Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libgdata-0.17.13/demos/calendar/calendar-cli.c
Examining data/libgdata-0.17.13/demos/docs-list/docs-list.c
Examining data/libgdata-0.17.13/demos/docs-property/docs-property.c
Examining data/libgdata-0.17.13/demos/scrapbook/scrapbook.c
Examining data/libgdata-0.17.13/demos/scrapbook/scrapbook.h
Examining data/libgdata-0.17.13/demos/tasks/tasks-cli.c
Examining data/libgdata-0.17.13/demos/youtube/youtube-cli.c
Examining data/libgdata-0.17.13/gdata/app/gdata-app-categories.c
Examining data/libgdata-0.17.13/gdata/app/gdata-app-categories.h
Examining data/libgdata-0.17.13/gdata/atom/gdata-author.c
Examining data/libgdata-0.17.13/gdata/atom/gdata-author.h
Examining data/libgdata-0.17.13/gdata/atom/gdata-category.c
Examining data/libgdata-0.17.13/gdata/atom/gdata-category.h
Examining data/libgdata-0.17.13/gdata/atom/gdata-generator.c
Examining data/libgdata-0.17.13/gdata/atom/gdata-generator.h
Examining data/libgdata-0.17.13/gdata/atom/gdata-link.c
Examining data/libgdata-0.17.13/gdata/atom/gdata-link.h
Examining data/libgdata-0.17.13/gdata/exif/gdata-exif-tags.c
Examining data/libgdata-0.17.13/gdata/exif/gdata-exif-tags.h
Examining data/libgdata-0.17.13/gdata/gcontact/gdata-gcontact-calendar.c
Examining data/libgdata-0.17.13/gdata/gcontact/gdata-gcontact-calendar.h
Examining data/libgdata-0.17.13/gdata/gcontact/gdata-gcontact-event.c
Examining data/libgdata-0.17.13/gdata/gcontact/gdata-gcontact-event.h
Examining data/libgdata-0.17.13/gdata/gcontact/gdata-gcontact-external-id.c
Examining data/libgdata-0.17.13/gdata/gcontact/gdata-gcontact-external-id.h
Examining data/libgdata-0.17.13/gdata/gcontact/gdata-gcontact-jot.c
Examining data/libgdata-0.17.13/gdata/gcontact/gdata-gcontact-jot.h
Examining data/libgdata-0.17.13/gdata/gcontact/gdata-gcontact-language.c
Examining data/libgdata-0.17.13/gdata/gcontact/gdata-gcontact-language.h
Examining data/libgdata-0.17.13/gdata/gcontact/gdata-gcontact-relation.c
Examining data/libgdata-0.17.13/gdata/gcontact/gdata-gcontact-relation.h
Examining data/libgdata-0.17.13/gdata/gcontact/gdata-gcontact-website.c
Examining data/libgdata-0.17.13/gdata/gcontact/gdata-gcontact-website.h
Examining data/libgdata-0.17.13/gdata/gd/gdata-gd-email-address.c
Examining data/libgdata-0.17.13/gdata/gd/gdata-gd-email-address.h
Examining data/libgdata-0.17.13/gdata/gd/gdata-gd-feed-link.c
Examining data/libgdata-0.17.13/gdata/gd/gdata-gd-feed-link.h
Examining data/libgdata-0.17.13/gdata/gd/gdata-gd-im-address.c
Examining data/libgdata-0.17.13/gdata/gd/gdata-gd-im-address.h
Examining data/libgdata-0.17.13/gdata/gd/gdata-gd-name.c
Examining data/libgdata-0.17.13/gdata/gd/gdata-gd-name.h
Examining data/libgdata-0.17.13/gdata/gd/gdata-gd-organization.c
Examining data/libgdata-0.17.13/gdata/gd/gdata-gd-organization.h
Examining data/libgdata-0.17.13/gdata/gd/gdata-gd-phone-number.c
Examining data/libgdata-0.17.13/gdata/gd/gdata-gd-phone-number.h
Examining data/libgdata-0.17.13/gdata/gd/gdata-gd-postal-address.c
Examining data/libgdata-0.17.13/gdata/gd/gdata-gd-postal-address.h
Examining data/libgdata-0.17.13/gdata/gd/gdata-gd-reminder.c
Examining data/libgdata-0.17.13/gdata/gd/gdata-gd-reminder.h
Examining data/libgdata-0.17.13/gdata/gd/gdata-gd-when.c
Examining data/libgdata-0.17.13/gdata/gd/gdata-gd-when.h
Examining data/libgdata-0.17.13/gdata/gd/gdata-gd-where.c
Examining data/libgdata-0.17.13/gdata/gd/gdata-gd-where.h
Examining data/libgdata-0.17.13/gdata/gd/gdata-gd-who.c
Examining data/libgdata-0.17.13/gdata/gd/gdata-gd-who.h
Examining data/libgdata-0.17.13/gdata/gdata-access-handler.c
Examining data/libgdata-0.17.13/gdata/gdata-access-handler.h
Examining data/libgdata-0.17.13/gdata/gdata-access-rule.c
Examining data/libgdata-0.17.13/gdata/gdata-access-rule.h
Examining data/libgdata-0.17.13/gdata/gdata-authorization-domain.c
Examining data/libgdata-0.17.13/gdata/gdata-authorization-domain.h
Examining data/libgdata-0.17.13/gdata/gdata-authorizer.c
Examining data/libgdata-0.17.13/gdata/gdata-authorizer.h
Examining data/libgdata-0.17.13/gdata/gdata-batch-feed.c
Examining data/libgdata-0.17.13/gdata/gdata-batch-feed.h
Examining data/libgdata-0.17.13/gdata/gdata-batch-operation.c
Examining data/libgdata-0.17.13/gdata/gdata-batch-operation.h
