Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libxmlb-0.1.15/src/xb-builder-fixup-private.h
Examining data/libxmlb-0.1.15/src/xb-builder-fixup.c
Examining data/libxmlb-0.1.15/src/xb-builder-fixup.h
Examining data/libxmlb-0.1.15/src/xb-builder-node-private.h
Examining data/libxmlb-0.1.15/src/xb-builder-node.c
Examining data/libxmlb-0.1.15/src/xb-builder-node.h
Examining data/libxmlb-0.1.15/src/xb-builder-source-ctx-private.h
Examining data/libxmlb-0.1.15/src/xb-builder-source-ctx.c
Examining data/libxmlb-0.1.15/src/xb-builder-source-ctx.h
Examining data/libxmlb-0.1.15/src/xb-builder-source-private.h
Examining data/libxmlb-0.1.15/src/xb-builder-source.c
Examining data/libxmlb-0.1.15/src/xb-builder-source.h
Examining data/libxmlb-0.1.15/src/xb-builder.c
Examining data/libxmlb-0.1.15/src/xb-builder.h
Examining data/libxmlb-0.1.15/src/xb-machine.c
Examining data/libxmlb-0.1.15/src/xb-machine.h
Examining data/libxmlb-0.1.15/src/xb-node-private.h
Examining data/libxmlb-0.1.15/src/xb-node-query.c
Examining data/libxmlb-0.1.15/src/xb-node-query.h
Examining data/libxmlb-0.1.15/src/xb-node.c
Examining data/libxmlb-0.1.15/src/xb-node.h
Examining data/libxmlb-0.1.15/src/xb-opcode-private.h
Examining data/libxmlb-0.1.15/src/xb-opcode.c
Examining data/libxmlb-0.1.15/src/xb-opcode.h
Examining data/libxmlb-0.1.15/src/xb-query-private.h
Examining data/libxmlb-0.1.15/src/xb-query.c
Examining data/libxmlb-0.1.15/src/xb-query.h
Examining data/libxmlb-0.1.15/src/xb-silo-export-private.h
Examining data/libxmlb-0.1.15/src/xb-silo-export.c
Examining data/libxmlb-0.1.15/src/xb-silo-export.h
Examining data/libxmlb-0.1.15/src/xb-silo-private.h
Examining data/libxmlb-0.1.15/src/xb-silo-query-private.h
Examining data/libxmlb-0.1.15/src/xb-silo-query.c
Examining data/libxmlb-0.1.15/src/xb-silo-query.h
Examining data/libxmlb-0.1.15/src/xb-silo.c
Examining data/libxmlb-0.1.15/src/xb-silo.h
Examining data/libxmlb-0.1.15/src/xb-stack-private.h
Examining data/libxmlb-0.1.15/src/xb-stack.c
Examining data/libxmlb-0.1.15/src/xb-stack.h
Examining data/libxmlb-0.1.15/src/xb-string-private.h
Examining data/libxmlb-0.1.15/src/xb-string.c
Examining data/libxmlb-0.1.15/src/xb-string.h
Examining data/libxmlb-0.1.15/src/xb-tool.c
Examining data/libxmlb-0.1.15/src/xmlb.h
Examining data/libxmlb-0.1.15/src/xb-self-test.c
FINAL RESULTS:
data/libxmlb-0.1.15/src/xb-self-test.c:406:52: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_autofree gchar *tmp_desktop = g_build_filename (g_get_tmp_dir (), "temp.desktop", NULL);
data/libxmlb-0.1.15/src/xb-self-test.c:407:49: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_autofree gchar *tmp_xmlb = g_build_filename (g_get_tmp_dir (), "temp.xmlb", NULL);
data/libxmlb-0.1.15/src/xb-self-test.c:455:49: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_autofree gchar *tmp_xmlb = g_build_filename (g_get_tmp_dir (), "temp.xmlb", NULL);
data/libxmlb-0.1.15/src/xb-self-test.c:504:48: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_autofree gchar *tmp_xml = g_build_filename (g_get_tmp_dir (), "temp.xml", NULL);
data/libxmlb-0.1.15/src/xb-self-test.c:505:49: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_autofree gchar *tmp_xmlb = g_build_filename (g_get_tmp_dir (), "temp.xmlb", NULL);
data/libxmlb-0.1.15/src/xb-self-test.c:555:49: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_autofree gchar *tmp_xmlb = g_build_filename (g_get_tmp_dir (), "temp.xmlb", NULL);
data/libxmlb-0.1.15/src/xb-self-test.c:1986:48: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_autofree gchar *tmp_xml = g_build_filename (g_get_tmp_dir (), "temp.xml", NULL);
data/libxmlb-0.1.15/src/xb-self-test.c:2058:11: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
gint i = g_random_int_range (0, 50);
