Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/latexila-3.22.0/src/main_window_file.c
Examining data/latexila-3.22.0/src/tab_info_bar.c
Examining data/latexila-3.22.0/src/encodings.c
Examining data/latexila-3.22.0/src/clean_build_files.c
Examining data/latexila-3.22.0/src/search.c
Examining data/latexila-3.22.0/src/symbols.c
Examining data/latexila-3.22.0/src/app_settings.c
Examining data/latexila-3.22.0/src/projects.c
Examining data/latexila-3.22.0/src/completion.c
Examining data/latexila-3.22.0/src/utils.c
Examining data/latexila-3.22.0/src/symbols_view.c
Examining data/latexila-3.22.0/src/menu_in_toolbar.c
Examining data/latexila-3.22.0/src/latex_menu.c
Examining data/latexila-3.22.0/src/build_tools_preferences.c
Examining data/latexila-3.22.0/src/main_window_build_tools.c
Examining data/latexila-3.22.0/src/project_dialogs.c
Examining data/latexila-3.22.0/src/preferences_dialog.c
Examining data/latexila-3.22.0/src/documents_panel.c
Examining data/latexila-3.22.0/src/document_structure.c
Examining data/latexila-3.22.0/src/main_window_tools.c
Examining data/latexila-3.22.0/src/main.c
Examining data/latexila-3.22.0/src/main_window_structure.c
Examining data/latexila-3.22.0/src/finance.c
Examining data/latexila-3.22.0/src/structure_model.c
Examining data/latexila-3.22.0/src/liblatexila/latexila-build-tools-default.c
Examining data/latexila-3.22.0/src/liblatexila/latexila-build-tools.h
Examining data/latexila-3.22.0/src/liblatexila/latexila-build-view.c
Examining data/latexila-3.22.0/src/liblatexila/latexila-post-processor-all-output.c
Examining data/latexila-3.22.0/src/liblatexila/latexila-post-processor-latexmk.h
Examining data/latexila-3.22.0/src/liblatexila/latexila-templates-personal.c
Examining data/latexila-3.22.0/src/liblatexila/latexila-build-job.h
Examining data/latexila-3.22.0/src/liblatexila/latexila-post-processor.c
Examining data/latexila-3.22.0/src/liblatexila/latexila-templates-manage-dialog.c
Examining data/latexila-3.22.0/src/liblatexila/latexila-build-view.h
Examining data/latexila-3.22.0/src/liblatexila/latexila-templates-manage-dialog.h
Examining data/latexila-3.22.0/src/liblatexila/latexila-build-tool.c
Examining data/latexila-3.22.0/src/liblatexila/latexila-build-tools-personal.h
Examining data/latexila-3.22.0/src/liblatexila/latexila-templates-default.h
Examining data/latexila-3.22.0/src/liblatexila/latexila-post-processor.h
Examining data/latexila-3.22.0/src/liblatexila/latexila-utils.c
Examining data/latexila-3.22.0/src/liblatexila/latexila-synctex.c
Examining data/latexila-3.22.0/src/liblatexila/latexila-types.h
Examining data/latexila-3.22.0/src/liblatexila/latexila-build-tool.h
Examining data/latexila-3.22.0/src/liblatexila/latexila-post-processor-all-output.h
Examining data/latexila-3.22.0/src/liblatexila/latexila-templates-dialogs.c
Examining data/latexila-3.22.0/src/liblatexila/latexila-templates-common.c
Examining data/latexila-3.22.0/src/liblatexila/latexila-utils.h
Examining data/latexila-3.22.0/src/liblatexila/latexila-templates-personal.h
Examining data/latexila-3.22.0/src/liblatexila/latexila-build-tools.c
Examining data/latexila-3.22.0/src/liblatexila/latexila-post-processor-latex.c
Examining data/latexila-3.22.0/src/liblatexila/latexila-synctex.h
Examining data/latexila-3.22.0/src/liblatexila/latexila-build-job.c
Examining data/latexila-3.22.0/src/liblatexila/latexila-build-tools-personal.c
Examining data/latexila-3.22.0/src/liblatexila/latexila-templates-common.h
Examining data/latexila-3.22.0/src/liblatexila/latexila-post-processor-latexmk.c
Examining data/latexila-3.22.0/src/liblatexila/latexila-build-tools-default.h
Examining data/latexila-3.22.0/src/liblatexila/latexila-templates-default.c
Examining data/latexila-3.22.0/src/liblatexila/latexila-post-processor-latex.h
Examining data/latexila-3.22.0/src/liblatexila/latexila.h
Examining data/latexila-3.22.0/src/liblatexila/latexila-templates-dialogs.h
Examining data/latexila-3.22.0/src/build_tool_dialog.c
Examining data/latexila-3.22.0/src/gedit/gedit-close-button.h
Examining data/latexila-3.22.0/src/gedit/gedit-close-button.c
Examining data/latexila-3.22.0/src/structure.c
Examining data/latexila-3.22.0/src/stock_icons.c
Examining data/latexila-3.22.0/src/side_panel.c
Examining data/latexila-3.22.0/src/bottom_panel.c
Examining data/latexila-3.22.0/src/main_window_edit.c
Examining data/latexila-3.22.0/src/main_window.c
Examining data/latexila-3.22.0/src/latexila_app.c
Examining data/latexila-3.22.0/src/document.c
Examining data/latexila-3.22.0/src/most_used_symbols.c
Examining data/latexila-3.22.0/src/document_tab.c
Examining data/latexila-3.22.0/src/error_entry.c
Examining data/latexila-3.22.0/src/document_view.c
Examining data/latexila-3.22.0/src/main_window_documents.c
