Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/loqui-0.6.4/libloqui/ctcp_handle.c
Examining data/loqui-0.6.4/libloqui/ctcp_handle.h
Examining data/loqui-0.6.4/libloqui/ctcp_message.c
Examining data/loqui-0.6.4/libloqui/ctcp_message.h
Examining data/loqui-0.6.4/libloqui/ipmsg.h
Examining data/loqui-0.6.4/libloqui/ipmsg_packet.c
Examining data/loqui-0.6.4/libloqui/ipmsg_packet.h
Examining data/loqui-0.6.4/libloqui/irc_constants.h
Examining data/loqui-0.6.4/libloqui/irc_message.c
Examining data/loqui-0.6.4/libloqui/irc_message.h
Examining data/loqui-0.6.4/libloqui/libloqui-intl.h
Examining data/loqui-0.6.4/libloqui/loqui-account-ipmsg-private.h
Examining data/loqui-0.6.4/libloqui/loqui-account-ipmsg.c
Examining data/loqui-0.6.4/libloqui/loqui-account-ipmsg.h
Examining data/loqui-0.6.4/libloqui/loqui-account-manager-private.h
Examining data/loqui-0.6.4/libloqui/loqui-account-manager.c
Examining data/loqui-0.6.4/libloqui/loqui-account-manager.h
Examining data/loqui-0.6.4/libloqui/loqui-core-private.h
Examining data/loqui-0.6.4/libloqui/loqui-core.c
Examining data/loqui-0.6.4/libloqui/loqui-core.h
Examining data/loqui-0.6.4/libloqui/loqui-general-pref-default.h
Examining data/loqui-0.6.4/libloqui/loqui-general-pref-groups.h
Examining data/loqui-0.6.4/libloqui/loqui-generic-profile-factory-private.h
Examining data/loqui-0.6.4/libloqui/loqui-generic-profile-factory.c
Examining data/loqui-0.6.4/libloqui/loqui-generic-profile-factory.h
Examining data/loqui-0.6.4/libloqui/loqui-gobject-utils.c
Examining data/loqui-0.6.4/libloqui/loqui-gobject-utils.h
Examining data/loqui-0.6.4/libloqui/loqui-message-text-private.h
Examining data/loqui-0.6.4/libloqui/loqui-message-text-region-private.h
Examining data/loqui-0.6.4/libloqui/loqui-message-text-region.c
Examining data/loqui-0.6.4/libloqui/loqui-message-text-region.h
Examining data/loqui-0.6.4/libloqui/loqui-message-text.c
Examining data/loqui-0.6.4/libloqui/loqui-message-text.h
Examining data/loqui-0.6.4/libloqui/loqui-mode-item-private.h
Examining data/loqui-0.6.4/libloqui/loqui-mode-item.c
Examining data/loqui-0.6.4/libloqui/loqui-mode-item.h
Examining data/loqui-0.6.4/libloqui/loqui-mode-manager-private.h
Examining data/loqui-0.6.4/libloqui/loqui-mode-manager.c
Examining data/loqui-0.6.4/libloqui/loqui-mode-manager.h
Examining data/loqui-0.6.4/libloqui/loqui-notifier-private.h
Examining data/loqui-0.6.4/libloqui/loqui-notifier.c
Examining data/loqui-0.6.4/libloqui/loqui-notifier.h
Examining data/loqui-0.6.4/libloqui/loqui-pref-partial-private.h
Examining data/loqui-0.6.4/libloqui/loqui-pref-partial.c
Examining data/loqui-0.6.4/libloqui/loqui-pref-partial.h
Examining data/loqui-0.6.4/libloqui/loqui-pref-private.h
Examining data/loqui-0.6.4/libloqui/loqui-pref-sequence-private.h
Examining data/loqui-0.6.4/libloqui/loqui-pref-sequence.c
Examining data/loqui-0.6.4/libloqui/loqui-pref-sequence.h
Examining data/loqui-0.6.4/libloqui/loqui-pref.c
Examining data/loqui-0.6.4/libloqui/loqui-pref.h
Examining data/loqui-0.6.4/libloqui/loqui-profile-factory.c
Examining data/loqui-0.6.4/libloqui/loqui-profile-factory.h
Examining data/loqui-0.6.4/libloqui/loqui-profile-handle-private.h
Examining data/loqui-0.6.4/libloqui/loqui-profile-handle.c
Examining data/loqui-0.6.4/libloqui/loqui-profile-handle.h
Examining data/loqui-0.6.4/libloqui/loqui-profile.c
Examining data/loqui-0.6.4/libloqui/loqui-profile.h
Examining data/loqui-0.6.4/libloqui/loqui-property-profile-private.h
Examining data/loqui-0.6.4/libloqui/loqui-property-profile.c
Examining data/loqui-0.6.4/libloqui/loqui-property-profile.h
