Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kylin-burner-3.0.8/libburner-burn/burner-tool-dialog.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-enums.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-file-monitor.c
Examining data/kylin-burner-3.0.8/libburner-burn/burn-process.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-burn.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-tool-dialog.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-filtered-uri.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-track-data-cfg.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-image-type-chooser.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-track-type.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-track-data.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-xfer.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-progress.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-session-cfg.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-image-properties.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-data-tree-model.h
Examining data/kylin-burner-3.0.8/libburner-burn/burn-mkisofs-base.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-caps-plugin.c
Examining data/kylin-burner-3.0.8/libburner-burn/burn-plugin.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-tool-dialog-private.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-plugin-registration.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-drive-properties.c
Examining data/kylin-burner-3.0.8/libburner-burn/burn-caps.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-sum-dialog.c
Examining data/kylin-burner-3.0.8/libburner-burn/burn-task.h
Examining data/kylin-burner-3.0.8/libburner-burn/burn-dbus.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-session-span.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-file-monitor.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-data-project.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-burn.c
Examining data/kylin-burner-3.0.8/libburner-burn/burn-job.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-filtered-uri.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-track-image-cfg.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-file-node.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-status-dialog.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-burn-options.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-app-indicator.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-dest-selection.h
Examining data/kylin-burner-3.0.8/libburner-burn/burn-debug.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-track-disc.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-track-stream-cfg.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-src-image.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-image-properties.h
Examining data/kylin-burner-3.0.8/libburner-burn/burn-task-item.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-cover.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-track-stream.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-src-image.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-src-selection.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-src-selection.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-session.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-customize-title.h
Examining data/kylin-burner-3.0.8/libburner-burn/burn-plugin-manager.c
Examining data/kylin-burner-3.0.8/libburner-burn/burn-mkisofs-base.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-status-dialog.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-video-options.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-track.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-status.h
Examining data/kylin-burner-3.0.8/libburner-burn/burn-dbus.h
Examining data/kylin-burner-3.0.8/libburner-burn/burn-task-ctx.c
Examining data/kylin-burner-3.0.8/libburner-burn/burn-task-ctx.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-error.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-blank-dialog.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-track-image.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-caps-session.c
Examining data/kylin-burner-3.0.8/libburner-burn/burn-task.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-customize-title.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-track-stream.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-app-indicator.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-caps-burn.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-medium-properties.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-track.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-track-disc.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-track-type-private.h
Examining data/kylin-burner-3.0.8/libburner-burn/burn-image-format.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-cover.c
Examining data/kylin-burner-3.0.8/libburner-burn/burn-debug.c
Examining data/kylin-burner-3.0.8/libburner-burn/burn-plugin-manager.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-plugin-information.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-session-span.c
Examining data/kylin-burner-3.0.8/libburner-burn/burn-basics.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-file-node.c
Examining data/kylin-burner-3.0.8/libburner-burn/burn-process.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-session-cfg.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-status.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-data-tree-model.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-medium-properties.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-data-vfs.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-plugin-private.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-track-type.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-caps-burn.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-track-data.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-video-options.h
Examining data/kylin-burner-3.0.8/libburner-burn/burn-image-format.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-data-project.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-data-vfs.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-sum-dialog.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-burn-dialog.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-track-image.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-session.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-track-data-cfg.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-blank-dialog.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-track-image-cfg.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-tags.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-data-session.c
Examining data/kylin-burner-3.0.8/libburner-burn/burn-basics.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-data-session.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-plugin.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-xfer.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-session-helper.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-burn-dialog.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-drive-properties.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-progress.c
Examining data/kylin-burner-3.0.8/libburner-burn/burn-job.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-track-stream-cfg.c
Examining data/kylin-burner-3.0.8/libburner-burn/burn-caps.h
Examining data/kylin-burner-3.0.8/libburner-burn/burner-burn-options.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-dest-selection.c
Examining data/kylin-burner-3.0.8/libburner-burn/burn-task-item.c
Examining data/kylin-burner-3.0.8/libburner-burn/burner-image-type-chooser.c
Examining data/kylin-burner-3.0.8/nautilus/nautilus-burn-extension.c
Examining data/kylin-burner-3.0.8/nautilus/nautilus-burn-bar.c
Examining data/kylin-burner-3.0.8/nautilus/nautilus-burn-bar.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-test-unit-ready.c
Examining data/kylin-burner-3.0.8/libburner-media/scsi-inquiry.c
Examining data/kylin-burner-3.0.8/libburner-media/scsi-mode-pages.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-read-format-capacities.h
Examining data/kylin-burner-3.0.8/libburner-media/burner-medium-selection.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-read-disc-structure.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-get-performance.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-read-toc-pma-atip.c
Examining data/kylin-burner-3.0.8/libburner-media/scsi-write-page.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-mmc2.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-read-track-information.h
Examining data/kylin-burner-3.0.8/libburner-media/burn-susp.c
Examining data/kylin-burner-3.0.8/libburner-media/burner-drive.c
