject-introspection-1.66.1/girepository/cmph/cmph.c:68:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*key + *keylen, buf, strlen(buf));
data/gobject-introspection-1.66.1/girepository/cmph/cmph.c:86:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(keylen, keys_vd[cmph_vector->position], sizeof(*keylen));
data/gobject-introspection-1.66.1/girepository/cmph/cmph.c:89:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*key, keys_vd[cmph_vector->position] + sizeof(*keylen), size);
data/gobject-introspection-1.66.1/girepository/cmph/cmph.c:103:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*key, (keys_vd + (cmph_struct_vector->position * cmph_struct_vector->struct_size) + cmph_struct_vector->key_offset), size);
data/gobject-introspection-1.66.1/girepository/cmph/cmph.c:157:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/gobject-introspection-1.66.1/girepository/cmph/cmph_structs.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char algo_name[BUFSIZ];
data/gobject-introspection-1.66.1/girepository/cmph/compressed_rank.c:149:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buf, &(cr->max_val), sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/compressed_rank.c:153:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buf + pos, &(cr->n), sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/compressed_rank.c:157:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buf + pos, &(cr->rem_r), sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/compressed_rank.c:163:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buf + pos, &buflen_sel, sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/compressed_rank.c:167:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buf + pos, buf_sel, buflen_sel);
data/gobject-introspection-1.66.1/girepository/cmph/compressed_rank.c:181:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buf + pos, cr->vals_rems, vals_rems_size);
data/gobject-introspection-1.66.1/girepository/cmph/compressed_rank.c:203:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(cr->max_val), buf, sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/compressed_rank.c:207:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(cr->n), buf + pos, sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/compressed_rank.c:211:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(cr->rem_r), buf + pos, sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/compressed_rank.c:216:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buflen_sel, buf + pos, sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/compressed_rank.c:238:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cr->vals_rems, buf + pos, vals_rems_size);
data/gobject-introspection-1.66.1/girepository/cmph/compressed_rank.c:260:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cr_packed, buf, buflen);
data/gobject-introspection-1.66.1/girepository/cmph/compressed_seq.c:188:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buf, &(cs->n), sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/compressed_seq.c:192:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buf + pos, &(cs->rem_r), sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/compressed_seq.c:196:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buf + pos, &(cs->total_length), sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/compressed_seq.c:203:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buf + pos, &buflen_sel, sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/compressed_seq.c:207:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buf + pos, buf_sel, buflen_sel);
data/gobject-introspection-1.66.1/girepository/cmph/compressed_seq.c:220:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buf + pos, cs->length_rems, length_rems_size);
data/gobject-introspection-1.66.1/girepository/cmph/compressed_seq.c:230:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buf + pos, cs->store_table, store_table_size);
data/gobject-introspection-1.66.1/girepository/cmph/compressed_seq.c:252:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(cs->n), buf, sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/compressed_seq.c:256:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(cs->rem_r), buf + pos, sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/compressed_seq.c:260:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(cs->total_length), buf + pos, sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/compressed_seq.c:265:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buflen_sel, buf + pos, sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/compressed_seq.c:287:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cs->length_rems, buf + pos, length_rems_size);
data/gobject-introspection-1.66.1/girepository/cmph/compressed_seq.c:305:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cs->store_table, buf + pos, store_table_size);
data/gobject-introspection-1.66.1/girepository/cmph/compressed_seq.c:324:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cs_packed, buf, buflen);
data/gobject-introspection-1.66.1/girepository/cmph/debug.h:30:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(f, p, plen);
data/gobject-introspection-1.66.1/girepository/cmph/debug.h:31:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(f + plen, format, strlen(format) + 1);
data/gobject-introspection-1.66.1/girepository/cmph/fch.c:480:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, data->g, sizeof(cmph_uint32)*(data->b));
data/gobject-introspection-1.66.1/girepository/cmph/hash.c:67:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*buf = (char *)malloc(strlen(cmph_hash_names[state->hashfunc]) + 1 + *buflen);