Examining data/libgdata-0.17.13/gdata/gdata-batch-private.h
Examining data/libgdata-0.17.13/gdata/gdata-batchable.c
Examining data/libgdata-0.17.13/gdata/gdata-batchable.h
Examining data/libgdata-0.17.13/gdata/gdata-buffer.c
Examining data/libgdata-0.17.13/gdata/gdata-buffer.h
Examining data/libgdata-0.17.13/gdata/gdata-client-login-authorizer.c
Examining data/libgdata-0.17.13/gdata/gdata-client-login-authorizer.h
Examining data/libgdata-0.17.13/gdata/gdata-comment.c
Examining data/libgdata-0.17.13/gdata/gdata-comment.h
Examining data/libgdata-0.17.13/gdata/gdata-commentable.c
Examining data/libgdata-0.17.13/gdata/gdata-commentable.h
Examining data/libgdata-0.17.13/gdata/gdata-comparable.c
Examining data/libgdata-0.17.13/gdata/gdata-comparable.h
Examining data/libgdata-0.17.13/gdata/gdata-download-stream.c
Examining data/libgdata-0.17.13/gdata/gdata-download-stream.h
Examining data/libgdata-0.17.13/gdata/gdata-entry.c
Examining data/libgdata-0.17.13/gdata/gdata-entry.h
Examining data/libgdata-0.17.13/gdata/gdata-feed.c
Examining data/libgdata-0.17.13/gdata/gdata-feed.h
Examining data/libgdata-0.17.13/gdata/gdata-goa-authorizer.c
Examining data/libgdata-0.17.13/gdata/gdata-goa-authorizer.h
Examining data/libgdata-0.17.13/gdata/gdata-oauth1-authorizer.c
Examining data/libgdata-0.17.13/gdata/gdata-oauth1-authorizer.h
Examining data/libgdata-0.17.13/gdata/gdata-oauth2-authorizer.c
Examining data/libgdata-0.17.13/gdata/gdata-oauth2-authorizer.h
Examining data/libgdata-0.17.13/gdata/gdata-parsable.c
Examining data/libgdata-0.17.13/gdata/gdata-parsable.h
Examining data/libgdata-0.17.13/gdata/gdata-parser.c
Examining data/libgdata-0.17.13/gdata/gdata-parser.h
Examining data/libgdata-0.17.13/gdata/gdata-private.h
Examining data/libgdata-0.17.13/gdata/gdata-query.c
Examining data/libgdata-0.17.13/gdata/gdata-query.h
Examining data/libgdata-0.17.13/gdata/gdata-service.c
Examining data/libgdata-0.17.13/gdata/gdata-service.h
Examining data/libgdata-0.17.13/gdata/gdata-types.c
Examining data/libgdata-0.17.13/gdata/gdata-types.h
Examining data/libgdata-0.17.13/gdata/gdata-upload-stream.c
Examining data/libgdata-0.17.13/gdata/gdata-upload-stream.h
Examining data/libgdata-0.17.13/gdata/gdata.h
Examining data/libgdata-0.17.13/gdata/georss/gdata-georss-where.c
Examining data/libgdata-0.17.13/gdata/georss/gdata-georss-where.h
Examining data/libgdata-0.17.13/gdata/media/gdata-media-category.c
Examining data/libgdata-0.17.13/gdata/media/gdata-media-category.h
Examining data/libgdata-0.17.13/gdata/media/gdata-media-content.c
Examining data/libgdata-0.17.13/gdata/media/gdata-media-content.h
Examining data/libgdata-0.17.13/gdata/media/gdata-media-credit.c
Examining data/libgdata-0.17.13/gdata/media/gdata-media-credit.h
Examining data/libgdata-0.17.13/gdata/media/gdata-media-group.c
Examining data/libgdata-0.17.13/gdata/media/gdata-media-group.h
Examining data/libgdata-0.17.13/gdata/media/gdata-media-thumbnail.c
Examining data/libgdata-0.17.13/gdata/media/gdata-media-thumbnail.h
Examining data/libgdata-0.17.13/gdata/services/calendar/gdata-calendar-access-rule.c
Examining data/libgdata-0.17.13/gdata/services/calendar/gdata-calendar-access-rule.h
Examining data/libgdata-0.17.13/gdata/services/calendar/gdata-calendar-calendar.c
Examining data/libgdata-0.17.13/gdata/services/calendar/gdata-calendar-calendar.h
Examining data/libgdata-0.17.13/gdata/services/calendar/gdata-calendar-event.c
Examining data/libgdata-0.17.13/gdata/services/calendar/gdata-calendar-event.h
Examining data/libgdata-0.17.13/gdata/services/calendar/gdata-calendar-feed.c
Examining data/libgdata-0.17.13/gdata/services/calendar/gdata-calendar-feed.h
Examining data/libgdata-0.17.13/gdata/services/calendar/gdata-calendar-query.c
Examining data/libgdata-0.17.13/gdata/services/calendar/gdata-calendar-query.h
Examining data/libgdata-0.17.13/gdata/services/calendar/gdata-calendar-service.c
Examining data/libgdata-0.17.13/gdata/services/calendar/gdata-calendar-service.h
Examining data/libgdata-0.17.13/gdata/services/contacts/gdata-contacts-contact.c
Examining data/libgdata-0.17.13/gdata/services/contacts/gdata-contacts-contact.h
Examining data/libgdata-0.17.13/gdata/services/contacts/gdata-contacts-group.c