Examining data/kylin-burner-3.0.8/libburner-media/burn-volume-source.c
Examining data/kylin-burner-3.0.8/libburner-media/burner-volume.c
Examining data/kylin-burner-3.0.8/libburner-media/scsi-mmc3.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-base.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-dvd-structures.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-get-performance.c
Examining data/kylin-burner-3.0.8/libburner-media/burner-medium-selection.c
Examining data/kylin-burner-3.0.8/libburner-media/scsi-status-page.h
Examining data/kylin-burner-3.0.8/libburner-media/burner-volume.h
Examining data/kylin-burner-3.0.8/libburner-media/burn-iso9660.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-read-capacity.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-read-disc-info.c
Examining data/kylin-burner-3.0.8/libburner-media/scsi-error.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-read-toc-pma-atip.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-command.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-utils.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-read-cd.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-mech-status.h
Examining data/kylin-burner-3.0.8/libburner-media/burn-iso-field.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-mech-status.c
Examining data/kylin-burner-3.0.8/libburner-media/scsi-get-configuration.c
Examining data/kylin-burner-3.0.8/libburner-media/burner-medium-monitor.c
Examining data/kylin-burner-3.0.8/libburner-media/scsi-read-capacity.c
Examining data/kylin-burner-3.0.8/libburner-media/burner-gio-operation.c
Examining data/kylin-burner-3.0.8/libburner-media/scsi-sense-data.c
Examining data/kylin-burner-3.0.8/libburner-media/scsi-mode-sense.c
Examining data/kylin-burner-3.0.8/libburner-media/burn-iso9660.c
Examining data/kylin-burner-3.0.8/libburner-media/burn-volume-source.h
Examining data/kylin-burner-3.0.8/libburner-media/burn-iso-field.c
Examining data/kylin-burner-3.0.8/libburner-media/burner-medium.c
Examining data/kylin-burner-3.0.8/libburner-media/scsi-mode-select.c
Examining data/kylin-burner-3.0.8/libburner-media/scsi-sense-data.h
Examining data/kylin-burner-3.0.8/libburner-media/burner-media-private.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-error.c
Examining data/kylin-burner-3.0.8/libburner-media/scsi-netbsd.c
Examining data/kylin-burner-3.0.8/libburner-media/scsi-get-configuration.h
Examining data/kylin-burner-3.0.8/libburner-media/burner-medium.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-spc1.h
Examining data/kylin-burner-3.0.8/libburner-media/burn-volume.h
Examining data/kylin-burner-3.0.8/libburner-media/burner-media.c
Examining data/kylin-burner-3.0.8/libburner-media/scsi-read-disc-structure.c
Examining data/kylin-burner-3.0.8/libburner-media/scsi-q-subchannel.h
Examining data/kylin-burner-3.0.8/libburner-media/burner-medium-monitor.h
Examining data/kylin-burner-3.0.8/libburner-media/burner-units.c
Examining data/kylin-burner-3.0.8/libburner-media/scsi-read-disc-info.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-cam.c
Examining data/kylin-burner-3.0.8/libburner-media/scsi-read-cd.c
Examining data/kylin-burner-3.0.8/libburner-media/burn-volume.c
Examining data/kylin-burner-3.0.8/libburner-media/scsi-read-format-capacities.c
Examining data/kylin-burner-3.0.8/libburner-media/scsi-mmc1.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-sbc.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-opcodes.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-read-track-information.c
Examining data/kylin-burner-3.0.8/libburner-media/scsi-inquiry.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-uscsi.c
Examining data/kylin-burner-3.0.8/libburner-media/burner-drive-selection.c
Examining data/kylin-burner-3.0.8/libburner-media/burn-susp.h
Examining data/kylin-burner-3.0.8/libburner-media/burner-medium-selection-priv.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-sg.c
Examining data/kylin-burner-3.0.8/libburner-media/scsi-device.h
Examining data/kylin-burner-3.0.8/libburner-media/burner-units.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-read10.c
Examining data/kylin-burner-3.0.8/libburner-media/burner-drive-selection.h
Examining data/kylin-burner-3.0.8/libburner-media/burner-drive-priv.h
Examining data/kylin-burner-3.0.8/libburner-media/burner-gio-operation.h
Examining data/kylin-burner-3.0.8/libburner-media/burner-drive.h
Examining data/kylin-burner-3.0.8/libburner-media/scsi-prevent-allow-medium-removal.c
Examining data/kylin-burner-3.0.8/libburner-utils/burner-io.h
Examining data/kylin-burner-3.0.8/libburner-utils/burner-tool-color-picker.c
Examining data/kylin-burner-3.0.8/libburner-utils/burner-metadata.h
Examining data/kylin-burner-3.0.8/libburner-utils/burner-io.c
Examining data/kylin-burner-3.0.8/libburner-utils/burner-pk.c
Examining data/kylin-burner-3.0.8/libburner-utils/burner-jacket-background.c
Examining data/kylin-burner-3.0.8/libburner-utils/burner-disc-message.h
Examining data/kylin-burner-3.0.8/libburner-utils/burner-async-task-manager.c
Examining data/kylin-burner-3.0.8/libburner-utils/burner-jacket-font.h
Examining data/kylin-burner-3.0.8/libburner-utils/burner-notify.h
Examining data/kylin-burner-3.0.8/libburner-utils/burner-pk.h
Examining data/kylin-burner-3.0.8/libburner-utils/burner-jacket-edit.c
Examining data/kylin-burner-3.0.8/libburner-utils/burner-notify.c
Examining data/kylin-burner-3.0.8/libburner-utils/burner-misc.c
Examining data/kylin-burner-3.0.8/libburner-utils/burner-jacket-font.c
Examining data/kylin-burner-3.0.8/libburner-utils/burner-misc.h
Examining data/kylin-burner-3.0.8/libburner-utils/burner-metadata.c
Examining data/kylin-burner-3.0.8/libburner-utils/burner-tool-color-picker.h
Examining data/kylin-burner-3.0.8/libburner-utils/burner-jacket-view.h
Examining data/kylin-burner-3.0.8/libburner-utils/burner-jacket-background.h
Examining data/kylin-burner-3.0.8/libburner-utils/burner-async-task-manager.h
Examining data/kylin-burner-3.0.8/libburner-utils/burner-jacket-buffer.h
Examining data/kylin-burner-3.0.8/libburner-utils/burner-jacket-buffer.c
Examining data/kylin-burner-3.0.8/libburner-utils/burner-jacket-view.c
Examining data/kylin-burner-3.0.8/libburner-utils/burner-jacket-edit.h
Examining data/kylin-burner-3.0.8/libburner-utils/burner-disc-message.c
Examining data/kylin-burner-3.0.8/src/burner-layout.h
Examining data/kylin-burner-3.0.8/src/burner-file-chooser.c
Examining data/kylin-burner-3.0.8/src/burner-player-bacon.h
Examining data/kylin-burner-3.0.8/src/burner-multi-song-props.h
Examining data/kylin-burner-3.0.8/src/burner-disc.c
Examining data/kylin-burner-3.0.8/src/burner-song-control.h
Examining data/kylin-burner-3.0.8/src/burner-utils.c
Examining data/kylin-burner-3.0.8/src/burner-pref.c
Examining data/kylin-burner-3.0.8/src/burner-split-dialog.h
Examining data/kylin-burner-3.0.8/src/burner-search-engine.h
Examining data/kylin-burner-3.0.8/src/burner-project-parse.c
Examining data/kylin-burner-3.0.8/src/burner-time-button.h
Examining data/kylin-burner-3.0.8/src/burner-split-dialog.c
Examining data/kylin-burner-3.0.8/src/burner-audio-disc.h
Examining data/kylin-burner-3.0.8/src/burner-search-tracker.c
Examining data/kylin-burner-3.0.8/src/main.c
Examining data/kylin-burner-3.0.8/src/burner-multi-song-props.c
Examining data/kylin-burner-3.0.8/src/burner-layout-object.h
Examining data/kylin-burner-3.0.8/src/burner-video-disc.h
Examining data/kylin-burner-3.0.8/src/burner-project-name.c
Examining data/kylin-burner-3.0.8/src/burner-player.c
Examining data/kylin-burner-3.0.8/src/burner-video-disc.c
Examining data/kylin-burner-3.0.8/src/burner-eject-dialog.c
Examining data/kylin-burner-3.0.8/src/burner-preview.h
Examining data/kylin-burner-3.0.8/src/burner-song-properties.c
Examining data/kylin-burner-3.0.8/src/burner-project-type-chooser.c
Examining data/kylin-burner-3.0.8/src/burner-project-manager.c
Examining data/kylin-burner-3.0.8/src/burner-uri-container.c
Examining data/kylin-burner-3.0.8/src/burner-plugin-manager-ui.c
Examining data/kylin-burner-3.0.8/src/burner-eject-dialog.h
Examining data/kylin-burner-3.0.8/src/burner-player-bacon.c
Examining data/kylin-burner-3.0.8/src/burner-file-chooser.h
Examining data/kylin-burner-3.0.8/src/burner-preview.c
Examining data/kylin-burner-3.0.8/src/burner-project.h
Examining data/kylin-burner-3.0.8/src/burner-audio-disc.c
Examining data/kylin-burner-3.0.8/src/burner-search-engine.c
Examining data/kylin-burner-3.0.8/src/burner-disc.h
Examining data/kylin-burner-3.0.8/src/burner-playlist.c
Examining data/kylin-burner-3.0.8/src/burner-layout.c
Examining data/kylin-burner-3.0.8/src/burner-data-disc.h
Examining data/kylin-burner-3.0.8/src/burner-app.c
Examining data/kylin-burner-3.0.8/src/burner-layout-object.c
Examining data/kylin-burner-3.0.8/src/burner-drive-settings.h
Examining data/kylin-burner-3.0.8/src/eggtreemultidnd.c
Examining data/kylin-burner-3.0.8/src/burner-multi-dnd.h
Examining data/kylin-burner-3.0.8/src/burner-video-tree-model.h