data/gobject-introspection-1.66.1/girepository/cmph/hash.c:68:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buf, cmph_hash_names[state->hashfunc], strlen(cmph_hash_names[state->hashfunc]) + 1);
data/gobject-introspection-1.66.1/girepository/cmph/hash.c:71:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buf + strlen(cmph_hash_names[state->hashfunc]) + 1, algobuf, len);
data/gobject-introspection-1.66.1/girepository/cmph/jenkins_hash.c:229:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buf, &(state->seed), sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/jenkins_hash.c:261:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jenkins_packed, &(state->seed), sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/main.c:233:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mphf_file, keys_file, strlen(keys_file));
data/gobject-introspection-1.66.1/girepository/cmph/main.c:234:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mphf_file + strlen(keys_file), ".mph\0", (size_t)5);
data/gobject-introspection-1.66.1/girepository/cmph/main.c:237:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
keys_fd = fopen(keys_file, "r");
data/gobject-introspection-1.66.1/girepository/cmph/main.c:251:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mphf_fd = fopen(mphf_file, "w");
data/gobject-introspection-1.66.1/girepository/cmph/main.c:289:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mphf_fd = fopen(mphf_file, "r");
data/gobject-introspection-1.66.1/girepository/cmph/select.c:239:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buf, &(sel->n), sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/select.c:241:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buf + pos, &(sel->m), sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/select.c:243:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buf + pos, sel->bits_vec, vec_size);
data/gobject-introspection-1.66.1/girepository/cmph/select.c:245:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buf + pos, sel->select_table, sel_table_size);
data/gobject-introspection-1.66.1/girepository/cmph/select.c:257:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(sel->n), buf, sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/select.c:259:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(sel->m), buf + pos, sizeof(cmph_uint32));
data/gobject-introspection-1.66.1/girepository/cmph/select.c:278:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sel->bits_vec, buf + pos, vec_size);
data/gobject-introspection-1.66.1/girepository/cmph/select.c:280:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sel->select_table, buf + pos, sel_table_size);
data/gobject-introspection-1.66.1/girepository/cmph/select.c:298:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sel_packed, buf, buflen);
data/gobject-introspection-1.66.1/girepository/giconstantinfo.c:72:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((dest_addr), (src_addr), sizeof(type))
data/gobject-introspection-1.66.1/girepository/girmodule.c:386:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (header, G_IR_MAGIC, 16);
data/gobject-introspection-1.66.1/girepository/girnode.c:66:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest_addr, &tmp_var, sizeof(type)); \
data/gobject-introspection-1.66.1/girepository/girnode.c:2308:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&data[blob->offset], constant->value, blob->size);
data/gobject-introspection-1.66.1/girepository/girparser.c:727:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
introspectable = !(introspectable_arg && atoi (introspectable_arg) == 0) && shadowed_by == NULL;
data/gobject-introspection-1.66.1/girepository/girparser.c:1227:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
param->closure = closure ? atoi (closure) : -1;
data/gobject-introspection-1.66.1/girepository/girparser.c:1228:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
param->destroy = destroy ? atoi (destroy) : -1;
data/gobject-introspection-1.66.1/girepository/girparser.c:1345:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
field->bits = atoi (bits);
data/gobject-introspection-1.66.1/girepository/girparser.c:2011:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
typenode->length = typenode->has_length ? atoi (len) : -1;
data/gobject-introspection-1.66.1/girepository/girparser.c:2014:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
typenode->size = typenode->has_size ? atoi (size) : -1;
data/gobject-introspection-1.66.1/girepository/girparser.c:2499:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vfunc->offset = atoi (offset);
data/gobject-introspection-1.66.1/girepository/girparser.c:2673:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
= atoi (offset);
data/gobject-introspection-1.66.1/tests/gimarshallingtests.c:1741:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (retval, value, 12 * sizeof (gunichar));
data/gobject-introspection-1.66.1/tests/offsets/gitestoffsets.c:184:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = fopen (argv[1], "w");
data/gobject-introspection-1.66.1/tests/offsets/gitestoffsets.c:191:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = fopen (argv[2], "w");
data/gobject-introspection-1.66.1/tests/scanner/foo.h:434:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lines[80];
data/gobject-introspection-1.66.1/tests/scanner/regress.c:1218:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *table_data[3][2] = {
data/gobject-introspection-1.66.1/tests/scanner/regress.c:1935:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
boxed->some_int8 = atoi(s);
data/gobject-introspection-1.66.1/girepository/cmph/bdz.c:402:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mph->key_source->read(mph->key_source->data, &key, &keylen);