Examining data/loqui-0.6.4/libloqui/loqui-protocol-private.h
Examining data/loqui-0.6.4/libloqui/loqui-protocol.c
Examining data/loqui-0.6.4/libloqui/loqui-protocol.h
Examining data/loqui-0.6.4/libloqui/loqui-receiver-ipmsg-private.h
Examining data/loqui-0.6.4/libloqui/loqui-receiver-ipmsg.c
Examining data/loqui-0.6.4/libloqui/loqui-receiver-ipmsg.h
Examining data/loqui-0.6.4/libloqui/loqui-sender-ipmsg-private.h
Examining data/loqui-0.6.4/libloqui/loqui-sender-ipmsg.c
Examining data/loqui-0.6.4/libloqui/loqui-sender-ipmsg.h
Examining data/loqui-0.6.4/libloqui/loqui-socket-ipmsg-private.h
Examining data/loqui-0.6.4/libloqui/loqui-socket-ipmsg.c
Examining data/loqui-0.6.4/libloqui/loqui-socket-ipmsg.h
Examining data/loqui-0.6.4/libloqui/loqui-static-core.c
Examining data/loqui-0.6.4/libloqui/loqui-static-core.h
Examining data/loqui-0.6.4/libloqui/loqui-transfer-item-private.h
Examining data/loqui-0.6.4/libloqui/loqui-transfer-item.c
Examining data/loqui-0.6.4/libloqui/loqui-transfer-item.h
Examining data/loqui-0.6.4/libloqui/loqui-utils-ipmsg.c
Examining data/loqui-0.6.4/libloqui/loqui-utils-ipmsg.h
Examining data/loqui-0.6.4/libloqui/loqui-utils.c
Examining data/loqui-0.6.4/libloqui/loqui-utils.h
Examining data/loqui-0.6.4/libloqui/loqui.h
Examining data/loqui-0.6.4/libloqui/loqui_account.c
Examining data/loqui-0.6.4/libloqui/loqui_account.h
Examining data/loqui-0.6.4/libloqui/loqui_account_irc.c
Examining data/loqui-0.6.4/libloqui/loqui_account_irc.h
Examining data/loqui-0.6.4/libloqui/loqui_account_manager_iter.c
Examining data/loqui-0.6.4/libloqui/loqui_account_manager_iter.h
Examining data/loqui-0.6.4/libloqui/loqui_channel.c
Examining data/loqui-0.6.4/libloqui/loqui_channel.h
Examining data/loqui-0.6.4/libloqui/loqui_channel_buffer.c
Examining data/loqui-0.6.4/libloqui/loqui_channel_buffer.h
Examining data/loqui-0.6.4/libloqui/loqui_channel_entry.c
Examining data/loqui-0.6.4/libloqui/loqui_channel_entry.h
Examining data/loqui-0.6.4/libloqui/loqui_channel_entry_utils.c
Examining data/loqui-0.6.4/libloqui/loqui_channel_entry_utils.h
Examining data/loqui-0.6.4/libloqui/loqui_channel_irc.c
Examining data/loqui-0.6.4/libloqui/loqui_channel_irc.h
Examining data/loqui-0.6.4/libloqui/loqui_codeconv.c
Examining data/loqui-0.6.4/libloqui/loqui_codeconv.h
Examining data/loqui-0.6.4/libloqui/loqui_codeconv_tools.c
Examining data/loqui-0.6.4/libloqui/loqui_codeconv_tools.h
Examining data/loqui-0.6.4/libloqui/loqui_marshalers.c
Examining data/loqui-0.6.4/libloqui/loqui_marshalers.h
Examining data/loqui-0.6.4/libloqui/loqui_member.c
Examining data/loqui-0.6.4/libloqui/loqui_member.h
Examining data/loqui-0.6.4/libloqui/loqui_member_sort_funcs.c
Examining data/loqui-0.6.4/libloqui/loqui_member_sort_funcs.h
Examining data/loqui-0.6.4/libloqui/loqui_message.c
Examining data/loqui-0.6.4/libloqui/loqui_message.h
Examining data/loqui-0.6.4/libloqui/loqui_profile_account.c
Examining data/loqui-0.6.4/libloqui/loqui_profile_account.h
Examining data/loqui-0.6.4/libloqui/loqui_profile_account_ipmsg.c
Examining data/loqui-0.6.4/libloqui/loqui_profile_account_ipmsg.h
Examining data/loqui-0.6.4/libloqui/loqui_profile_account_irc.c
Examining data/loqui-0.6.4/libloqui/loqui_profile_account_irc.h
Examining data/loqui-0.6.4/libloqui/loqui_protocol_ipmsg.c
Examining data/loqui-0.6.4/libloqui/loqui_protocol_ipmsg.h
Examining data/loqui-0.6.4/libloqui/loqui_protocol_irc.c
Examining data/loqui-0.6.4/libloqui/loqui_protocol_irc.h
Examining data/loqui-0.6.4/libloqui/loqui_protocol_manager.c
Examining data/loqui-0.6.4/libloqui/loqui_protocol_manager.h
Examining data/loqui-0.6.4/libloqui/loqui_receiver.c