Examining data/kylin-burner-3.0.8/src/burner-project-parse.h
Examining data/kylin-burner-3.0.8/src/burner-project-manager.h
Examining data/kylin-burner-3.0.8/src/burner-setting.c
Examining data/kylin-burner-3.0.8/src/burner-rename.c
Examining data/kylin-burner-3.0.8/src/burner-rename.h
Examining data/kylin-burner-3.0.8/src/burner-pref.h
Examining data/kylin-burner-3.0.8/src/burner-playlist.h
Examining data/kylin-burner-3.0.8/src/burner-cli.c
Examining data/kylin-burner-3.0.8/src/burner-player.h
Examining data/kylin-burner-3.0.8/src/burner-data-disc.c
Examining data/kylin-burner-3.0.8/src/burner-setting.h
Examining data/kylin-burner-3.0.8/src/burner-cli.h
Examining data/kylin-burner-3.0.8/src/burner-search-tracker.h
Examining data/kylin-burner-3.0.8/src/burner-project.c
Examining data/kylin-burner-3.0.8/src/burner-plugin-manager-ui.h
Examining data/kylin-burner-3.0.8/src/burner-multi-dnd.c
Examining data/kylin-burner-3.0.8/src/burner-project-type-chooser.h
Examining data/kylin-burner-3.0.8/src/burner-plugin-option.h
Examining data/kylin-burner-3.0.8/src/burner-project-name.h
Examining data/kylin-burner-3.0.8/src/burner-plugin-option.c
Examining data/kylin-burner-3.0.8/src/baobab-cell-renderer-progress.c
Examining data/kylin-burner-3.0.8/src/burner-uri-container.h
Examining data/kylin-burner-3.0.8/src/baobab-cell-renderer-progress.h
Examining data/kylin-burner-3.0.8/src/burner-file-filtered.h
Examining data/kylin-burner-3.0.8/src/burner-time-button.c
Examining data/kylin-burner-3.0.8/src/burner-utils.h
Examining data/kylin-burner-3.0.8/src/burner-song-control.c
Examining data/kylin-burner-3.0.8/src/burner-file-filtered.c
Examining data/kylin-burner-3.0.8/src/burner-app.h
Examining data/kylin-burner-3.0.8/src/burner-filter-option.c
Examining data/kylin-burner-3.0.8/src/burner-video-tree-model.c
Examining data/kylin-burner-3.0.8/src/burner-filter-option.h
Examining data/kylin-burner-3.0.8/src/eggtreemultidnd.h
Examining data/kylin-burner-3.0.8/src/burner-drive-settings.c
Examining data/kylin-burner-3.0.8/src/burner-song-properties.h
Examining data/kylin-burner-3.0.8/plugins/checksum/burn-checksum-files.c
Examining data/kylin-burner-3.0.8/plugins/checksum/burn-checksum-image.c
Examining data/kylin-burner-3.0.8/plugins/checksum/burn-volume-read.h
Examining data/kylin-burner-3.0.8/plugins/checksum/burn-volume-read.c
Examining data/kylin-burner-3.0.8/plugins/dvdauthor/burn-dvdauthor.c
Examining data/kylin-burner-3.0.8/plugins/growisofs/burn-growisofs.c
Examining data/kylin-burner-3.0.8/plugins/growisofs/burn-dvd-rw-format.c
Examining data/kylin-burner-3.0.8/plugins/growisofs/burn-growisofs-common.h
Examining data/kylin-burner-3.0.8/plugins/vcdimager/burn-vcdimager.c
Examining data/kylin-burner-3.0.8/plugins/cdrtools/burn-mkisofs.c
Examining data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdda2wav.c
Examining data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrtools.h
Examining data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c
Examining data/kylin-burner-3.0.8/plugins/cdrtools/burn-readcd.c
Examining data/kylin-burner-3.0.8/plugins/cdrkit/burn-cdrkit.h
Examining data/kylin-burner-3.0.8/plugins/cdrkit/burn-genisoimage.c
Examining data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c
Examining data/kylin-burner-3.0.8/plugins/cdrkit/burn-readom.c
Examining data/kylin-burner-3.0.8/plugins/libburnia/burn-libburn-common.h
Examining data/kylin-burner-3.0.8/plugins/libburnia/burn-libisofs.c
Examining data/kylin-burner-3.0.8/plugins/libburnia/burn-libburn.c
Examining data/kylin-burner-3.0.8/plugins/libburnia/burn-libburn-common.c
Examining data/kylin-burner-3.0.8/plugins/libburnia/burn-libburnia.h
Examining data/kylin-burner-3.0.8/plugins/transcode/burn-vob.c
Examining data/kylin-burner-3.0.8/plugins/transcode/burn-transcode.c
Examining data/kylin-burner-3.0.8/plugins/transcode/burn-normalize.h
Examining data/kylin-burner-3.0.8/plugins/transcode/burn-normalize.c
Examining data/kylin-burner-3.0.8/plugins/cdrdao/burn-cdrdao.c
Examining data/kylin-burner-3.0.8/plugins/dvdcss/burn-dvdcss.c
Examining data/kylin-burner-3.0.8/plugins/dvdcss/burn-dvdcss-private.h
Examining data/kylin-burner-3.0.8/plugins/audio2cue/burn-audio2cue.c
Examining data/kylin-burner-3.0.8/plugins/local-track/burn-local-image.c
Examining data/kylin-burner-3.0.8/plugins/local-track/burn-uri.c
FINAL RESULTS:
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:111:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf (format_real, arg_list);
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:131:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf (format_real, arg_list);
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:190:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf (format_real, arg_list);
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:328:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf (format_real, arg_list);
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:395:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf (format_real, arg_list);
data/kylin-burner-3.0.8/libburner-burn/burn-plugin.c:280:26: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if ((standard_output && sscanf (standard_output, version_format, &major, &minor, &sub) == i)
data/kylin-burner-3.0.8/libburner-burn/burn-plugin.c:281:25: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
|| (standard_error && sscanf (standard_error, version_format, &major, &minor, &sub) == i)) {
data/kylin-burner-3.0.8/libburner-burn/burner-data-project.c:386:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (key->name,
data/kylin-burner-3.0.8/libburner-burn/burner-track-data.c:406:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buffer, G_DIR_SEPARATOR_S);
data/kylin-burner-3.0.8/libburner-burn/burner-track-data.c:418:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buffer, G_DIR_SEPARATOR_S);
data/kylin-burner-3.0.8/libburner-burn/burner-track-data.c:433:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (name + (64 - width - dot_len),
data/kylin-burner-3.0.8/libburner-burn/burner-track-data.c:443:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buffer, G_DIR_SEPARATOR_S);
data/kylin-burner-3.0.8/libburner-media/burn-iso9660.c:834:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (record_name, susp_ctx.rr_name);
data/kylin-burner-3.0.8/libburner-media/burner-media.c:501:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf (format_real, arg_list);
data/kylin-burner-3.0.8/libburner-utils/burner-io.c:1134:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (attributes, "," G_FILE_ATTRIBUTE_ACCESS_CAN_READ);
data/kylin-burner-3.0.8/libburner-utils/burner-io.c:1136:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (attributes, "," G_FILE_ATTRIBUTE_STANDARD_CONTENT_TYPE);
data/kylin-burner-3.0.8/libburner-utils/burner-io.c:1138:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (attributes, "," G_FILE_ATTRIBUTE_STANDARD_ICON);
data/kylin-burner-3.0.8/libburner-utils/burner-io.c:1140:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (attributes, "," G_FILE_ATTRIBUTE_THUMBNAIL_PATH);
data/kylin-burner-3.0.8/libburner-utils/burner-io.c:1145:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (attributes, "," G_FILE_ATTRIBUTE_STANDARD_SIZE);
data/kylin-burner-3.0.8/libburner-utils/burner-io.c:1690:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (attributes, "," G_FILE_ATTRIBUTE_STANDARD_CONTENT_TYPE);
data/kylin-burner-3.0.8/libburner-utils/burner-io.c:1757:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (attributes, "," G_FILE_ATTRIBUTE_STANDARD_CONTENT_TYPE);
data/kylin-burner-3.0.8/libburner-utils/burner-io.c:1990:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (attributes, "," G_FILE_ATTRIBUTE_ACCESS_CAN_READ);
data/kylin-burner-3.0.8/libburner-utils/burner-io.c:1993:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (attributes, "," G_FILE_ATTRIBUTE_STANDARD_CONTENT_TYPE);
data/kylin-burner-3.0.8/libburner-utils/burner-io.c:1996:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (attributes, "," G_FILE_ATTRIBUTE_STANDARD_CONTENT_TYPE);
data/kylin-burner-3.0.8/libburner-utils/burner-io.c:1999:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (attributes, "," G_FILE_ATTRIBUTE_STANDARD_ICON);
data/kylin-burner-3.0.8/libburner-utils/burner-misc.c:116:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf (format_real, arg_list);
data/kylin-burner-3.0.8/libburner-burn/burn-image-format.c:867:5: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_get_home_dir (),
data/kylin-burner-3.0.8/libburner-burn/burn-image-format.c:875:6: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_get_home_dir (),
data/kylin-burner-3.0.8/libburner-burn/burner-burn-dialog.c:858:67: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
gtk_file_chooser_set_current_folder (GTK_FILE_CHOOSER (message), g_get_home_dir ());
data/kylin-burner-3.0.8/libburner-burn/burner-burn-dialog.c:1793:11: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_get_home_dir ());