Examining data/latexila-3.22.0/src/custom_statusbar.c
Examining data/latexila-3.22.0/src/dialogs.c
Examining data/latexila-3.22.0/src/file_browser.c
Examining data/latexila-3.22.0/tests/test-utils.c
Examining data/latexila-3.22.0/tests/test-build-tools.c
FINAL RESULTS:
data/latexila-3.22.0/src/file_browser.c:669:11: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
_tmp0_ = g_get_home_dir ();
data/latexila-3.22.0/src/file_browser.c:1316:15: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
_tmp29_ = g_get_home_dir ();
data/latexila-3.22.0/src/file_browser.c:1813:11: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
_tmp9_ = g_get_home_dir ();
data/latexila-3.22.0/src/liblatexila/latexila-utils.c:110:19: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
tmp = (gchar *) g_get_home_dir ();
data/latexila-3.22.0/src/main_window.c:3897:11: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
_tmp0_ = g_get_home_dir ();
data/latexila-3.22.0/src/structure_model.c:411:11: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
_tmp0_ = g_random_int ();
data/latexila-3.22.0/tests/test-utils.c:65:26: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
const gchar *homedir = g_get_home_dir ();
data/latexila-3.22.0/src/build_tools_preferences.c:656:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_tmp11_ = atoi (_tmp10_);
data/latexila-3.22.0/src/document_structure.c:590:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dup, self, sizeof (gint));
data/latexila-3.22.0/src/document_structure.c:1057:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dup, self, sizeof (StructType));
data/latexila-3.22.0/src/finance.c:343:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_tmp12_ = atoi (_tmp11_);
data/latexila-3.22.0/src/finance.c:348:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_tmp15_ = atoi (_tmp14_);
data/latexila-3.22.0/src/finance.c:353:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_tmp18_ = atoi (_tmp17_);
data/latexila-3.22.0/src/liblatexila/latexila-post-processor-latex.c:410:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n1 = atoi (strings[2]);
data/latexila-3.22.0/src/liblatexila/latexila-post-processor-latex.c:411:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n2 = atoi (strings[3]);
data/latexila-3.22.0/src/liblatexila/latexila-post-processor-latex.c:439:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cur_msg->start_line = atoi (strings[2]);
data/latexila-3.22.0/src/liblatexila/latexila-post-processor-latex.c:576:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cur_msg->start_line = atoi (strings[2]);
data/latexila-3.22.0/src/liblatexila/latexila-post-processor-latex.c:593:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cur_msg->start_line = atoi (strings[2]);
data/latexila-3.22.0/src/liblatexila/latexila-post-processor-latex.c:890:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cur_msg->start_line = atoi (strings[1]);
data/latexila-3.22.0/src/liblatexila/latexila-post-processor-latex.c:953:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nb_bytes = atol (nb_bytes_str);
data/latexila-3.22.0/src/main_window_build_tools.c:744:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_tmp12_ = atoi (_tmp11_);
data/latexila-3.22.0/src/most_used_symbols.c:569:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_tmp21_ = atoi (_tmp20_);
data/latexila-3.22.0/src/search.c:486:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_tmp20_ = atoi (_tmp19_);
data/latexila-3.22.0/src/structure_model.c:419:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dup, self, sizeof (GtkTreeIter));
data/latexila-3.22.0/src/completion.c:610:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp4_ = strlen (_tmp3_);
data/latexila-3.22.0/src/completion.c:1261:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp0_ = strlen (self);
data/latexila-3.22.0/src/completion.c:1362:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp5_ = strlen (_tmp4_);
data/latexila-3.22.0/src/completion.c:1372:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp10_ = strlen (_tmp9_);
data/latexila-3.22.0/src/completion.c:1450:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp5_ = strlen (_tmp4_);
data/latexila-3.22.0/src/completion.c:1460:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp10_ = strlen (_tmp9_);
data/latexila-3.22.0/src/completion.c:1720:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp3_ = strlen (_tmp2_);
data/latexila-3.22.0/src/completion.c:1783:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp2_ = strlen (text);
data/latexila-3.22.0/src/completion.c:1805:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp2_ = strlen (_tmp1_);
data/latexila-3.22.0/src/completion.c:1894:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp4_ = strlen (_tmp3_);