Examining data/libgdata-0.17.13/gdata/services/contacts/gdata-contacts-group.h
Examining data/libgdata-0.17.13/gdata/services/contacts/gdata-contacts-query.c
Examining data/libgdata-0.17.13/gdata/services/contacts/gdata-contacts-query.h
Examining data/libgdata-0.17.13/gdata/services/contacts/gdata-contacts-service.c
Examining data/libgdata-0.17.13/gdata/services/contacts/gdata-contacts-service.h
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-access-rule.c
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-access-rule.h
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-document.c
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-document.h
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-drawing.c
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-drawing.h
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-entry-private.h
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-entry.c
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-entry.h
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-feed.c
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-feed.h
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-folder.c
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-folder.h
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-metadata.c
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-metadata.h
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-pdf.c
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-pdf.h
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-presentation.c
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-presentation.h
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-property.c
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-property.h
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-query.c
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-query.h
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-service.c
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-service.h
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-spreadsheet.c
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-spreadsheet.h
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-text.c
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-text.h
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-upload-query.c
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-upload-query.h
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-utils.c
Examining data/libgdata-0.17.13/gdata/services/documents/gdata-documents-utils.h
Examining data/libgdata-0.17.13/gdata/services/freebase/gdata-freebase-query.c
Examining data/libgdata-0.17.13/gdata/services/freebase/gdata-freebase-query.h
Examining data/libgdata-0.17.13/gdata/services/freebase/gdata-freebase-result.c
Examining data/libgdata-0.17.13/gdata/services/freebase/gdata-freebase-result.h
Examining data/libgdata-0.17.13/gdata/services/freebase/gdata-freebase-search-query.c
Examining data/libgdata-0.17.13/gdata/services/freebase/gdata-freebase-search-query.h
Examining data/libgdata-0.17.13/gdata/services/freebase/gdata-freebase-search-result.c
Examining data/libgdata-0.17.13/gdata/services/freebase/gdata-freebase-search-result.h
Examining data/libgdata-0.17.13/gdata/services/freebase/gdata-freebase-service.c
Examining data/libgdata-0.17.13/gdata/services/freebase/gdata-freebase-service.h
Examining data/libgdata-0.17.13/gdata/services/freebase/gdata-freebase-topic-query.c
Examining data/libgdata-0.17.13/gdata/services/freebase/gdata-freebase-topic-query.h
Examining data/libgdata-0.17.13/gdata/services/freebase/gdata-freebase-topic-result.c
Examining data/libgdata-0.17.13/gdata/services/freebase/gdata-freebase-topic-result.h
Examining data/libgdata-0.17.13/gdata/services/picasaweb/gdata-picasaweb-album.c
Examining data/libgdata-0.17.13/gdata/services/picasaweb/gdata-picasaweb-album.h
Examining data/libgdata-0.17.13/gdata/services/picasaweb/gdata-picasaweb-comment.c
Examining data/libgdata-0.17.13/gdata/services/picasaweb/gdata-picasaweb-comment.h
Examining data/libgdata-0.17.13/gdata/services/picasaweb/gdata-picasaweb-feed.c
Examining data/libgdata-0.17.13/gdata/services/picasaweb/gdata-picasaweb-feed.h
Examining data/libgdata-0.17.13/gdata/services/picasaweb/gdata-picasaweb-file.c