data/kylin-burner-3.0.8/libburner-burn/burner-drive-properties.c:409:10: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
path = g_get_tmp_dir ();
data/kylin-burner-3.0.8/libburner-burn/burner-image-properties.c:112:12: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_get_home_dir ());
data/kylin-burner-3.0.8/libburner-burn/burner-session.c:1231:36: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
return priv->tmpdir? priv->tmpdir:g_get_tmp_dir ();
data/kylin-burner-3.0.8/libburner-burn/burner-session.c:1265:4: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_get_tmp_dir ();
data/kylin-burner-3.0.8/libburner-burn/burner-session.c:1337:4: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_get_tmp_dir ();
data/kylin-burner-3.0.8/libburner-burn/burner-session.c:2217:10: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_get_tmp_dir (),
data/kylin-burner-3.0.8/libburner-burn/burner-src-image.c:431:73: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
gtk_file_chooser_set_current_folder (GTK_FILE_CHOOSER (priv->file), g_get_home_dir ());
data/kylin-burner-3.0.8/libburner-burn/burner-src-image.c:437:72: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
gtk_file_chooser_set_current_folder (GTK_FILE_CHOOSER (priv->file), g_get_home_dir ());
data/kylin-burner-3.0.8/libburner-burn/burner-src-image.c:442:71: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
gtk_file_chooser_set_current_folder (GTK_FILE_CHOOSER (priv->file), g_get_home_dir ());
data/kylin-burner-3.0.8/libburner-burn/burner-sum-dialog.c:329:8: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_get_tmp_dir ());
data/kylin-burner-3.0.8/libburner-burn/burner-track-data-cfg.c:3297:17: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
priv->stamp = g_random_int ();
data/kylin-burner-3.0.8/src/burner-playlist.c:598:8: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_get_home_dir ());
data/kylin-burner-3.0.8/src/burner-project-manager.c:774:11: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_get_home_dir ());
data/kylin-burner-3.0.8/src/burner-project.c:2257:82: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
gtk_file_chooser_set_current_folder (GTK_FILE_CHOOSER (project->priv->chooser), g_get_home_dir ());
data/kylin-burner-3.0.8/src/burner-project.c:2856:11: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_get_home_dir ());
data/kylin-burner-3.0.8/src/burner-video-tree-model.c:1178:17: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
priv->stamp = g_random_int ();
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:140:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "eject, ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:142:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "no grace, ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:144:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "dao, ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:146:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "raw, ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:148:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "overburn, ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:150:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "burnproof, ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:152:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "no tmp file, ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:154:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "blank before, ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:156:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "append, ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:158:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "merge, ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:160:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "multi, ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:162:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "dummy, ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:164:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "check size, ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:166:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "fast blank");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:201:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "BIN ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:203:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "CUE ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:205:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "CDRDAO ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:207:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "CLONE ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:215:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "ISO ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:217:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "UDF ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:219:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "SYMLINK ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:221:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "Level 3 ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:223:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "JOLIET ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:225:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "VIDEO ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:227:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "DEEP ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:235:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "RAW ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:238:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "RAW (little endian)");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:241:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "AUDIO UNDEFINED ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:244:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "DTS WAV ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:247:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "MP2 ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:250:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "AC3 ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:253:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "44100 ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:256:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "48000 ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:259:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "VIDEO UNDEFINED ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:262:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "VCD ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:265:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "Video DVD ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:268:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "Metadata Information ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:286:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Data ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:290:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Disc ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:294:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Audio ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:298:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "format accepts ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:301:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "files ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:303:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "pipe ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:307:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Image ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:311:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "format accepts ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:314:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "files ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:316:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "pipe ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:320:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Undefined");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:351:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Data ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:355:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Disc ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:359:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Audio ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:363:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "format accepts ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:366:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "files ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:368:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "pipe ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:372:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Image ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:376:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "format accepts ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:379:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "files ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:381:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "pipe ");