data/libxmlb-0.1.15/src/xb-self-test.c:2223:49: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_autofree gchar *tmp_xmlb = g_build_filename (g_get_tmp_dir (), "test.xmlb", NULL);
data/libxmlb-0.1.15/src/xb-builder.c:824:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&hdr.guid, &guid_tmp, sizeof(guid_tmp));
data/libxmlb-0.1.15/src/xb-string.c:59:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tmp, replace, replace_len);
data/libxmlb-0.1.15/src/xb-string.c:67:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (str->str + search_idx, replace, replace_len);
data/libxmlb-0.1.15/src/xb-string.c:70:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tmp, replace, replace_len);
data/libxmlb-0.1.15/src/xb-string.c:236:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (out, buf_tmp, sizeof(XbGuid));
data/libxmlb-0.1.15/src/xb-builder-node.c:235:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_len_safe = text_len >= 0 ? (gsize) text_len : strlen (text);
data/libxmlb-0.1.15/src/xb-builder-source.c:198:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blob = g_bytes_new (xml, strlen (xml));
data/libxmlb-0.1.15/src/xb-builder.c:60:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XB_SILO_APPENDBUF (helper->strtab, str, strlen (str) + 1);
data/libxmlb-0.1.15/src/xb-machine.c:108:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
op->strsz = strlen (str);
data/libxmlb-0.1.15/src/xb-machine.c:361:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_len = strlen (text);
data/libxmlb-0.1.15/src/xb-machine.c:429:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_len = strlen (text);
data/libxmlb-0.1.15/src/xb-machine.c:774:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_len = strlen (text);
data/libxmlb-0.1.15/src/xb-machine.c:1805:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xb_machine_stack_push_integer (self, stack, strlen (xb_opcode_get_str (op1)));
data/libxmlb-0.1.15/src/xb-silo.c:118:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_src = strlen (value_casefold);
data/libxmlb-0.1.15/src/xb-silo.c:360:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
off += strlen (tmp) + 1;
data/libxmlb-0.1.15/src/xb-silo.c:674:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
off += strlen (tmp) + 1;
data/libxmlb-0.1.15/src/xb-string.c:43:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
search_len = strlen (search);
data/libxmlb-0.1.15/src/xb-string.c:44:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
replace_len = strlen (replace);
data/libxmlb-0.1.15/src/xb-string.c:127:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_sz = strlen (text);
data/libxmlb-0.1.15/src/xb-string.c:128:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
search_sz = strlen (search);
data/libxmlb-0.1.15/src/xb-string.c:162:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_sz = strlen (text);
data/libxmlb-0.1.15/src/xb-string.c:163:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
search_sz = strlen (search);
data/libxmlb-0.1.15/src/xb-string.c:219:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strsz_safe = strsz >= 0 ? (gsize) strsz : strlen (str);
data/libxmlb-0.1.15/src/xb-tool.c:126:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (item->name) + 2;
data/libxmlb-0.1.15/src/xb-tool.c:130:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen (item->arguments) + 1;
ANALYSIS SUMMARY:
Hits = 34
Lines analyzed = 13994 in approximately 0.32 seconds (43879 lines/second)
Physical Source Lines of Code (SLOC) = 9564
Hits@level = [0] 0 [1] 20 [2] 5 [3] 9 [4] 0 [5] 0
Hits@level+ = [0+] 34 [1+] 34 [2+] 14 [3+] 9 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 3.555 [1+] 3.555 [2+] 1.46382 [3+] 0.941029 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.