Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gupnp-av-0.12.11/tests/check-search.c
Examining data/gupnp-av-0.12.11/tests/check-feature-list-parser.c
Examining data/gupnp-av-0.12.11/tests/gtest/test-cds-last-change-parser.c
Examining data/gupnp-av-0.12.11/tests/gtest/test-regression.c
Examining data/gupnp-av-0.12.11/tests/gtest/test-media-collection.c
Examining data/gupnp-av-0.12.11/tests/gtest/test-last-change-parser.c
Examining data/gupnp-av-0.12.11/tests/gtest/test-didl-lite-object.c
Examining data/gupnp-av-0.12.11/tests/fragments.c
Examining data/gupnp-av-0.12.11/tests/test-search-criteria-parser.c
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-av.h
Examining data/gupnp-av-0.12.11/libgupnp-av/fragment-util.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-container.c
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-dlna.c
Examining data/gupnp-av-0.12.11/libgupnp-av/xml-util.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-protocol-info.c
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-dlna.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gvalue-util.c
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-feature-list-parser.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-media-collection.c
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-av-error.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-cds-last-change-parser.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-contributor.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-writer-private.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-last-change-parser.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-writer.c
Examining data/gupnp-av-0.12.11/libgupnp-av/fragment-util.c
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-resource.c
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-parser.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-object.c
Examining data/gupnp-av-0.12.11/libgupnp-av/gvalue-util.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-media-collection.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-search-criteria-parser.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-av-marshal.c
Examining data/gupnp-av-0.12.11/libgupnp-av/time-utils.c
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-createclass-private.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-contributor-private.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-createclass.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-feature.c
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-descriptor.h
Examining data/gupnp-av-0.12.11/libgupnp-av/time-utils.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-createclass.c
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-writer.h
Examining data/gupnp-av-0.12.11/libgupnp-av/xsd-data.c
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-av-enums.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-feature.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-descriptor-private.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-av-error.c
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-object-private.h
Examining data/gupnp-av-0.12.11/libgupnp-av/xsd-data.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-cds-last-change-parser.c
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-item.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-contributor.c
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-container.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-feature-list-parser.c
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-parser.c
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-av-marshal.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-search-criteria-parser.c
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-parser-private.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-protocol-info.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-item.c
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-descriptor.c
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-object.h
Examining data/gupnp-av-0.12.11/libgupnp-av/xml-util.c
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-resource-private.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-resource.h
Examining data/gupnp-av-0.12.11/libgupnp-av/gupnp-last-change-parser.c
FINAL RESULTS:
data/gupnp-av-0.12.11/libgupnp-av/gupnp-feature-list-parser.c:101:25: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (object_ids, content);
data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-object.c:1488:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi (str);
data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-resource.c:110:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*width = atoi (tokens[0]);
data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-resource.c:112:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*height = atoi (tokens[1]);
data/gupnp-av-0.12.11/libgupnp-av/gupnp-protocol-info.c:122:66: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi (p));
data/gupnp-av-0.12.11/libgupnp-av/gvalue-util.c:59:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi (str);
data/gupnp-av-0.12.11/libgupnp-av/gvalue-util.c:65:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi (str);
data/gupnp-av-0.12.11/libgupnp-av/gvalue-util.c:71:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi (str);
data/gupnp-av-0.12.11/libgupnp-av/gvalue-util.c:77:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi (str);
data/gupnp-av-0.12.11/libgupnp-av/gvalue-util.c:83:21: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
l = atol (str);
data/gupnp-av-0.12.11/libgupnp-av/gvalue-util.c:89:21: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
l = atol (str);
data/gupnp-av-0.12.11/libgupnp-av/gvalue-util.c:114:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi (str);
data/gupnp-av-0.12.11/libgupnp-av/gvalue-util.c:133:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi (str);
data/gupnp-av-0.12.11/libgupnp-av/xml-util.c:223:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi (str);
data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-parser.c:243:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
doc = xmlRecoverMemory (didl, strlen (didl));
data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-writer.c:125:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (a);
data/gupnp-av-0.12.11/libgupnp-av/gupnp-didl-lite-writer.c:132:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen (b) - len;
data/gupnp-av-0.12.11/libgupnp-av/gupnp-feature-list-parser.c:93:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_size = strlen (object_ids) + strlen (content) + 1;
data/gupnp-av-0.12.11/libgupnp-av/gupnp-feature-list-parser.c:93:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_size = strlen (object_ids) + strlen (content) + 1;
data/gupnp-av-0.12.11/libgupnp-av/gupnp-feature-list-parser.c:100:33: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (object_ids, ",");
data/gupnp-av-0.12.11/libgupnp-av/gupnp-feature-list-parser.c:130:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
doc = xmlRecoverMemory (text, strlen (text));
data/gupnp-av-0.12.11/libgupnp-av/gupnp-protocol-info.c:89:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (tokens[i]),
data/gupnp-av-0.12.11/libgupnp-av/gupnp-protocol-info.c:99:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (tokens[i]),
data/gupnp-av-0.12.11/libgupnp-av/gupnp-protocol-info.c:116:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (tokens[i]),
data/gupnp-av-0.12.11/libgupnp-av/gupnp-protocol-info.c:128:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (tokens[i]),
data/gupnp-av-0.12.11/libgupnp-av/gupnp-protocol-info.c:141:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (tokens[i]),
data/gupnp-av-0.12.11/libgupnp-av/gupnp-protocol-info.c:145:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (p) > 8)
data/gupnp-av-0.12.11/libgupnp-av/gupnp-search-criteria-parser.c:577:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_scanner_input_text (parser->priv->scanner, text, strlen (text));
data/gupnp-av-0.12.11/libgupnp-av/xml-util.c:369:18: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
gboolean equal;
data/gupnp-av-0.12.11/libgupnp-av/xml-util.c:410:13: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal) {
data/gupnp-av-0.12.11/libgupnp-av/xml-util.c:426:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal;
ANALYSIS SUMMARY:
Hits = 31
Lines analyzed = 18471 in approximately 0.45 seconds (41471 lines/second)
Physical Source Lines of Code (SLOC) = 11689
Hits@level = [0] 1 [1] 17 [2] 13 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 32 [1+] 31 [2+] 14 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 2.73762 [1+] 2.65207 [2+] 1.19771 [3+] 0.0855505 [4+] 0.0855505 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.