Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/liferea-1.13.3/src/auth.c Examining data/liferea-1.13.3/src/auth.h Examining data/liferea-1.13.3/src/auth_activatable.c Examining data/liferea-1.13.3/src/auth_activatable.h Examining data/liferea-1.13.3/src/browser.c Examining data/liferea-1.13.3/src/browser.h Examining data/liferea-1.13.3/src/browser_history.c Examining data/liferea-1.13.3/src/browser_history.h Examining data/liferea-1.13.3/src/comments.c Examining data/liferea-1.13.3/src/comments.h Examining data/liferea-1.13.3/src/common.c Examining data/liferea-1.13.3/src/common.h Examining data/liferea-1.13.3/src/conf.c Examining data/liferea-1.13.3/src/conf.h Examining data/liferea-1.13.3/src/date.c Examining data/liferea-1.13.3/src/date.h Examining data/liferea-1.13.3/src/db.c Examining data/liferea-1.13.3/src/db.h Examining data/liferea-1.13.3/src/dbus.c Examining data/liferea-1.13.3/src/dbus.h Examining data/liferea-1.13.3/src/debug.c Examining data/liferea-1.13.3/src/debug.h Examining data/liferea-1.13.3/src/enclosure.c Examining data/liferea-1.13.3/src/enclosure.h Examining data/liferea-1.13.3/src/export.c Examining data/liferea-1.13.3/src/export.h Examining data/liferea-1.13.3/src/favicon.c Examining data/liferea-1.13.3/src/favicon.h Examining data/liferea-1.13.3/src/feed.c Examining data/liferea-1.13.3/src/feed.h Examining data/liferea-1.13.3/src/feed_parser.c Examining data/liferea-1.13.3/src/feed_parser.h Examining data/liferea-1.13.3/src/feedlist.c Examining data/liferea-1.13.3/src/feedlist.h Examining data/liferea-1.13.3/src/fl_sources/default_source.c Examining data/liferea-1.13.3/src/fl_sources/default_source.h Examining data/liferea-1.13.3/src/fl_sources/dummy_source.c Examining data/liferea-1.13.3/src/fl_sources/dummy_source.h Examining data/liferea-1.13.3/src/fl_sources/google_reader_api.h Examining data/liferea-1.13.3/src/fl_sources/google_reader_api_edit.c Examining data/liferea-1.13.3/src/fl_sources/google_reader_api_edit.h Examining data/liferea-1.13.3/src/fl_sources/google_source.c Examining data/liferea-1.13.3/src/fl_sources/google_source.h Examining data/liferea-1.13.3/src/fl_sources/json_api_mapper.c Examining data/liferea-1.13.3/src/fl_sources/json_api_mapper.h Examining data/liferea-1.13.3/src/fl_sources/node_source.c Examining data/liferea-1.13.3/src/fl_sources/node_source.h Examining data/liferea-1.13.3/src/fl_sources/node_source_activatable.c Examining data/liferea-1.13.3/src/fl_sources/node_source_activatable.h Examining data/liferea-1.13.3/src/fl_sources/opml_source.c Examining data/liferea-1.13.3/src/fl_sources/opml_source.h Examining data/liferea-1.13.3/src/fl_sources/reedah_source.c Examining data/liferea-1.13.3/src/fl_sources/reedah_source.h Examining data/liferea-1.13.3/src/fl_sources/reedah_source_feed.c Examining data/liferea-1.13.3/src/fl_sources/reedah_source_feed_list.c Examining data/liferea-1.13.3/src/fl_sources/reedah_source_feed_list.h Examining data/liferea-1.13.3/src/fl_sources/theoldreader_source.c Examining data/liferea-1.13.3/src/fl_sources/theoldreader_source.h Examining data/liferea-1.13.3/src/fl_sources/theoldreader_source_feed.c Examining data/liferea-1.13.3/src/fl_sources/theoldreader_source_feed_list.c Examining data/liferea-1.13.3/src/fl_sources/theoldreader_source_feed_list.h Examining data/liferea-1.13.3/src/fl_sources/ttrss_source.c Examining data/liferea-1.13.3/src/fl_sources/ttrss_source.h Examining data/liferea-1.13.3/src/fl_sources/ttrss_source_feed.c Examining data/liferea-1.13.3/src/fl_sources/ttrss_source_feed_list.c Examining data/liferea-1.13.3/src/fl_sources/ttrss_source_feed_list.h Examining data/liferea-1.13.3/src/folder.c Examining data/liferea-1.13.3/src/folder.h Examining data/liferea-1.13.3/src/html.c Examining data/liferea-1.13.3/src/html.h Examining data/liferea-1.13.3/src/htmlview.c Examining data/liferea-1.13.3/src/htmlview.h