Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libircclient-1.9/include/libirc_options.h Examining data/libircclient-1.9/include/libirc_errors.h Examining data/libircclient-1.9/include/libircclient.h Examining data/libircclient-1.9/include/libirc_events.h Examining data/libircclient-1.9/include/libirc_rfcnumeric.h Examining data/libircclient-1.9/examples/ircftp.cpp Examining data/libircclient-1.9/examples/colors.cpp Examining data/libircclient-1.9/examples/censor.cpp Examining data/libircclient-1.9/examples/spammer.c Examining data/libircclient-1.9/examples/irctest.c Examining data/libircclient-1.9/cocoa/Classes/DDInvocationGrabber.h Examining data/libircclient-1.9/cocoa/Classes/NSObject+DDExtensions.h Examining data/libircclient-1.9/cocoa/Classes/IRCClientChannelDelegate.h Examining data/libircclient-1.9/cocoa/Classes/IRCClientSession.h Examining data/libircclient-1.9/cocoa/Classes/IRCClientSessionDelegate.h Examining data/libircclient-1.9/cocoa/Classes/IRCClientChannel.h Examining data/libircclient-1.9/src/dcc.h Examining data/libircclient-1.9/src/ssl.c Examining data/libircclient-1.9/src/errors.c Examining data/libircclient-1.9/src/colors.c Examining data/libircclient-1.9/src/dcc.c Examining data/libircclient-1.9/src/portable.c Examining data/libircclient-1.9/src/session.h Examining data/libircclient-1.9/src/utils.c Examining data/libircclient-1.9/src/params.h Examining data/libircclient-1.9/src/sockets.c Examining data/libircclient-1.9/src/libircclient.c FINAL RESULTS: data/libircclient-1.9/examples/censor.cpp:112:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (text, "%s, please do not swear in this channel.", nickbuf); data/libircclient-1.9/examples/censor.cpp:118:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (text, "%s, do not swear in this channel, or you'll leave it.", nickbuf); data/libircclient-1.9/examples/censor.cpp:124:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (text, "kicked %s from %s for swearing.", nickbuf, params[0]); data/libircclient-1.9/examples/irctest.c:57:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf (buf, sizeof(buf), fmt, va_alist); data/libircclient-1.9/examples/irctest.c:83:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (buf, params[cnt]); data/libircclient-1.9/examples/spammer.c:120:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (textbuf, "Hey, %s, hi!", origin); data/libircclient-1.9/src/colors.c:53:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (*destline, str); data/libircclient-1.9/src/colors.c:86:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (startbuf, "[COLOR=%s/%s]", color_replacement_table[colorid], color_replacement_table[bgcolorid]); data/libircclient-1.9/src/colors.c:88:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (startbuf, "[COLOR=%s]", color_replacement_table[colorid]); data/libircclient-1.9/src/dcc.c:660:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (notbuf, "DCC Chat (%s)", inet_ntoa (saddr.sin_addr)); data/libircclient-1.9/src/dcc.c:701:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (dcc->outgoing_buf + dcc->outgoing_offset, text); data/libircclient-1.9/src/dcc.c:740:12: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. else if ( sscanf (req, "DCC SEND %s %lu %hu %lu", filenamebuf, &ip, &port, &size) == 4 ) data/libircclient-1.9/src/dcc.c:883:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (notbuf, "DCC Send %s (%s)", p, inet_ntoa (saddr.sin_addr)); data/libircclient-1.9/src/dcc.c:884:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (cmdbuf, "DCC SEND %s %lu %u %ld", p, (unsigned long) ntohl (saddr.sin_addr.s_addr), ntohs (saddr.sin_port), filesize); data/libircclient-1.9/src/libircclient.c:981:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf (buf, sizeof(buf), format, va_alist); data/libircclient-1.9/src/libircclient.c:993:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (session->outgoing_buf + session->outgoing_offset, buf); data/libircclient-1.9/src/portable.c:57:10: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/libircclient-1.9/src/portable.c:57:21: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/libircclient-1.9/src/portable.c:58:10: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define vsnprintf _vsnprintf data/libircclient-1.9/src/utils.c:111:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (textbuf, "FINGER %s (%s) Idle 0 seconds", data/libircclient-1.9/src/portable.c:74:2: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection (mutex); data/libircclient-1.9/src/portable.c:103:2: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection (mutex); data/libircclient-1.9/src/ssl.c:30:9: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection( &mutex_buf[n] ); data/libircclient-1.9/src/ssl.c:52:3: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection( &(mutex_buf[i]) ); data/libircclient-1.9/examples/censor.cpp:65:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nickbuf[128]; data/libircclient-1.9/examples/censor.cpp:94:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nickbuf[128], text[256]; data/libircclient-1.9/examples/irctest.c:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libircclient-1.9/examples/irctest.c:63:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( (fp = fopen ("irctest.log", "ab")) != 0 ) data/libircclient-1.9/examples/irctest.c:73:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/libircclient-1.9/examples/irctest.c:121:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[12]; data/libircclient-1.9/examples/irctest.c:138:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "DCC [%d]: %d", id, count++); data/libircclient-1.9/examples/irctest.c:177:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nickbuf[128]; data/libircclient-1.9/examples/irctest.c:250:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( (fp = fopen ("file", "wb")) == 0 ) data/libircclient-1.9/examples/irctest.c:258:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[24]; data/libircclient-1.9/examples/irctest.c:259:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "%d", event); data/libircclient-1.9/examples/spammer.c:119:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char textbuf[168]; data/libircclient-1.9/src/colors.c:83:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char startbuf[64]; data/libircclient-1.9/src/colors.c:285:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tagbuf[32]; data/libircclient-1.9/src/colors.c:288:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (tagbuf, p1 + 1, taglen); data/libircclient-1.9/src/colors.c:310:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tagbuf, "\x03%02d", color); data/libircclient-1.9/src/colors.c:315:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tagbuf, "\x03%02d,%02d", color, bgcolor); data/libircclient-1.9/src/colors.c:334:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (d, cur, partlen); data/libircclient-1.9/src/colors.c:358:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (d, cur, partlen); data/libircclient-1.9/src/dcc.c:548:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&saddr6.sin6_addr, &session->local_addr6, sizeof(session->local_addr6)); data/libircclient-1.9/src/dcc.c:560:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&saddr.sin_addr, &session->local_addr, sizeof(session->local_addr)); data/libircclient-1.9/src/dcc.c:635:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdbuf[128], notbuf[128]; data/libircclient-1.9/src/dcc.c:661:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (cmdbuf, "DCC CHAT chat %lu %u", (unsigned long) ntohl (saddr.sin_addr.s_addr), ntohs (saddr.sin_port)); data/libircclient-1.9/src/dcc.c:715:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filenamebuf[256]; data/libircclient-1.9/src/dcc.c:828:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdbuf[128], notbuf[128]; data/libircclient-1.9/src/dcc.c:852:31: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( (dcc->dccsend_file_fp = fopen (filename, "rb")) == 0 ) data/libircclient-1.9/src/dcc.h:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char incoming_buf[LIBIRC_DCC_BUFFER_SIZE]; data/libircclient-1.9/src/dcc.h:46:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outgoing_buf[LIBIRC_DCC_BUFFER_SIZE]; data/libircclient-1.9/src/errors.c:15:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * libirc_strerror[LIBIRC_ERR_MAX] = data/libircclient-1.9/src/libircclient.c:82:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&session->callbacks, callbacks, sizeof(irc_callbacks_t)); data/libircclient-1.9/src/libircclient.c:208:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi( p ); data/libircclient-1.9/src/libircclient.c:223:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048]; data/libircclient-1.9/src/libircclient.c:236:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&saddr.sin_addr, hp->h_addr, (size_t) hp->h_length); data/libircclient-1.9/src/libircclient.c:285:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portStr[32], *p; data/libircclient-1.9/src/libircclient.c:339:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi( p ); data/libircclient-1.9/src/libircclient.c:346:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( portStr, "%u", (unsigned)port ); data/libircclient-1.9/src/libircclient.c:370:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &saddr, res->ai_addr, res->ai_addrlen ); data/libircclient-1.9/src/libircclient.c:396:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &saddr, res->ai_addr, res->ai_addrlen ); data/libircclient-1.9/src/libircclient.c:527:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2*512], *p, *s; data/libircclient-1.9/src/libircclient.c:535:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, session->incoming_buf, process_length); data/libircclient-1.9/src/libircclient.c:584:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). code = atoi (p); data/libircclient-1.9/src/libircclient.c:651:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nickbuf[256]; data/libircclient-1.9/src/libircclient.c:717:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctcp_buf[128]; data/libircclient-1.9/src/libircclient.c:723:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ctcp_buf, params[1] + 1, msglen); data/libircclient-1.9/src/libircclient.c:767:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctcp_buf[512]; data/libircclient-1.9/src/libircclient.c:773:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ctcp_buf, params[1] + 1, msglen); data/libircclient-1.9/src/libircclient.c:817:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256], hname[256]; data/libircclient-1.9/src/libircclient.c:853:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&session->local_addr, &((struct sockaddr_in *)&laddr)->sin_addr, sizeof(struct in_addr)); data/libircclient-1.9/src/libircclient.c:855:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&session->local_addr6, &((struct sockaddr_in6 *)&laddr)->sin6_addr, sizeof(struct in6_addr)); data/libircclient-1.9/src/libircclient.c:866:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (hname, "unknown"); data/libircclient-1.9/src/libircclient.c:971:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libircclient-1.9/src/libircclient.c:1134:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (nick, target, len); data/libircclient-1.9/src/libircclient.c:1152:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (host, p, len); data/libircclient-1.9/src/session.h:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char incoming_buf[LIBIRC_BUFFER_SIZE]; data/libircclient-1.9/src/session.h:45:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outgoing_buf[LIBIRC_BUFFER_SIZE]; data/libircclient-1.9/src/utils.c:90:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nickbuf[128], textbuf[256]; data/libircclient-1.9/examples/irctest.c:81:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (buf, "|"); data/libircclient-1.9/src/colors.c:49:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int len = strlen(str); data/libircclient-1.9/src/colors.c:352:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p2 = cur + strlen(cur); data/libircclient-1.9/src/dcc.c:386:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (*dcc->cb)(ircsession, dcc->id, err, dcc->ctx, dcc->incoming_buf, strlen(dcc->incoming_buf)); data/libircclient-1.9/src/dcc.c:692:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (strlen(text) + 2) >= (sizeof(dcc->outgoing_buf) - dcc->outgoing_offset) ) data/libircclient-1.9/src/dcc.c:702:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dcc->outgoing_offset += strlen (text); data/libircclient-1.9/src/libircclient.c:655:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( !strncmp (nickbuf, session->nick, strlen(session->nick)) && paramindex > 0 ) data/libircclient-1.9/src/libircclient.c:681:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( paramindex > 0 && !strncmp (params[0], session->nick, strlen(session->nick)) ) data/libircclient-1.9/src/libircclient.c:709:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t msglen = strlen (params[1]); data/libircclient-1.9/src/libircclient.c:745:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if ( !strncasecmp (params[0], session->nick, strlen(session->nick) ) ) data/libircclient-1.9/src/libircclient.c:759:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t msglen = strlen (params[1]); data/libircclient-1.9/src/libircclient.c:782:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if ( !strncasecmp (params[0], session->nick, strlen(session->nick) ) ) data/libircclient-1.9/src/libircclient.c:986:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (strlen(buf) + 2) >= (sizeof(session->outgoing_buf) - session->outgoing_offset) ) data/libircclient-1.9/src/libircclient.c:994:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). session->outgoing_offset += strlen (buf); data/libircclient-1.9/src/libircclient.c:1129:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (target); data/libircclient-1.9/src/libircclient.c:1147:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (p); ANALYSIS SUMMARY: Hits = 96 Lines analyzed = 9015 in approximately 0.35 seconds (25534 lines/second) Physical Source Lines of Code (SLOC) = 3615 Hits@level = [0] 61 [1] 16 [2] 56 [3] 4 [4] 20 [5] 0 Hits@level+ = [0+] 157 [1+] 96 [2+] 80 [3+] 24 [4+] 20 [5+] 0 Hits/KSLOC@level+ = [0+] 43.4302 [1+] 26.556 [2+] 22.13 [3+] 6.639 [4+] 5.5325 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.