data/kylin-burner-3.0.8/libburner-burn/burn-debug.c:385:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Undefined");
data/kylin-burner-3.0.8/libburner-burn/burn-image-format.c:101:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen (path, "r");
data/kylin-burner-3.0.8/libburner-burn/burn-image-format.c:151:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen (path, "r");
data/kylin-burner-3.0.8/libburner-burn/burn-job.c:306:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&input, &previous->type, sizeof (BurnerTrackType));
data/kylin-burner-3.0.8/libburner-burn/burn-job.c:1404:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (type, &prev_priv->type, sizeof (BurnerTrackType));
data/kylin-burner-3.0.8/libburner-burn/burn-job.c:1420:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (type, &priv->type, sizeof (BurnerTrackType));
data/kylin-burner-3.0.8/libburner-burn/burn-job.c:2039:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr, &priv->type, sizeof (BurnerTrackType));
data/kylin-burner-3.0.8/libburner-burn/burn-job.c:2066:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&priv->type, ptr, sizeof (BurnerTrackType));
data/kylin-burner-3.0.8/libburner-burn/burn-mkisofs-base.c:578:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
base.grafts_fd = open (grafts_path, O_WRONLY|O_TRUNC|O_EXCL);
data/kylin-burner-3.0.8/libburner-burn/burn-mkisofs-base.c:588:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
base.excluded_fd = open (excluded_path, O_WRONLY|O_TRUNC|O_EXCL);
data/kylin-burner-3.0.8/libburner-burn/burner-caps-burn.c:763:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&plugin_output,
data/kylin-burner-3.0.8/libburner-burn/burner-caps-burn.c:768:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&plugin_output,
data/kylin-burner-3.0.8/libburner-burn/burner-caps-burn.c:813:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&plugin_input, &plugin_output, sizeof (BurnerTrackType));
data/kylin-burner-3.0.8/libburner-burn/burner-caps-plugin.c:180:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&retval->type, &caps->type, sizeof (BurnerTrackType));
data/kylin-burner-3.0.8/libburner-burn/burner-data-project.c:392:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (key->name,
data/kylin-burner-3.0.8/libburner-burn/burner-data-project.c:572:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (retval, BURNER_FILE_NODE_GRAFT (node)->node->uri, len);
data/kylin-burner-3.0.8/libburner-burn/burner-data-project.c:584:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr, escaped_name, len);
data/kylin-burner-3.0.8/libburner-burn/burner-data-project.c:2517:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (path + len, name, name_len);
data/kylin-burner-3.0.8/libburner-burn/burner-session.c:171:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest, original, sizeof (BurnerSessionSetting));
data/kylin-burner-3.0.8/libburner-burn/burner-session.c:2444:10: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
gchar *tmpfile;
data/kylin-burner-3.0.8/libburner-burn/burner-session.c:2448:30: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
burner_burn_session_clean (tmpfile);
data/kylin-burner-3.0.8/libburner-burn/burner-session.c:2449:11: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
g_free (tmpfile);
data/kylin-burner-3.0.8/libburner-burn/burner-sum-dialog.c:432:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen (src, "r");
data/kylin-burner-3.0.8/libburner-burn/burner-track-data-cfg.c:2608:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (path, O_WRONLY|O_TRUNC);
data/kylin-burner-3.0.8/libburner-burn/burner-track-data.c:361:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, path, MIN (end, MAXPATHLEN));
data/kylin-burner-3.0.8/libburner-burn/burner-track-data.c:392:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (name + 64 - dot_len,
data/kylin-burner-3.0.8/libburner-burn/burner-track-data.c:438:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name + (64 - width),
data/kylin-burner-3.0.8/libburner-media/burn-iso9660.c:378:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ctx->spare_record,
data/kylin-burner-3.0.8/libburner-media/burn-iso9660.c:385:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ctx->spare_record + part_one,
data/kylin-burner-3.0.8/libburner-media/burn-iso9660.c:446:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (file->name, record->id, record->id_size);
data/kylin-burner-3.0.8/libburner-media/burn-iso9660.c:497:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (directory->name, record->id, record->id_size);
data/kylin-burner-3.0.8/libburner-media/burn-iso9660.c:619:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (copy, record, record->record_size);
data/kylin-burner-3.0.8/libburner-media/burn-iso9660.c:647:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (copy, record, record->record_size);
data/kylin-burner-3.0.8/libburner-media/burn-iso9660.c:830:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (record_name, record->id, record->id_size);
data/kylin-burner-3.0.8/libburner-media/burn-volume-source.c:239:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen (path, "r");
data/kylin-burner-3.0.8/libburner-media/burner-media.c:389:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "file ");
data/kylin-burner-3.0.8/libburner-media/burner-media.c:392:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "CD ");
data/kylin-burner-3.0.8/libburner-media/burner-media.c:395:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "DVD ");
data/kylin-burner-3.0.8/libburner-media/burner-media.c:398:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "RAM ");
data/kylin-burner-3.0.8/libburner-media/burner-media.c:401:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "BD ");
data/kylin-burner-3.0.8/libburner-media/burner-media.c:404:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "DL ");
data/kylin-burner-3.0.8/libburner-media/burner-media.c:408:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "+ ");
data/kylin-burner-3.0.8/libburner-media/burner-media.c:411:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "- (sequential) ");
data/kylin-burner-3.0.8/libburner-media/burner-media.c:414:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "- (restricted) ");
data/kylin-burner-3.0.8/libburner-media/burner-media.c:417:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "- (jump) ");
data/kylin-burner-3.0.8/libburner-media/burner-media.c:421:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "SRM ");
data/kylin-burner-3.0.8/libburner-media/burner-media.c:424:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "POW ");
data/kylin-burner-3.0.8/libburner-media/burner-media.c:427:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "RANDOM ");
data/kylin-burner-3.0.8/libburner-media/burner-media.c:431:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "RW ");
data/kylin-burner-3.0.8/libburner-media/burner-media.c:434:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "W ");
data/kylin-burner-3.0.8/libburner-media/burner-media.c:437:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "ROM ");
data/kylin-burner-3.0.8/libburner-media/burner-media.c:441:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "closed ");
data/kylin-burner-3.0.8/libburner-media/burner-media.c:444:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "blank ");
data/kylin-burner-3.0.8/libburner-media/burner-media.c:447:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "appendable ");
data/kylin-burner-3.0.8/libburner-media/burner-media.c:450:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "protected ");
data/kylin-burner-3.0.8/libburner-media/burner-media.c:453:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "with data ");
data/kylin-burner-3.0.8/libburner-media/burner-media.c:456:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "with audio ");
data/kylin-burner-3.0.8/libburner-media/burner-media.c:459:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, "Unformatted ");
data/kylin-burner-3.0.8/libburner-media/burner-medium.c:1570:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer [2048];
data/kylin-burner-3.0.8/libburner-media/burner-medium.c:2754:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer + offset,
data/kylin-burner-3.0.8/libburner-media/burner-medium.c:2777:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer [256]; /* mmc specs advise no more than 160 */
data/kylin-burner-3.0.8/libburner-media/scsi-cam.c:119:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cam_ccb.csio.cdb_io.cdb_bytes, cmd->cmd,