Examining data/liferea-1.13.3/src/item.c Examining data/liferea-1.13.3/src/item.h Examining data/liferea-1.13.3/src/item_history.c Examining data/liferea-1.13.3/src/item_history.h Examining data/liferea-1.13.3/src/item_loader.c Examining data/liferea-1.13.3/src/item_loader.h Examining data/liferea-1.13.3/src/item_state.c Examining data/liferea-1.13.3/src/item_state.h Examining data/liferea-1.13.3/src/itemlist.c Examining data/liferea-1.13.3/src/itemlist.h Examining data/liferea-1.13.3/src/itemset.c Examining data/liferea-1.13.3/src/itemset.h Examining data/liferea-1.13.3/src/json.c Examining data/liferea-1.13.3/src/json.h Examining data/liferea-1.13.3/src/liferea_application.c Examining data/liferea-1.13.3/src/liferea_application.h Examining data/liferea-1.13.3/src/main.c Examining data/liferea-1.13.3/src/metadata.c Examining data/liferea-1.13.3/src/metadata.h Examining data/liferea-1.13.3/src/migrate.c Examining data/liferea-1.13.3/src/migrate.h Examining data/liferea-1.13.3/src/net.c Examining data/liferea-1.13.3/src/net.h Examining data/liferea-1.13.3/src/net_monitor.c Examining data/liferea-1.13.3/src/net_monitor.h Examining data/liferea-1.13.3/src/newsbin.c Examining data/liferea-1.13.3/src/newsbin.h Examining data/liferea-1.13.3/src/node.c Examining data/liferea-1.13.3/src/node.h Examining data/liferea-1.13.3/src/node_type.c Examining data/liferea-1.13.3/src/node_type.h Examining data/liferea-1.13.3/src/node_view.h Examining data/liferea-1.13.3/src/parsers/atom10.c Examining data/liferea-1.13.3/src/parsers/atom10.h Examining data/liferea-1.13.3/src/parsers/html5_feed.c Examining data/liferea-1.13.3/src/parsers/html5_feed.h Examining data/liferea-1.13.3/src/parsers/ns_admin.c Examining data/liferea-1.13.3/src/parsers/ns_admin.h Examining data/liferea-1.13.3/src/parsers/ns_ag.c Examining data/liferea-1.13.3/src/parsers/ns_ag.h Examining data/liferea-1.13.3/src/parsers/ns_cC.c Examining data/liferea-1.13.3/src/parsers/ns_cC.h Examining data/liferea-1.13.3/src/parsers/ns_content.c Examining data/liferea-1.13.3/src/parsers/ns_content.h Examining data/liferea-1.13.3/src/parsers/ns_dc.c Examining data/liferea-1.13.3/src/parsers/ns_dc.h Examining data/liferea-1.13.3/src/parsers/ns_georss.c Examining data/liferea-1.13.3/src/parsers/ns_georss.h Examining data/liferea-1.13.3/src/parsers/ns_itunes.c Examining data/liferea-1.13.3/src/parsers/ns_itunes.h Examining data/liferea-1.13.3/src/parsers/ns_media.c Examining data/liferea-1.13.3/src/parsers/ns_media.h Examining data/liferea-1.13.3/src/parsers/ns_slash.c Examining data/liferea-1.13.3/src/parsers/ns_slash.h Examining data/liferea-1.13.3/src/parsers/ns_syn.c Examining data/liferea-1.13.3/src/parsers/ns_syn.h Examining data/liferea-1.13.3/src/parsers/ns_trackback.c Examining data/liferea-1.13.3/src/parsers/ns_trackback.h Examining data/liferea-1.13.3/src/parsers/ns_wfw.c Examining data/liferea-1.13.3/src/parsers/ns_wfw.h Examining data/liferea-1.13.3/src/parsers/rss_channel.c Examining data/liferea-1.13.3/src/parsers/rss_channel.h Examining data/liferea-1.13.3/src/parsers/rss_item.c Examining data/liferea-1.13.3/src/parsers/rss_item.h Examining data/liferea-1.13.3/src/plugins_engine.c Examining data/liferea-1.13.3/src/plugins_engine.h Examining data/liferea-1.13.3/src/render.c Examining data/liferea-1.13.3/src/render.h Examining data/liferea-1.13.3/src/rule.c Examining data/liferea-1.13.3/src/rule.h Examining data/liferea-1.13.3/src/social.c Examining data/liferea-1.13.3/src/social.h Examining data/liferea-1.13.3/src/subscription.c Examining data/liferea-1.13.3/src/subscription.h Examining data/liferea-1.13.3/src/subscription_icon.c Examining data/liferea-1.13.3/src/subscription_icon.h Examining data/liferea-1.13.3/src/subscription_type.h Examining data/liferea-1.13.3/src/tests/favicon.c Examining data/liferea-1.13.3/src/tests/html.c Examining