data/latexila-3.22.0/src/document.c:654:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp0_ = strlen (self);
data/latexila-3.22.0/src/document.c:724:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp2_ = strlen (_tmp1_);
data/latexila-3.22.0/src/document.c:779:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp0_ = strlen (self);
data/latexila-3.22.0/src/document.c:882:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp13_ = strlen (_tmp12_);
data/latexila-3.22.0/src/document.c:959:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp32_ = strlen (_tmp31_);
data/latexila-3.22.0/src/document.c:984:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp40_ = strlen (_tmp39_);
data/latexila-3.22.0/src/document.c:1188:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp3_ = strlen (_tmp2_);
data/latexila-3.22.0/src/document_structure.c:497:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp14_ = strlen (_tmp13_);
data/latexila-3.22.0/src/document_structure.c:1306:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp6_ = strlen (self);
data/latexila-3.22.0/src/document_structure.c:1618:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp0_ = strlen (self);
data/latexila-3.22.0/src/document_structure.c:1903:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp18_ = strlen (_tmp17_);
data/latexila-3.22.0/src/document_structure.c:3800:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp43_ = strlen (_tmp42_);
data/latexila-3.22.0/src/latexila_app.c:1221:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp11_ = strlen (_tmp10_);
data/latexila-3.22.0/src/liblatexila/latexila-post-processor-latex.c:601:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (warning);
data/latexila-3.22.0/src/liblatexila/latexila-post-processor-latex.c:835:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (line);
data/latexila-3.22.0/src/liblatexila/latexila-post-processor-latex.c:860:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (line);
data/latexila-3.22.0/src/liblatexila/latexila-post-processor-latex.c:1052:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint pos = strlen (file->filename) - strlen (bad_suffix);
data/latexila-3.22.0/src/liblatexila/latexila-post-processor-latex.c:1052:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint pos = strlen (file->filename) - strlen (bad_suffix);
data/latexila-3.22.0/src/liblatexila/latexila-templates-personal.c:480:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (contents),
data/latexila-3.22.0/src/liblatexila/latexila-utils.c:46:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (filename);
data/latexila-3.22.0/src/liblatexila/latexila-utils.c:131:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gchar *res = g_strdup_printf ("~/%s", filename + strlen (home));
data/latexila-3.22.0/src/main_window.c:1577:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp7_ = strlen (_tmp6_);
data/latexila-3.22.0/src/main_window.c:2711:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp14_ = strlen (_tmp13_);
data/latexila-3.22.0/src/main_window.c:2744:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp27_ = strlen (_tmp26_);
data/latexila-3.22.0/src/main_window_build_tools.c:878:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp37_ = strlen (_tmp36_);
data/latexila-3.22.0/src/project_dialogs.c:1173:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp0_ = strlen (self);
data/latexila-3.22.0/src/project_dialogs.c:1311:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp25_ = strlen (_tmp24_);
data/latexila-3.22.0/src/project_dialogs.c:1314:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp28_ = strlen (_tmp27_);
data/latexila-3.22.0/src/search.c:464:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp11_ = strlen (_tmp10_);
data/latexila-3.22.0/src/utils.c:77:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp0_ = strlen (self);
data/latexila-3.22.0/src/utils.c:158:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp1_ = strlen (_tmp0_);
data/latexila-3.22.0/src/utils.c:172:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp8_ = strlen (_tmp7_);
data/latexila-3.22.0/src/utils.c:246:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp2_ = strlen (_tmp1_);
data/latexila-3.22.0/src/utils.c:523:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp0_ = strlen (self);
ANALYSIS SUMMARY:
Hits = 68
Lines analyzed = 66482 in approximately 3.72 seconds (17881 lines/second)
Physical Source Lines of Code (SLOC) = 56819
Hits@level = [0] 1 [1] 44 [2] 17 [3] 7 [4] 0 [5] 0
Hits@level+ = [0+] 69 [1+] 68 [2+] 24 [3+] 7 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.21438 [1+] 1.19678 [2+] 0.422394 [3+] 0.123198 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.