Examining data/libgdata-0.17.13/gdata/services/picasaweb/gdata-picasaweb-file.h
Examining data/libgdata-0.17.13/gdata/services/picasaweb/gdata-picasaweb-query.c
Examining data/libgdata-0.17.13/gdata/services/picasaweb/gdata-picasaweb-query.h
Examining data/libgdata-0.17.13/gdata/services/picasaweb/gdata-picasaweb-service.c
Examining data/libgdata-0.17.13/gdata/services/picasaweb/gdata-picasaweb-service.h
Examining data/libgdata-0.17.13/gdata/services/picasaweb/gdata-picasaweb-user.c
Examining data/libgdata-0.17.13/gdata/services/picasaweb/gdata-picasaweb-user.h
Examining data/libgdata-0.17.13/gdata/services/tasks/gdata-tasks-query.c
Examining data/libgdata-0.17.13/gdata/services/tasks/gdata-tasks-query.h
Examining data/libgdata-0.17.13/gdata/services/tasks/gdata-tasks-service.c
Examining data/libgdata-0.17.13/gdata/services/tasks/gdata-tasks-service.h
Examining data/libgdata-0.17.13/gdata/services/tasks/gdata-tasks-task.c
Examining data/libgdata-0.17.13/gdata/services/tasks/gdata-tasks-task.h
Examining data/libgdata-0.17.13/gdata/services/tasks/gdata-tasks-tasklist.c
Examining data/libgdata-0.17.13/gdata/services/tasks/gdata-tasks-tasklist.h
Examining data/libgdata-0.17.13/gdata/services/youtube/gdata-youtube-category.c
Examining data/libgdata-0.17.13/gdata/services/youtube/gdata-youtube-category.h
Examining data/libgdata-0.17.13/gdata/services/youtube/gdata-youtube-comment.c
Examining data/libgdata-0.17.13/gdata/services/youtube/gdata-youtube-comment.h
Examining data/libgdata-0.17.13/gdata/services/youtube/gdata-youtube-content.c
Examining data/libgdata-0.17.13/gdata/services/youtube/gdata-youtube-content.h
Examining data/libgdata-0.17.13/gdata/services/youtube/gdata-youtube-credit.c
Examining data/libgdata-0.17.13/gdata/services/youtube/gdata-youtube-credit.h
Examining data/libgdata-0.17.13/gdata/services/youtube/gdata-youtube-feed.c
Examining data/libgdata-0.17.13/gdata/services/youtube/gdata-youtube-feed.h
Examining data/libgdata-0.17.13/gdata/services/youtube/gdata-youtube-query.c
Examining data/libgdata-0.17.13/gdata/services/youtube/gdata-youtube-query.h
Examining data/libgdata-0.17.13/gdata/services/youtube/gdata-youtube-service.c
Examining data/libgdata-0.17.13/gdata/services/youtube/gdata-youtube-service.h
Examining data/libgdata-0.17.13/gdata/services/youtube/gdata-youtube-state.c
Examining data/libgdata-0.17.13/gdata/services/youtube/gdata-youtube-state.h
Examining data/libgdata-0.17.13/gdata/services/youtube/gdata-youtube-video.c
Examining data/libgdata-0.17.13/gdata/services/youtube/gdata-youtube-video.h
Examining data/libgdata-0.17.13/gdata/tests/authorization.c
Examining data/libgdata-0.17.13/gdata/tests/buffer.c
Examining data/libgdata-0.17.13/gdata/tests/calendar.c
Examining data/libgdata-0.17.13/gdata/tests/common.c
Examining data/libgdata-0.17.13/gdata/tests/common.h
Examining data/libgdata-0.17.13/gdata/tests/contacts.c
Examining data/libgdata-0.17.13/gdata/tests/documents.c
Examining data/libgdata-0.17.13/gdata/tests/gdata-dummy-authorizer.c
Examining data/libgdata-0.17.13/gdata/tests/gdata-dummy-authorizer.h
Examining data/libgdata-0.17.13/gdata/tests/general.c
Examining data/libgdata-0.17.13/gdata/tests/oauth1-authorizer.c
Examining data/libgdata-0.17.13/gdata/tests/oauth2-authorizer.c
Examining data/libgdata-0.17.13/gdata/tests/perf.c
Examining data/libgdata-0.17.13/gdata/tests/picasaweb.c
Examining data/libgdata-0.17.13/gdata/tests/streams.c
Examining data/libgdata-0.17.13/gdata/tests/tasks.c
Examining data/libgdata-0.17.13/gdata/tests/youtube.c
FINAL RESULTS:
data/libgdata-0.17.13/gdata/services/contacts/gdata-contacts-contact.c:1239:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (uri + strlen ("https://"), id + strlen ("http://"));
data/libgdata-0.17.13/gdata/tests/documents.c:1474:44: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
destination_file_path = g_build_filename (g_get_tmp_dir (), destination_file_name, NULL);
data/libgdata-0.17.13/gdata/tests/documents.c:1550:44: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
destination_file_path = g_build_filename (g_get_tmp_dir (), destination_file_name, NULL);
data/libgdata-0.17.13/gdata/tests/picasaweb.c:666:44: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