data/gobject-introspection-1.66.1/girepository/cmph/bdz_ph.c:367:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mph->key_source->read(mph->key_source->data, &key, &keylen);
data/gobject-introspection-1.66.1/girepository/cmph/bmz.c:423:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mph->key_source->read(mph->key_source->data, &key, &keylen);
data/gobject-introspection-1.66.1/girepository/cmph/bmz8.c:436:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mph->key_source->read(mph->key_source->data, &key, &keylen);
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:83:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((char *)tmp_dir);
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:251:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mph->key_source->read(mph->key_source->data, &key, &keylen);
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:283:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename = (char *)calloc(strlen((char *)(brz->tmp_dir)) + 11, sizeof(char));
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:345:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename = (char *)calloc(strlen((char *)(brz->tmp_dir)) + 11, sizeof(char));
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:372:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nbytes = fwrite(cmph_names[CMPH_BRZ], (size_t)(strlen(cmph_names[CMPH_BRZ]) + 1), (size_t)1, brz->mphf_fd);
data/gobject-introspection-1.66.1/girepository/cmph/brz.c:391:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename = (char *)calloc(strlen((char *)(brz->tmp_dir)) + 11, sizeof(char));
data/gobject-introspection-1.66.1/girepository/cmph/chd_ph.c:242:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mph->key_source->read(mph->key_source->data, &key, &keylen);
data/gobject-introspection-1.66.1/girepository/cmph/chm.c:181:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mph->key_source->read(mph->key_source->data, &key, &keylen);
data/gobject-introspection-1.66.1/girepository/cmph/cmph.c:67:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*key = (char *)realloc(*key, *keylen + strlen(buf) + 1);
data/gobject-introspection-1.66.1/girepository/cmph/cmph.c:68:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(*key + *keylen, buf, strlen(buf));
data/gobject-introspection-1.66.1/girepository/cmph/cmph.c:69:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*keylen += (cmph_uint32)strlen(buf);
data/gobject-introspection-1.66.1/girepository/cmph/cmph.c:70:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf[strlen(buf) - 1] != '\n') continue;
data/gobject-introspection-1.66.1/girepository/cmph/cmph.c:113:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*keylen = (cmph_uint32)strlen(keys_vd[cmph_vector->position]);
data/gobject-introspection-1.66.1/girepository/cmph/cmph.c:160:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf[strlen(buf) - 1] != '\n') continue;
data/gobject-introspection-1.66.1/girepository/cmph/cmph.h:21:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(void *, char **, cmph_uint32 *);
data/gobject-introspection-1.66.1/girepository/cmph/cmph_structs.c:29:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nbytes = fwrite(cmph_names[mphf->algo], (size_t)(strlen(cmph_names[mphf->algo]) + 1), (size_t)1, fd);
data/gobject-introspection-1.66.1/girepository/cmph/debug.h:26:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t plen = strlen(p);
data/gobject-introspection-1.66.1/girepository/cmph/debug.h:28:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f = (char *)malloc(plen + strlen(format) + 1);
data/gobject-introspection-1.66.1/girepository/cmph/debug.h:31:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(f + plen, format, strlen(format) + 1);
data/gobject-introspection-1.66.1/girepository/cmph/fch.c:105:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mph->key_source->read(mph->key_source->data, &key, &keylen);
data/gobject-introspection-1.66.1/girepository/cmph/hash.c:67:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*buf = (char *)malloc(strlen(cmph_hash_names[state->hashfunc]) + 1 + *buflen);
data/gobject-introspection-1.66.1/girepository/cmph/hash.c:68:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(*buf, cmph_hash_names[state->hashfunc], strlen(cmph_hash_names[state->hashfunc]) + 1);
data/gobject-introspection-1.66.1/girepository/cmph/hash.c:71:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(*buf + strlen(cmph_hash_names[state->hashfunc]) + 1, algobuf, len);
data/gobject-introspection-1.66.1/girepository/cmph/hash.c:72:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*buflen = (cmph_uint32)strlen(cmph_hash_names[state->hashfunc]) + 1 + *buflen;
data/gobject-introspection-1.66.1/girepository/cmph/hash.c:106:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = (cmph_uint32)strlen(cmph_hash_names[hashfunc]) + 1;
data/gobject-introspection-1.66.1/girepository/cmph/hashtree.c:175:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mph->key_source->read(mph->key_source->data, &key, &keylen);
data/gobject-introspection-1.66.1/girepository/cmph/main.c:232:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mphf_file = (char *)malloc(strlen(keys_file) + 5);
data/gobject-introspection-1.66.1/girepository/cmph/main.c:233:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(mphf_file, keys_file, strlen(keys_file));
data/gobject-introspection-1.66.1/girepository/cmph/main.c:234:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(mphf_file + strlen(keys_file), ".mph\0", (size_t)5);
data/gobject-introspection-1.66.1/girepository/cmph/main.c:313:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
source->read(source->data, &buf, &buflen);
data/gobject-introspection-1.66.1/girepository/gdump.c:54:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!g_output_stream_write_all (out, str, strlen (str), &written, NULL, &error))