data/liferea-1.13.3/src/tests/parse_date.c Examining data/liferea-1.13.3/src/tests/parse_xml.c Examining data/liferea-1.13.3/src/ui/auth_dialog.c Examining data/liferea-1.13.3/src/ui/auth_dialog.h Examining data/liferea-1.13.3/src/ui/browser_tabs.c Examining data/liferea-1.13.3/src/ui/browser_tabs.h Examining data/liferea-1.13.3/src/ui/enclosure_list_view.c Examining data/liferea-1.13.3/src/ui/enclosure_list_view.h Examining data/liferea-1.13.3/src/ui/feed_list_view.c Examining data/liferea-1.13.3/src/ui/feed_list_view.h Examining data/liferea-1.13.3/src/ui/gedit-close-button.c Examining data/liferea-1.13.3/src/ui/gedit-close-button.h Examining data/liferea-1.13.3/src/ui/icons.c Examining data/liferea-1.13.3/src/ui/icons.h Examining data/liferea-1.13.3/src/ui/item_list_view.c Examining data/liferea-1.13.3/src/ui/item_list_view.h Examining data/liferea-1.13.3/src/ui/itemview.c Examining data/liferea-1.13.3/src/ui/itemview.h Examining data/liferea-1.13.3/src/ui/liferea_dialog.c Examining data/liferea-1.13.3/src/ui/liferea_dialog.h Examining data/liferea-1.13.3/src/ui/liferea_htmlview.c Examining data/liferea-1.13.3/src/ui/liferea_htmlview.h Examining data/liferea-1.13.3/src/ui/liferea_shell.c Examining data/liferea-1.13.3/src/ui/liferea_shell.h Examining data/liferea-1.13.3/src/ui/liferea_shell_activatable.c Examining data/liferea-1.13.3/src/ui/liferea_shell_activatable.h Examining data/liferea-1.13.3/src/ui/media_player.c Examining data/liferea-1.13.3/src/ui/media_player.h Examining data/liferea-1.13.3/src/ui/media_player_activatable.c Examining data/liferea-1.13.3/src/ui/media_player_activatable.h Examining data/liferea-1.13.3/src/ui/popup_menu.c Examining data/liferea-1.13.3/src/ui/popup_menu.h Examining data/liferea-1.13.3/src/ui/preferences_dialog.c Examining data/liferea-1.13.3/src/ui/preferences_dialog.h Examining data/liferea-1.13.3/src/ui/rule_editor.c Examining data/liferea-1.13.3/src/ui/rule_editor.h Examining data/liferea-1.13.3/src/ui/search_dialog.c Examining data/liferea-1.13.3/src/ui/search_dialog.h Examining data/liferea-1.13.3/src/ui/search_folder_dialog.c Examining data/liferea-1.13.3/src/ui/search_folder_dialog.h Examining data/liferea-1.13.3/src/ui/subscription_dialog.c Examining data/liferea-1.13.3/src/ui/subscription_dialog.h Examining data/liferea-1.13.3/src/ui/ui_common.c Examining data/liferea-1.13.3/src/ui/ui_common.h Examining data/liferea-1.13.3/src/ui/ui_dnd.c Examining data/liferea-1.13.3/src/ui/ui_dnd.h Examining data/liferea-1.13.3/src/ui/ui_folder.c Examining data/liferea-1.13.3/src/ui/ui_folder.h Examining data/liferea-1.13.3/src/ui/ui_update.c Examining data/liferea-1.13.3/src/ui/ui_update.h Examining data/liferea-1.13.3/src/update.c Examining data/liferea-1.13.3/src/update.h Examining data/liferea-1.13.3/src/vfolder.c Examining data/liferea-1.13.3/src/vfolder.h Examining data/liferea-1.13.3/src/vfolder_loader.c Examining data/liferea-1.13.3/src/vfolder_loader.h Examining data/liferea-1.13.3/src/webkit/liferea_web_view.c Examining data/liferea-1.13.3/src/webkit/liferea_web_view.h Examining data/liferea-1.13.3/src/webkit/web_extension/liferea_web_extension.c Examining data/liferea-1.13.3/src/webkit/web_extension/liferea_web_extension.h Examining data/liferea-1.13.3/src/webkit/web_extension/liferea_web_extension_names.h Examining data/liferea-1.13.3/src/webkit/web_extension/web_extension_main.c Examining data/liferea-1.13.3/src/webkit/webkit.c Examining data/liferea-1.13.3/src/xml.c Examining data/liferea-1.13.3/src/xml.h FINAL RESULTS: data/liferea-1.13.3/src/update.c:338:6: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. p = popen(command, "r"); data/liferea-1.13.3/src/update.c:455:6: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. f = popen ((job->request->source) + 1, "r"); data/liferea-1.13.3/src/fl_sources/default_source.c:74:73: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. gchar *filename14 = g_strdup_printf ("%s/.liferea_1.4/feedlist.opml", g_get_home_dir ()); data/liferea-1.13.3/src/fl_sources/default_source.c:75:73: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. gchar *filename16 = g_strdup_printf ("%s/.liferea_1.6/feedlist.opml", g_get_home_dir ()); data/liferea-1.13.3/src/fl_sources/default_source.c:76:73: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. gchar *filename18 = g_strdup_printf ("%s/.liferea_1.8/feedlist.opml", g_get_home_dir ()); data/liferea-1.13.3/src/migrate.c:50:34: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. fromDirname = g_build_filename (g_get_home_dir (), from, subdir, NULL); data/liferea-1.13.3/src/node.c:65:19: [3] (random) g_random_int_range: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. id[i] = (gchar)g_random_int_range ('a', 'z'); data/liferea-1.13.3/src/ui/ui_common.c:161:20: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. path = g_strdup (g_get_home_dir ()); data/liferea-1.13.3/src/update.c:315:24: [3] (buffer) g_get_tmp_dir: This function is synonymous with 'getenv("TMP")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const gchar *tmpdir = g_get_tmp_dir(); data/liferea-1.13.3/src/webkit/webkit.c:350:47: [3] (buffer) g_get_tmp_dir: This function is synonymous with 'getenv("TMP")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. address = g_strdup_printf ("unix:tmpdir=%s", g_get_tmp_dir ()); data/liferea-1.13.3/src/db.c:928:18: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). item->id = 1 + atol(values[0]); data/liferea-1.13.3/src/debug.c:160:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[64]; data/liferea-1.13.3/src/enclosure.c:95:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). enclosure->size = atol (fields[3]); data/liferea-1.13.3/src/export.c:320:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). node_set_view_mode (node, atoi (tmp)); data/liferea-1.13.3/src/net.c:133:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxage = atoi (tmp); data/liferea-1.13.3/src/net.c:138:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). age = atoi (tmp); data/liferea-1.13.3/src/parsers/atom10.c:300:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). length = atol (lengthStr); data/liferea-1.13.3/src/parsers/ns_media.c:74:13: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). length = atol (lengthStr); data/liferea-1.13.3/src/parsers/ns_syn.c:67:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). frequency = atoi ((gchar *)tmp); data/liferea-1.13.3/src/parsers/rss_channel.c:105:51: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ctxt->subscription->updateState->timeToLive = atoi (tmp); data/liferea-1.13.3/src/parsers/rss_item.c:109:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). length = atol (lengthStr); data/liferea-1.13.3/src/ui/liferea_htmlview.c:461:26: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). item = item_load (atol (itemnr)); data/liferea-1.13.3/src/ui/preferences_dialog.c:339:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). conf_set_int_value (PROXY_PORT, atoi (gtk_editable_get_chars (editable,0,-1))); data/liferea-1.13.3/src/webkit/webkit.c:229:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *size = atoi(tmp); data/liferea-1.13.3/src/common.c:86:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (077); data/liferea-1.13.3/src/date.c:174:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove (temp, temp + 1, strlen (temp)); data/liferea-1.13.3/src/date.c:354:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp (inptr, tz_offsets[t].name, strlen (tz_offsets[t].name))) data/liferea-1.13.3/src/date.c:406:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (pos) < 3) data/liferea-1.13.3/src/db.c:406:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const gchar *viewName = sqlite3_column_text (stmt, 