destination_file_path = g_build_filename (g_get_tmp_dir (), destination_file_name, NULL);
data/libgdata-0.17.13/gdata/tests/picasaweb.c:752:44: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
destination_file_path = g_build_filename (g_get_tmp_dir (), destination_file_name, NULL);
data/libgdata-0.17.13/gdata/gdata-buffer.c:141:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (chunk->data, data, length);
data/libgdata-0.17.13/gdata/gdata-buffer.c:278:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, chunk->data + self->head_read_offset, chunk_length);
data/libgdata-0.17.13/gdata/gdata-buffer.c:299:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, chunk->data + self->head_read_offset, length_remaining);
data/libgdata-0.17.13/gdata/gdata-client-login-authorizer.c:777:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (captcha_uri, captcha_base_uri, captcha_base_uri_length);
data/libgdata-0.17.13/gdata/gdata-client-login-authorizer.c:778:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (captcha_uri + captcha_base_uri_length, captcha_start, (captcha_end - captcha_start));
data/libgdata-0.17.13/gdata/gdata-service.c:2295:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
level = atoi (envvar);
data/libgdata-0.17.13/gdata/services/contacts/gdata-contacts-contact.c:573:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (base, "/full/", 6);
data/libgdata-0.17.13/gdata/services/contacts/gdata-contacts-contact.c:803:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (base, "/full/", 6);
data/libgdata-0.17.13/gdata/services/contacts/gdata-contacts-contact.c:1092:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((char*) full_pos, "/base/", 6);
data/libgdata-0.17.13/gdata/services/contacts/gdata-contacts-contact.c:1238:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (uri, "https://");
data/libgdata-0.17.13/gdata/services/contacts/gdata-contacts-contact.c:1248:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((char*) base_pos, "/full/", 6);
data/libgdata-0.17.13/gdata/services/contacts/gdata-contacts-group.c:257:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (base, "/full/", 6);
data/libgdata-0.17.13/gdata/services/contacts/gdata-contacts-group.c:335:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (base, "/full/", 6);
data/libgdata-0.17.13/gdata/services/contacts/gdata-contacts-group.c:447:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((char*) base_pos, "/full/", 6);
data/libgdata-0.17.13/gdata/tests/common.c:1036:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char verifier[100];
data/libgdata-0.17.13/demos/calendar/calendar-cli.c:209:6: [1] (buffer) scanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (scanf ("%100s", code) != 1) {
data/libgdata-0.17.13/demos/tasks/tasks-cli.c:138:6: [1] (buffer) scanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (scanf ("%100s", code) != 1) {
data/libgdata-0.17.13/demos/youtube/youtube-cli.c:123:6: [1] (buffer) scanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (scanf ("%100s", code) != 1) {
data/libgdata-0.17.13/gdata/gcontact/gdata-gcontact-event.c:245:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen ((char*) start_time) == 10 &&
data/libgdata-0.17.13/gdata/gdata-batch-operation.c:679:92: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
soup_message_set_request (message, "application/atom+xml", SOUP_MEMORY_TAKE, upload_data, strlen (upload_data));
data/libgdata-0.17.13/gdata/gdata-client-login-authorizer.c:445:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset (authorisation_header, 0, strlen (authorisation_header));
data/libgdata-0.17.13/gdata/gdata-client-login-authorizer.c:612:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
auth_start += strlen ("Auth=");
data/libgdata-0.17.13/gdata/gdata-client-login-authorizer.c:620:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (auth_token == NULL || strlen (auth_token) == 0) {
data/libgdata-0.17.13/gdata/gdata-client-login-authorizer.c:726:106: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
soup_message_set_request (message, "application/x-www-form-urlencoded", SOUP_MEMORY_TAKE, request_body, strlen (request_body));