data/kylin-burner-3.0.8/libburner-media/scsi-cam.c:180:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (path, flags);
data/kylin-burner-3.0.8/libburner-media/scsi-netbsd.c:86:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->cmd, cmd->cmd, req->cmdlen);
data/kylin-burner-3.0.8/libburner-media/scsi-netbsd.c:173:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (rdevnode, flags);
data/kylin-burner-3.0.8/libburner-media/scsi-read-toc-pma-atip.h:344:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pack_count [16];
data/kylin-burner-3.0.8/libburner-media/scsi-read-toc-pma-atip.h:345:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_seqnum [8];
data/kylin-burner-3.0.8/libburner-media/scsi-read-toc-pma-atip.h:346:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char language_code [8];
data/kylin-burner-3.0.8/libburner-media/scsi-read-track-information.c:54:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uchar open :1; /* MMC5 field only */
data/kylin-burner-3.0.8/libburner-media/scsi-read-track-information.c:71:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uchar open :1;
data/kylin-burner-3.0.8/libburner-media/scsi-sg.c:182:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (path, flags);
data/kylin-burner-3.0.8/libburner-media/scsi-uscsi.c:213:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (rawdisk, flags);
data/kylin-burner-3.0.8/libburner-media/scsi-uscsi.c:216:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (path, flags);
data/kylin-burner-3.0.8/plugins/audio2cue/burn-audio2cue.c:354:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_out = open (image,
data/kylin-burner-3.0.8/plugins/audio2cue/burn-audio2cue.c:382:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_in = open (song_path, O_RDONLY);
data/kylin-burner-3.0.8/plugins/audio2cue/burn-audio2cue.c:412:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_out = open (toc,
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:487:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (path, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:503:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "# created by burner\n");
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:509:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "MCN=\t\n");
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:527:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Albumperformer=\t\n");
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:656:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Pre-emphasis=\tno\n");
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:662:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Channels=\t2\n");
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:668:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Copy_permitted=\tyes\n");
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:674:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Endianess=\tlittle\n");
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:680:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Index=\t\t0\n");
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:476:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (path, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:492:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "# created by burner\n");
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:498:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "MCN=\t\n");
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:516:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Albumperformer=\t\n");
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:645:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Pre-emphasis=\tno\n");
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:651:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Channels=\t2\n");
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:657:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Copy_permitted=\tyes\n");
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:663:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Endianess=\tlittle\n");
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:669:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Index=\t\t0\n");
data/kylin-burner-3.0.8/plugins/checksum/burn-checksum-files.c:116:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen (path, "r");
data/kylin-burner-3.0.8/plugins/checksum/burn-checksum-files.c:582:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
priv->file = fopen (priv->sums_path, "w");
data/kylin-burner-3.0.8/plugins/checksum/burn-checksum-image.c:296:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_in = open (path, O_RDONLY);
data/kylin-burner-3.0.8/plugins/checksum/burn-volume-read.c:204:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer + buffer_offset,
data/kylin-burner-3.0.8/plugins/checksum/burn-volume-read.c:220:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer + buffer_offset,
data/kylin-burner-3.0.8/plugins/checksum/burn-volume-read.c:254:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer + buffer_offset,
data/kylin-burner-3.0.8/plugins/checksum/burn-volume-read.c:266:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, handle->buffer + handle->offset, line_len);
data/kylin-burner-3.0.8/plugins/checksum/burn-volume-read.c:296:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer + buffer_offset,
data/kylin-burner-3.0.8/plugins/checksum/burn-volume-read.c:322:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer + buffer_offset,
data/kylin-burner-3.0.8/plugins/dvdcss/burn-dvdcss.c:411:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output_fd = fopen (output, "w");
data/kylin-burner-3.0.8/plugins/libburnia/burn-libburn-common.c:201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_sev [80];
data/kylin-burner-3.0.8/plugins/libburnia/burn-libburn-common.c:202:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_txt [BURN_MSGS_MESSAGE_LEN] = {0};
data/kylin-burner-3.0.8/plugins/libburnia/burn-libburn.c:197:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (current_pvd, buffer, i << 11);
data/kylin-burner-3.0.8/plugins/libburnia/burn-libburn.c:291:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (path, O_RDONLY);
data/kylin-burner-3.0.8/plugins/libburnia/burn-libburn.c:595:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reasons [BURN_REASONS_LEN];
data/kylin-burner-3.0.8/plugins/libburnia/burn-libburn.c:601:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prof_name [80];
data/kylin-burner-3.0.8/plugins/libburnia/burn-libburn.c:670:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open ("/dev/null", O_RDONLY);
data/kylin-burner-3.0.8/plugins/libburnia/burn-libisofs.c:239:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen (output, "w");
data/kylin-burner-3.0.8/plugins/local-track/burn-local-image.c:190:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen (priv->checksum_path, "r");
data/kylin-burner-3.0.8/plugins/local-track/burn-local-image.c:620:16: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
GFile *file, *tmpfile;
data/kylin-burner-3.0.8/plugins/local-track/burn-local-image.c:648:53: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
priv->dest_list = g_slist_append (priv->dest_list, tmpfile);
data/kylin-burner-3.0.8/plugins/transcode/burn-transcode.c:1019:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer [buffer_size];
data/kylin-burner-3.0.8/plugins/transcode/burn-transcode.c:1228:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (output, O_WRONLY | O_CREAT | O_APPEND, S_IRWXU | S_IRGRP | S_IROTH);
data/kylin-burner-3.0.8/plugins/vcdimager/burn-vcdimager.c:285:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "track-%i", i);
data/kylin-burner-3.0.8/plugins/vcdimager/burn-vcdimager.c:309:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "playlist-%i", i);
data/kylin-burner-3.0.8/plugins/vcdimager/burn-vcdimager.c:330:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "track-%i", i);
data/kylin-burner-3.0.8/src/burner-project-parse.c:966:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen (path, "w+");
data/kylin-burner-3.0.8/libburner-burn/burn-image-format.c:105:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int) strlen (path) - 3,
data/kylin-burner-3.0.8/libburner-burn/burn-image-format.c:155:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int) strlen (path) - 3,
data/kylin-burner-3.0.8/libburner-burn/burn-image-format.c:208:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval = g_strndup (path, strlen (path) - 4);
data/kylin-burner-3.0.8/libburner-burn/burn-image-format.c:902:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (dot && strlen (dot) < 5 && strlen (dot) > 1) {
data/kylin-burner-3.0.8/libburner-burn/burn-image-format.c:902:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (dot && strlen (dot) < 5 && strlen (dot) > 1) {
data/kylin-burner-3.0.8/libburner-burn/burn-mkisofs-base.c:107:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (filepath);