0) + strlen("view_"); data/liferea-1.13.3/src/enclosure.c:92:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (fields[2])) data/liferea-1.13.3/src/enclosure.c:94:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (fields[3])) data/liferea-1.13.3/src/export.c:171:16: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_umask = umask (022); /* give read permissions for other, per-default we wouldn't give it... */ data/liferea-1.13.3/src/export.c:181:4: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (old_umask); data/liferea-1.13.3/src/favicon.c:186:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tmp) && tmp[strlen (tmp) - 1] == '/') data/liferea-1.13.3/src/favicon.c:186:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tmp) && tmp[strlen (tmp) - 1] == '/') data/liferea-1.13.3/src/favicon.c:187:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp[strlen (tmp) - 1] = 0; /* Strip trailing slash */ data/liferea-1.13.3/src/feed.c:179:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(feed->parseErrors && (strlen(feed->parseErrors->str) > 0)) data/liferea-1.13.3/src/fl_sources/json_api_mapper.c:140:57: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). item->readStatus = json_api_get_bool (node, mapping->read); data/liferea-1.13.3/src/fl_sources/json_api_mapper.h:34:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const gchar *read; /**< list of location steps to read field */ data/liferea-1.13.3/src/fl_sources/reedah_source_feed_list.c:207:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). node = feedlist_find_node (gsource->root, NODE_BY_URL, id + strlen ("feed/")); data/liferea-1.13.3/src/fl_sources/theoldreader_source_feed.c:140:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (item->readStatus != read) data/liferea-1.13.3/src/fl_sources/theoldreader_source_feed.c:141:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). item_read_state_changed (item, read); data/liferea-1.13.3/src/html.c:227:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). doc = xhtml_parse ((gchar *)data, (size_t)strlen(data)); data/liferea-1.13.3/src/html.c:294:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). doc = xhtml_parse ((gchar *)data, (size_t)strlen(data)); data/liferea-1.13.3/src/htmlview.c:234:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). debug1 (DEBUG_HTML, "writing %d bytes to HTML view", strlen (output->str)); data/liferea-1.13.3/src/item.c:101:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(strlen (description) > strlen (item->description))) data/liferea-1.13.3/src/item.c:101:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(strlen (description) > strlen (item->description))) data/liferea-1.13.3/src/item.c:146:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (tmpDesc) > 200) { data/liferea-1.13.3/src/itemset.c:146:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal) { data/liferea-1.13.3/src/itemset.c:158:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal) { data/liferea-1.13.3/src/liferea_application.c:95:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uri = g_strdup_printf ("https://%s", uri + strlen ("feed:///https:/")); data/liferea-1.13.3/src/net.c:207:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (job->request->postdata)); data/liferea-1.13.3/src/parsers/atom10.c:395:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (id) > 0) { data/liferea-1.13.3/src/parsers/ns_itunes.c:85:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!old || strlen (old) < strlen (tmp)) data/liferea-1.13.3/src/parsers/ns_itunes.c:85:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!old || strlen (old) < strlen (tmp)) data/liferea-1.13.3/src/parsers/rss_item.c:133:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (tmp) > 0) { data/liferea-1.13.3/src/subscription.c:72:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uri = g_strdup (uri + strlen (FEED_PROTOCOL_PREFIX)); data/liferea-1.13.3/src/subscription.c:80:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uri = g_strdup (uri + strlen (FEED_PROTOCOL_PREFIX2)); data/liferea-1.13.3/src/tests/parse_xml.c:60:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xmlDocPtr doc = xhtml_parse ((gchar *)tc->xml_string, (size_t)strlen (tc->xml_string)); data/liferea-1.13.3/src/ui/browser_tabs.c:249:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (prefix); data/liferea-1.13.3/src/ui/item_list_view.c:451:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!title || strlen(title) == 0) data/liferea-1.13.3/src/ui/item_list_view.c:482:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). title = item->title && strlen (item->title) ? item->title : _("*** No title ***"); data/liferea-1.13.3/src/ui/liferea_htmlview.c:348:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (RENDERER (htmlview)->write) (htmlview->renderWidget, errMsg, strlen (errMsg), baseURL, "text/plain"); data/liferea-1.13.3/src/ui/liferea_htmlview.c:350:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (RENDERER (htmlview)->write) (htmlview->renderWidget, string, strlen (string), baseURL, "text/html"); data/liferea-1.13.3/src/ui/liferea_htmlview.c:449:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp (url + strlen ("liferea-"), uriType->suffix, strlen (uriType->suffix))) { data/liferea-1.13.3/src/ui/liferea_htmlview.c:449:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp (url + strlen ("liferea-"), uriType->suffix, strlen (uriType->suffix))) { data/liferea-1.13.3/src/ui/liferea_shell.c:853:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (tmp2)) { data/liferea-1.13.3/src/ui/search_dialog.c:268:104: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gtk_widget_set_sensitive (liferea_dialog_lookup (ssd->dialog, "searchstartbtn"), searchString && (0 < strlen (searchString))); data/liferea-1.13.3/src/update.c:333:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fwrite(data, strlen(data), 1, file); data/liferea-1.13.3/src/update.c:431:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen (job->request->filtercmd) > 4) && data/liferea-1.13.3/src/update.c:432:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (0 == strcmp (".xsl", job->request->filtercmd + strlen (job->request->filtercmd) - 4))) { data/liferea-1.13.3/src/update.c:434:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (filterResult); data/liferea-1.13.3/src/webkit/webkit.c:216:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (NULL == font || 0 == strlen (font)) { data/liferea-1.13.3/src/xml.c:116:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oldDoc = xhtml_parse (escapedhtml, strlen (escapedhtml)); data/liferea-1.13.3/src/xml.c:182:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). doc = xhtml_parse (html, strlen (html)); data/liferea-1.13.3/src/xml.c:213:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). doc = xml_parse (xml, strlen (xml), errors); data/liferea-1.13.3/src/xml.c:305:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (buffer->data + old_length, (gchar *)string, length); data/liferea-1.13.3/src/xml.c:318:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ctxt = htmlCreatePushParserCtxt (sax_p, buffer, string, strlen (string), "", XML_CHAR_ENCODING_UTF8); data/liferea-1.13.3/src/xml.c:332:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ctxt = xmlCreatePushParserCtxt (sax_p, buffer, string, strlen (string), ""); ANALYSIS SUMMARY: Hits = 79 Lines analyzed = 44963 in approximately 1.12 seconds (40149 lines/second) Physical Source Lines of Code (SLOC) = 26587 Hits@level = [0] 7 [1] 55 [2] 14 [3] 8 [4] 2 [5] 0 Hits@level+ = [0+] 86 [1+] 79 [2+] 24 [3+] 10 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 3.23466 [1+] 2.97138 [2+] 0.902697 [3+] 0.376124 [4+] 0.0752247 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.