data/libgdata-0.17.13/gdata/gdata-client-login-authorizer.c:750:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
error_start += strlen ("Error=");
data/libgdata-0.17.13/gdata/gdata-client-login-authorizer.c:767:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
captcha_start += strlen ("CaptchaUrl=");
data/libgdata-0.17.13/gdata/gdata-client-login-authorizer.c:775:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
captcha_base_uri_length = strlen (captcha_base_uri);
data/libgdata-0.17.13/gdata/gdata-client-login-authorizer.c:797:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
captcha_start += strlen ("CaptchaToken=");
data/libgdata-0.17.13/gdata/gdata-client-login-authorizer.c:818:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
info_start += strlen ("Info=");
data/libgdata-0.17.13/gdata/gdata-client-login-authorizer.c:842:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri_start += strlen ("Url=");
data/libgdata-0.17.13/gdata/gdata-oauth1-authorizer.c:562:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
signature_base_string = g_string_sized_new (4 /* method */ + 1 /* sep */ + strlen (uri) + 1 /* sep */ + params_length /* query string */);
data/libgdata-0.17.13/gdata/gdata-oauth1-authorizer.c:806:106: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
soup_message_set_request (message, "application/x-www-form-urlencoded", SOUP_MEMORY_TAKE, request_body, strlen (request_body));
data/libgdata-0.17.13/gdata/gdata-oauth1-authorizer.c:1085:106: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
soup_message_set_request (message, "application/x-www-form-urlencoded", SOUP_MEMORY_TAKE, request_body, strlen (request_body));
data/libgdata-0.17.13/gdata/gdata-oauth1-authorizer.c:1146:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset ((void*) _token_secret, 0, strlen (_token_secret));
data/libgdata-0.17.13/gdata/gdata-oauth2-authorizer.c:680:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (request_body));
data/libgdata-0.17.13/gdata/gdata-oauth2-authorizer.c:1195:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (request_body));
data/libgdata-0.17.13/gdata/gdata-parsable.c:344:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (xml);
data/libgdata-0.17.13/gdata/gdata-parsable.c:477:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (json);
data/libgdata-0.17.13/gdata/gdata-parser.c:213:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (date) != 10 && strlen (date) != 8)
data/libgdata-0.17.13/gdata/gdata-parser.c:213:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (date) != 10 && strlen (date) != 8)
data/libgdata-0.17.13/gdata/gdata-service.c:1443:89: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
soup_message_set_request (message, "application/json", SOUP_MEMORY_TAKE, upload_data, strlen (upload_data));
data/libgdata-0.17.13/gdata/gdata-service.c:1446:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
soup_message_set_request (message, "application/atom+xml", SOUP_MEMORY_TAKE, upload_data, strlen (upload_data));
data/libgdata-0.17.13/gdata/gdata-service.c:1630:89: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
soup_message_set_request (message, "application/json", SOUP_MEMORY_TAKE, upload_data, strlen (upload_data));
data/libgdata-0.17.13/gdata/gdata-service.c:1637:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
soup_message_set_request (message, "application/atom+xml", SOUP_MEMORY_TAKE, upload_data, strlen (upload_data));
data/libgdata-0.17.13/gdata/gdata-service.c:2055:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri = g_string_sized_new (strlen (format));
data/libgdata-0.17.13/gdata/gdata-service.c:2201:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri = soup_uri_new (data + strlen ("Location: "));
data/libgdata-0.17.13/gdata/gdata-service.c:2465:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len = MIN (strlen (str), n_bytes);
data/libgdata-0.17.13/gdata/gdata-service.c:2467:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (duped_str, str, str_len);
data/libgdata-0.17.13/gdata/gdata-service.c:2494:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset (str, 0, strlen (str));
data/libgdata-0.17.13/gdata/gdata-types.c:81:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (hexadecimal) != 6)