data/kylin-burner-3.0.8/libburner-burn/burn-mkisofs-base.c:442:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = g_strndup (path, strlen (path) - strlen (G_DIR_SEPARATOR_S));
data/kylin-burner-3.0.8/libburner-burn/burn-mkisofs-base.c:442:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = g_strndup (path, strlen (path) - strlen (G_DIR_SEPARATOR_S));
data/kylin-burner-3.0.8/libburner-burn/burn-mkisofs-base.c:455:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = g_strndup (link_path, strlen (link_path) - strlen (G_DIR_SEPARATOR_S));
data/kylin-burner-3.0.8/libburner-burn/burn-mkisofs-base.c:455:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = g_strndup (link_path, strlen (link_path) - strlen (G_DIR_SEPARATOR_S));
data/kylin-burner-3.0.8/libburner-burn/burner-data-project.c:381:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extension_len = strlen (dot);
data/kylin-burner-3.0.8/libburner-burn/burner-data-project.c:555:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri_len += strlen (escaped_name) + 1;
data/kylin-burner-3.0.8/libburner-burn/burner-data-project.c:567:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (BURNER_FILE_NODE_GRAFT (node)->node->uri);
data/kylin-burner-3.0.8/libburner-burn/burner-data-project.c:583:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (escaped_name);
data/kylin-burner-3.0.8/libburner-burn/burner-data-project.c:611:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (path);
data/kylin-burner-3.0.8/libburner-burn/burner-data-project.c:663:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri += strlen (parent);
data/kylin-burner-3.0.8/libburner-burn/burner-data-project.c:1155:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (BURNER_FILE_NODE_NAME (node)) > 64)
data/kylin-burner-3.0.8/libburner-burn/burner-data-project.c:1545:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (BURNER_FILE_NODE_NAME (node)) > 64)
data/kylin-burner-3.0.8/libburner-burn/burner-data-project.c:1579:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (name) < 1) {
data/kylin-burner-3.0.8/libburner-burn/burner-data-project.c:1637:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (name) > 64)
data/kylin-burner-3.0.8/libburner-burn/burner-data-project.c:1698:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parent_len = strlen (parent_uri);
data/kylin-burner-3.0.8/libburner-burn/burner-data-project.c:1738:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (BURNER_FILE_NODE_NAME (node)) > 64)
data/kylin-burner-3.0.8/libburner-burn/burner-data-project.c:1967:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parent_len = strlen (parent_uri);
data/kylin-burner-3.0.8/libburner-burn/burner-data-project.c:2513:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen (name);
data/kylin-burner-3.0.8/libburner-burn/burner-data-project.c:3237:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (BURNER_FILE_NODE_NAME (parent)) > 64)
data/kylin-burner-3.0.8/libburner-burn/burner-data-project.c:3468:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parent_uri_len = strlen (parent_uri);
data/kylin-burner-3.0.8/libburner-burn/burner-data-project.c:3605:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (graft->path);
data/kylin-burner-3.0.8/libburner-burn/burner-data-project.c:4072:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (new_name) > 64)
data/kylin-burner-3.0.8/libburner-burn/burner-data-project.c:4288:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (name_dest) > 64)
data/kylin-burner-3.0.8/libburner-burn/burner-data-vfs.c:315:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri_len = strlen (uri);
data/kylin-burner-3.0.8/libburner-burn/burner-data-vfs.c:320:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
target_len = strlen (target_uri);
data/kylin-burner-3.0.8/libburner-burn/burner-data-vfs.c:343:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parent_len = strlen (parent_uri);
data/kylin-burner-3.0.8/libburner-burn/burner-data-vfs.c:368:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
next_len = strlen (next_uri);
data/kylin-burner-3.0.8/libburner-burn/burner-filtered-uri.c:141:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (key_uri);
data/kylin-burner-3.0.8/libburner-burn/burner-filtered-uri.c:161:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (row_uri);
data/kylin-burner-3.0.8/libburner-burn/burner-session.c:1389:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int) strlen (path) - 3,
data/kylin-burner-3.0.8/libburner-burn/burner-session.c:1397:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int) strlen (path) - 3,
data/kylin-burner-3.0.8/libburner-burn/burner-session.c:1592:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (label) > 32) {
data/kylin-burner-3.0.8/libburner-burn/burner-session.c:2153:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (message);
data/kylin-burner-3.0.8/libburner-burn/burner-src-image.c:273:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (string) > strlen (_("Click here to select a disc _image")) + 5)
data/kylin-burner-3.0.8/libburner-burn/burner-src-image.c:273:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (string) > strlen (_("Click here to select a disc _image")) + 5)
data/kylin-burner-3.0.8/libburner-burn/burner-sum-dialog.c:395:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read;
data/kylin-burner-3.0.8/libburner-burn/burner-sum-dialog.c:450:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read)
data/kylin-burner-3.0.8/libburner-burn/burner-sum-dialog.c:451:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buffer [read] = '\0';
data/kylin-burner-3.0.8/libburner-burn/burner-track-data.c:355:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = strlen (path);
data/kylin-burner-3.0.8/libburner-media/burn-volume-source.h:51:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BurnerVolSrcReadFunc read;
data/kylin-burner-3.0.8/libburner-media/burn-volume-source.h:63:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
vol_MACRO->read (vol_MACRO, buffer_MACRO, num_MACRO, error_MACRO)
data/kylin-burner-3.0.8/libburner-media/burn-volume.c:285:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (ptr);
data/kylin-burner-3.0.8/libburner-media/scsi-netbsd.c:172:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rdevnode = g_strdup_printf ("/dev/r%s", path + strlen ("/dev/"));
data/kylin-burner-3.0.8/libburner-utils/burner-io.c:721:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri + strlen (parent_uri),
data/kylin-burner-3.0.8/libburner-utils/burner-io.c:784:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (target_uri);
data/kylin-burner-3.0.8/nautilus/nautilus-burn-bar.c:117:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (title_str) > 32) {
data/kylin-burner-3.0.8/nautilus/nautilus-burn-bar.c:286:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_len = 32 - strlen (label) - length;
data/kylin-burner-3.0.8/plugins/audio2cue/burn-audio2cue.c:174:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_bytes = read (fd, buffer + total, (bytes - total));
data/kylin-burner-3.0.8/plugins/audio2cue/burn-audio2cue.c:426:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write (fd_out, line, strlen (line)) < 0) {
data/kylin-burner-3.0.8/plugins/audio2cue/burn-audio2cue.c:443:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write (fd_out, line, strlen (line)) < 0) {
data/kylin-burner-3.0.8/plugins/audio2cue/burn-audio2cue.c:474:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write (fd_out, line, strlen (line)) < 0) {
data/kylin-burner-3.0.8/plugins/audio2cue/burn-audio2cue.c:488:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write (fd_out, line, strlen (line)) < 0) {
data/kylin-burner-3.0.8/plugins/audio2cue/burn-audio2cue.c:503:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write (fd_out, line, strlen (line)) < 0) {
data/kylin-burner-3.0.8/plugins/audio2cue/burn-audio2cue.c:518:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write (fd_out, line, strlen (line)) < 0) {
data/kylin-burner-3.0.8/plugins/audio2cue/burn-audio2cue.c:533:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write (fd_out, line, strlen (line)) < 0) {
data/kylin-burner-3.0.8/plugins/audio2cue/burn-audio2cue.c:551:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write (fd_out, line, strlen (line)) < 0) {
data/kylin-burner-3.0.8/plugins/audio2cue/burn-audio2cue.c:590:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write (fd_out, line, strlen (line)) < 0) {
data/kylin-burner-3.0.8/plugins/cdrkit/burn-readom.c:80:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen ("addr:");
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:504:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (buffer);
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:510:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (buffer);
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:521:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (string);