data/gobject-introspection-1.66.1/girepository/gdump.c:69:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!g_output_stream_write_all (out, str, strlen (str), &written, NULL, &error))
data/gobject-introspection-1.66.1/girepository/gdump.c:522:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (line, "get-type:", strlen ("get-type:")) == 0)
data/gobject-introspection-1.66.1/girepository/gdump.c:526:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
function = line + strlen ("get-type:");
data/gobject-introspection-1.66.1/girepository/gdump.c:544:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp (line, "error-quark:", strlen ("error-quark:")) == 0)
data/gobject-introspection-1.66.1/girepository/gdump.c:547:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
function = line + strlen ("error-quark:");
data/gobject-introspection-1.66.1/girepository/girepository.c:1242:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return ((char*)orig_key) + strlen ((char *) orig_key) + 1;
data/gobject-introspection-1.66.1/girepository/girepository.c:1296:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (end != (version + strlen (version)))
data/gobject-introspection-1.66.1/girepository/girmodule.c:356:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (module->name) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girmodule.c:369:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (module->name) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girmodule.c:371:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (module->shared_library) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girmodule.c:373:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (dependencies) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girmodule.c:375:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (module->c_prefix) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:571:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*size_p += ALIGN_VALUE (strlen (key_str) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:572:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*size_p += ALIGN_VALUE (strlen (value_str) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:595:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (node->name) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:608:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (node->name) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:609:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (function->symbol) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:623:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (node->name) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:678:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (iface->parent) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:680:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (iface->glib_type_struct) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:681:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (node->name) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:682:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (iface->gtype_name) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:684:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (iface->gtype_init) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:686:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (iface->ref_func) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:688:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (iface->unref_func) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:690:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (iface->set_value_func) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:692:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (iface->get_value_func) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:706:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (node->name) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:707:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (iface->gtype_name) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:708:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (iface->gtype_init) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:722:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (node->name) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:725:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (enum_->gtype_name) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:726:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (enum_->gtype_init) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:729:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (enum_->error_domain) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:741:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (node->name) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:750:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (node->name) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:752:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (struct_->gtype_name) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:754:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (struct_->gtype_init) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:765:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (node->name) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:768:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (boxed->gtype_name) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:769:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (boxed->gtype_init) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:781:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (node->name) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:791:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (node->name) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:803:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (node->name) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:815:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (node->name) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:828:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (node->name) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:830:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (constant->value) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:840:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (node->name) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:841:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (xref->namespace) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:850:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (node->name) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:852:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (union_->gtype_name) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:854:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += ALIGN_VALUE (strlen (union_->gtype_init) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girnode.c:1038:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert (strlen (name) > 0);
data/gobject-introspection-1.66.1/girepository/girnode.c:2307:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blob->size = strlen (constant->value) + 1;
data/gobject-introspection-1.66.1/girepository/girnode.c:2351:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_size += strlen (str);
data/gobject-introspection-1.66.1/girepository/girnode.c:2359:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unique_string_size += strlen (str);
data/gobject-introspection-1.66.1/girepository/girnode.c:2364:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*offset = ALIGN_VALUE (start + strlen (str) + 1, 4);
data/gobject-introspection-1.66.1/girepository/girparser.c:505:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str += strlen(basic->str);
data/gobject-introspection-1.66.1/girepository/girparser.c:544:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str += strlen ("GLib.");
data/gobject-introspection-1.66.1/girepository/girparser.c:550:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str += strlen ("List");
data/gobject-introspection-1.66.1/girepository/girparser.c:557:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str += strlen ("SList");
data/gobject-introspection-1.66.1/girepository/girparser.c:562:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str += strlen ("GLib.");
data/gobject-introspection-1.66.1/girepository/girparser.c:567:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str += strlen ("HashTable");
data/gobject-introspection-1.66.1/girepository/girparser.c:571:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str += strlen ("GLib.");
data/gobject-introspection-1.66.1/girepository/girparser.c:576:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str += strlen ("Error");
data/gobject-introspection-1.66.1/girepository/girparser.c:2046:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *cp = ctype + strlen(ctype) - 1;
data/gobject-introspection-1.66.1/girepository/girparser.c:3667:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namespace[strlen(namespace)-4] = '\0';
data/gobject-introspection-1.66.1/girepository/gitypelib.c:267:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iter->sep_len = strlen (separator);
data/gobject-introspection-1.66.1/girepository/gitypelib.c:292:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (s);
data/gobject-introspection-1.66.1/girepository/gitypelib.c:333:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (c_prefix == NULL || strlen (c_prefix) == 0)
data/gobject-introspection-1.66.1/girepository/gitypelib.c:336:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtype_name_len = strlen (gtype_name);
data/gobject-introspection-1.66.1/girepository/gitypelib.c:348:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (prefix);
data/gobject-introspection-1.66.1/girepository/gitypelib.c:517:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn (name, G_CSET_a_2_z G_CSET_A_2_Z G_CSET_DIGITS "-_") < strlen (name))
data/gobject-introspection-1.66.1/girepository/gthash.c:179:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hashv = cmph_search_packed (packed_mem, str, strlen (str));
data/gobject-introspection-1.66.1/girepository/gthash.c:208:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = cmph_search_packed (mph, str, strlen (str));
data/gobject-introspection-1.66.1/tests/gimarshallingtests.c:1084:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize orig_len = strlen (GI_MARSHALLING_TESTS_CONSTANT_UTF8);
data/gobject-introspection-1.66.1/tests/scanner/barapp.c:60:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!g_irepository_dump (argv[1] + strlen (prefix), &error))
data/gobject-introspection-1.66.1/tests/scanner/regress.c:2097:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen (boxed->a_string) + boxed->a_int;
data/gobject-introspection-1.66.1/tests/scanner/regress.c:4552:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (self->name, name, sizeof (self->name) - 1);
ANALYSIS SUMMARY:
Hits = 239
Lines analyzed = 151250 in approximately 4.74 seconds (31926 lines/second)
Physical Source Lines of Code (SLOC) = 39347
Hits@level = [0] 273 [1] 114 [2] 112 [3] 4 [4] 9 [5] 0
Hits@level+ = [0+] 512 [1+] 239 [2+] 125 [3+] 13 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 13.0124 [1+] 6.07416 [2+] 3.17686 [3+] 0.330394 [4+] 0.228734 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.