data/libgdata-0.17.13/gdata/gdata-upload-stream.c:488:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (first_part_header));
data/libgdata-0.17.13/gdata/gdata-upload-stream.c:491:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (upload_data));
data/libgdata-0.17.13/gdata/gdata-upload-stream.c:495:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (second_part_header));
data/libgdata-0.17.13/gdata/gdata-upload-stream.c:542:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (upload_data));
data/libgdata-0.17.13/gdata/gdata-upload-stream.c:968:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize footer_length = strlen (footer);
data/libgdata-0.17.13/gdata/media/gdata-media-group.c:171:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gchar *end = start + strlen (start);
data/libgdata-0.17.13/gdata/media/gdata-media-thumbnail.c:216:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (end_pointer != time_string + strlen (time_string))
data/libgdata-0.17.13/gdata/services/calendar/gdata-calendar-event.c:639:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return uri + strlen (V2_PREFIX);
data/libgdata-0.17.13/gdata/services/calendar/gdata-calendar-service.c:230:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (response_body);
data/libgdata-0.17.13/gdata/services/contacts/gdata-contacts-contact.c:1022:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen ((char*) birthday);
data/libgdata-0.17.13/gdata/services/contacts/gdata-contacts-contact.c:1235:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
guint id_length = strlen (id);
data/libgdata-0.17.13/gdata/services/contacts/gdata-contacts-contact.c:1239:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy (uri + strlen ("https://"), id + strlen ("http://"));
data/libgdata-0.17.13/gdata/services/contacts/gdata-contacts-contact.c:1239:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy (uri + strlen ("https://"), id + strlen ("http://"));
data/libgdata-0.17.13/gdata/services/documents/gdata-documents-service.c:331:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
v3_pos + strlen ("://docs.google.com/feeds/upload/create-session/default/private/full"), NULL);
data/libgdata-0.17.13/gdata/services/documents/gdata-documents-service.c:1248:88: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
soup_message_set_request (message, "application/json", SOUP_MEMORY_TAKE, upload_data, strlen (upload_data));
data/libgdata-0.17.13/gdata/services/documents/gdata-documents-utils.c:147:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri_prefix_len = strlen (GDATA_DOCUMENTS_URI_PREFIX);
data/libgdata-0.17.13/gdata/services/freebase/gdata-freebase-search-query.c:323:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (user_languages[i]) != 2)
data/libgdata-0.17.13/gdata/services/freebase/gdata-freebase-search-query.c:541:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_return_if_fail (!lang || strlen (lang) == 2);
data/libgdata-0.17.13/gdata/services/freebase/gdata-freebase-topic-query.c:192:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (user_languages[i]) == 2) {
data/libgdata-0.17.13/gdata/services/freebase/gdata-freebase-topic-query.c:271:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_return_if_fail (lang == NULL || strlen (lang) == 2);
data/libgdata-0.17.13/gdata/services/tasks/gdata-tasks-service.c:123:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (response_body);
data/libgdata-0.17.13/gdata/services/youtube/gdata-youtube-service.c:469:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (response_body);
data/libgdata-0.17.13/gdata/services/youtube/gdata-youtube-video.c:1487:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id += strlen (old_prefix);
data/libgdata-0.17.13/gdata/tests/common.c:611:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parsable_doc = xmlReadMemory (parsable_xml, strlen (parsable_xml), "/dev/null", NULL, 0);
data/libgdata-0.17.13/gdata/tests/common.c:612:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
expected_doc = xmlReadMemory (expected_xml, strlen (expected_xml), "/dev/null", NULL, 0);
data/libgdata-0.17.13/gdata/tests/common.c:905:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (message) > 2 && message[2] == '<') {