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:528:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (buffer);
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:549:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (string);
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:574:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (string);
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:599:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (string);
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:624:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (string);
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:631:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (string);
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:638:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (string);
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:650:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (string);
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:657:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (buffer);
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:663:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (buffer);
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:669:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (buffer);
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:675:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (buffer);
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:681:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (buffer);
data/kylin-burner-3.0.8/plugins/cdrkit/burn-wodim.c:695:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (string);
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:493:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (buffer);
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:499:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (buffer);
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:510:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (string);
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:517:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (buffer);
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:538:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (string);
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:563:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (string);
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:588:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (string);
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:613:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (string);
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:620:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (string);
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:627:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (string);
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:639:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (string);
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:646:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (buffer);
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:652:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (buffer);
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:658:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (buffer);
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:664:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (buffer);
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:670:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (buffer);
data/kylin-burner-3.0.8/plugins/cdrtools/burn-cdrecord.c:684:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (string);
data/kylin-burner-3.0.8/plugins/cdrtools/burn-readcd.c:80:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen ("addr:");
data/kylin-burner-3.0.8/plugins/checksum/burn-checksum-files.c:186:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (checksum_string),
data/kylin-burner-3.0.8/plugins/checksum/burn-checksum-files.c:210:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (graft_path + 1),
data/kylin-burner-3.0.8/plugins/checksum/burn-checksum-files.c:354:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (graft->path + 1);
data/kylin-burner-3.0.8/plugins/checksum/burn-checksum-files.c:365:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
written_bytes = fwrite (line, 1, strlen (line), priv->file);
data/kylin-burner-3.0.8/plugins/checksum/burn-checksum-files.c:366:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (written_bytes != strlen (line)) {
data/kylin-burner-3.0.8/plugins/checksum/burn-checksum-image.c:107:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_bytes = read (fd, buffer + total, (bytes - total));
data/kylin-burner-3.0.8/plugins/dvdcss/burn-dvdcss.c:252:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp (file->name + strlen (file->name) - 6, ".VOB", 4)) {
data/kylin-burner-3.0.8/plugins/growisofs/burn-growisofs.c:160:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line += strlen ("Total extents scheduled to be written = ");
data/kylin-burner-3.0.8/plugins/libburnia/burn-libburn.c:161:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes = read (data->fd, buffer + total, size - total);
data/kylin-burner-3.0.8/plugins/libburnia/burn-libisofs.c:417:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_a = strlen (graft_a->path);
data/kylin-burner-3.0.8/plugins/libburnia/burn-libisofs.c:418:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_b = strlen (graft_b->path);
data/kylin-burner-3.0.8/plugins/libburnia/burn-libisofs.c:661:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp [strlen (tmp) - 1] = '\0';
data/kylin-burner-3.0.8/plugins/local-track/burn-local-image.c:157:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri + strlen (parent),
data/kylin-burner-3.0.8/src/burner-plugin-manager-ui.c:516:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_len = strlen (case_normalized_key);
data/kylin-burner-3.0.8/src/burner-project-name.c:260:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (title_str) > 32) {
data/kylin-burner-3.0.8/src/burner-project-name.c:331:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (title_str) > 32) {
data/kylin-burner-3.0.8/src/burner-project-name.c:343:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (title_str && strlen (title_str) > 32) {
data/kylin-burner-3.0.8/src/burner-project-name.c:372:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_len = 32 - strlen (label) - length;
data/kylin-burner-3.0.8/src/burner-project-parse.c:973:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
written = fwrite (title, strlen (title), 1, file);
data/kylin-burner-3.0.8/src/burner-project-parse.c:992:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
written = fwrite (title, 1, strlen (title), file);
data/kylin-burner-3.0.8/src/burner-project-parse.c:993:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (written != strlen (title))
data/kylin-burner-3.0.8/src/burner-project-parse.c:1004:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
written = fwrite (time, 1, strlen (time), file);
data/kylin-burner-3.0.8/src/burner-project-parse.c:1005:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (written != strlen (time)) {
data/kylin-burner-3.0.8/src/burner-project-parse.c:1022:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
written = fwrite (string, 1, strlen (string), file);
data/kylin-burner-3.0.8/src/burner-project-parse.c:1023:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (written != strlen (string)) {
data/kylin-burner-3.0.8/src/burner-project-parse.c:1035:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
written = fwrite (uri, 1, strlen (uri), file);
data/kylin-burner-3.0.8/src/burner-project-parse.c:1036:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (written != strlen (uri)) {
data/kylin-burner-3.0.8/src/burner-rename.c:131:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return g_strdup_printf ("%.*s%s", (int) (occurrence - name), name, occurrence + strlen (text));
data/kylin-burner-3.0.8/src/burner-rename.c:152:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return g_strdup_printf ("%.*s%s%s", (int) (occurrence - name), name, joker, occurrence + strlen (text));
data/kylin-burner-3.0.8/src/main.c:122:105: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_css_provider_load_from_path(provider, g_filename_to_utf8("/usr/share/burner/style.css", strlen("/usr/share/burner/style.css"), &bytes_read, &bytes_written, &css_error), NULL);
ANALYSIS SUMMARY:
Hits = 354
Lines analyzed = 150951 in approximately 4.21 seconds (35814 lines/second)
Physical Source Lines of Code (SLOC) = 103508
Hits@level = [0] 43 [1] 129 [2] 179 [3] 20 [4] 26 [5] 0
Hits@level+ = [0+] 397 [1+] 354 [2+] 225 [3+] 46 [4+] 26 [5+] 0
Hits/KSLOC@level+ = [0+] 3.83545 [1+] 3.42003 [2+] 2.17375 [3+] 0.44441 [4+] 0.251188 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.