data/libgdata-0.17.13/gdata/tests/common.c:934:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uhm_server_received_message_chunk (mock_server, message, strlen (message), NULL);
data/libgdata-0.17.13/gdata/tests/common.c:993:92: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
soup_message_body_append (message->response_body, SOUP_MEMORY_STATIC, data->message_body, strlen (data->message_body));
data/libgdata-0.17.13/gdata/tests/common.c:1018:94: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
soup_message_body_append (message->response_body, SOUP_MEMORY_STATIC, "Request timed out.", strlen ("Request timed out."));
data/libgdata-0.17.13/gdata/tests/common.c:1041:6: [1] (buffer) scanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (scanf ("%100s", verifier) != 1) {
data/libgdata-0.17.13/gdata/tests/picasaweb.c:210:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint (strlen (gdata_picasaweb_file_get_id (file1)), >, 0);
data/libgdata-0.17.13/gdata/tests/picasaweb.c:246:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpuint (strlen (gdata_picasaweb_file_get_version (file1)), >, 0);
data/libgdata-0.17.13/gdata/tests/picasaweb.c:248:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpuint (strlen (gdata_picasaweb_file_get_album_id (file1)), >, 0);
data/libgdata-0.17.13/gdata/tests/picasaweb.c:336:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpuint (strlen (gdata_picasaweb_file_get_image_unique_id (file1)), >, 0);
data/libgdata-0.17.13/gdata/tests/picasaweb.c:340:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpuint (strlen (gdata_picasaweb_file_get_make (file1)), >, 0);
data/libgdata-0.17.13/gdata/tests/picasaweb.c:342:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpuint (strlen (gdata_picasaweb_file_get_model (file1)), >, 0);
data/libgdata-0.17.13/gdata/tests/picasaweb.c:542:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpuint (strlen (xml), >, 0);
data/libgdata-0.17.13/gdata/tests/picasaweb.c:1014:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpuint (strlen (xml), >, 0);
data/libgdata-0.17.13/gdata/tests/streams.c:147:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
test_string_length = strlen (test_string) + 1;
data/libgdata-0.17.13/gdata/tests/streams.c:299:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint (contents->len, ==, strlen (test_string) + 1);
data/libgdata-0.17.13/gdata/tests/streams.c:322:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
test_string_length = strlen (test_string) + 1;
data/libgdata-0.17.13/gdata/tests/streams.c:359:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
test_string_length = strlen (test_string) + 1;
data/libgdata-0.17.13/gdata/tests/streams.c:448:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
test_string_length = strlen (test_string) + 1;
data/libgdata-0.17.13/gdata/tests/streams.c:604:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
test_string_length = strlen (test_string) + 1;
data/libgdata-0.17.13/gdata/tests/streams.c:647:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
test_string_length = strlen (test_string) + 1;
data/libgdata-0.17.13/gdata/tests/streams.c:878:89: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
soup_message_body_append (message->response_body, SOUP_MEMORY_STATIC, error_response, strlen (error_response));
data/libgdata-0.17.13/gdata/tests/streams.c:894:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpstr (server_uri + strlen (server_uri) - 1, ==, "/");
data/libgdata-0.17.13/gdata/tests/streams.c:923:94: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
soup_message_body_append (message->response_body, SOUP_MEMORY_STATIC, completion_response, strlen (completion_response));
data/libgdata-0.17.13/gdata/tests/streams.c:951:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert (strlen (test_string) + 1 >= test_params->file_size);
ANALYSIS SUMMARY:
Hits = 104
Lines analyzed = 107045 in approximately 3.18 seconds (33616 lines/second)
Physical Source Lines of Code (SLOC) = 58143
Hits@level = [0] 8 [1] 84 [2] 15 [3] 4 [4] 1 [5] 0
Hits@level+ = [0+] 112 [1+] 104 [2+] 20 [3+] 5 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 1.92629 [1+] 1.78869 [2+] 0.343979 [3+] 0.0859949 [4+] 0.017199 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.