Examining data/loqui-0.6.4/libloqui/loqui_receiver.h
Examining data/loqui-0.6.4/libloqui/loqui_receiver_irc.c
Examining data/loqui-0.6.4/libloqui/loqui_receiver_irc.h
Examining data/loqui-0.6.4/libloqui/loqui_sender.c
Examining data/loqui-0.6.4/libloqui/loqui_sender.h
Examining data/loqui-0.6.4/libloqui/loqui_sender_irc.c
Examining data/loqui-0.6.4/libloqui/loqui_sender_irc.h
Examining data/loqui-0.6.4/libloqui/loqui_string_tokenizer.c
Examining data/loqui-0.6.4/libloqui/loqui_string_tokenizer.h
Examining data/loqui-0.6.4/libloqui/loqui_title_format.c
Examining data/loqui-0.6.4/libloqui/loqui_title_format.h
Examining data/loqui-0.6.4/libloqui/loqui_user.c
Examining data/loqui-0.6.4/libloqui/loqui_user.h
Examining data/loqui-0.6.4/libloqui/loqui_user_ipmsg.c
Examining data/loqui-0.6.4/libloqui/loqui_user_ipmsg.h
Examining data/loqui-0.6.4/libloqui/loqui_user_irc.c
Examining data/loqui-0.6.4/libloqui/loqui_user_irc.h
Examining data/loqui-0.6.4/libloqui/loqui_utils_irc.c
Examining data/loqui-0.6.4/libloqui/loqui_utils_irc.h
Examining data/loqui-0.6.4/libloqui/loqui_webutils.c
Examining data/loqui-0.6.4/libloqui/loqui_webutils.h
Examining data/loqui-0.6.4/libloqui/protocols/jabber/loqui-account-jabber-private.h
Examining data/loqui-0.6.4/libloqui/protocols/jabber/loqui-account-jabber.c
Examining data/loqui-0.6.4/libloqui/protocols/jabber/loqui-account-jabber.h
Examining data/loqui-0.6.4/src/about.c
Examining data/loqui-0.6.4/src/about.h
Examining data/loqui-0.6.4/src/account_list_dialog.c
Examining data/loqui-0.6.4/src/account_list_dialog.h
Examining data/loqui-0.6.4/src/channel_tree.c
Examining data/loqui-0.6.4/src/channel_tree.h
Examining data/loqui-0.6.4/src/command_dialog.c
Examining data/loqui-0.6.4/src/command_dialog.h
Examining data/loqui-0.6.4/src/embedtxt/loqui_app_ui.h
Examining data/loqui-0.6.4/src/embedtxt/loqui_transfer_window_ui.h
Examining data/loqui-0.6.4/src/gtkutils.c
Examining data/loqui-0.6.4/src/gtkutils.h
Examining data/loqui-0.6.4/src/icons/away.h
Examining data/loqui-0.6.4/src/icons/busy.h
Examining data/loqui-0.6.4/src/icons/command.h
Examining data/loqui-0.6.4/src/icons/console.h
Examining data/loqui-0.6.4/src/icons/loqui.h
Examining data/loqui-0.6.4/src/icons/loqui_hilighted.h
Examining data/loqui-0.6.4/src/icons/naruto.h
Examining data/loqui-0.6.4/src/icons/notice.h
Examining data/loqui-0.6.4/src/icons/offline.h
Examining data/loqui-0.6.4/src/icons/online.h
Examining data/loqui-0.6.4/src/icons/pixbufs.h
Examining data/loqui-0.6.4/src/icons/speaker.h
Examining data/loqui-0.6.4/src/icons/whether_scroll.h
Examining data/loqui-0.6.4/src/loqui-account-dialog-private.h
Examining data/loqui-0.6.4/src/loqui-account-dialog.c
Examining data/loqui-0.6.4/src/loqui-account-dialog.h
Examining data/loqui-0.6.4/src/loqui-channel-entry-action-group-private.h
Examining data/loqui-0.6.4/src/loqui-channel-entry-action-group-ui-private.h
Examining data/loqui-0.6.4/src/loqui-channel-entry-action-group-ui.c
Examining data/loqui-0.6.4/src/loqui-channel-entry-action-group-ui.h
Examining data/loqui-0.6.4/src/loqui-channel-entry-action-group.c
Examining data/loqui-0.6.4/src/loqui-channel-entry-action-group.h
Examining data/loqui-0.6.4/src/loqui-channel-entry-ui-data-private.h
Examining data/loqui-0.6.4/src/loqui-channel-entry-ui-data.c
Examining data/loqui-0.6.4/src/loqui-channel-entry-ui-data.h
Examining data/loqui-0.6.4/src/loqui-core-gtk-private.h
Examining data/loqui-0.6.4/src/loqui-core-gtk.c
Examining data/loqui-0.6.4/src/loqui-core-gtk.h
Examining data/loqui-0.6.4/src/loqui-general-pref-gtk-default.h
Examining data/loqui-0.6.4/src/loqui-general-pref-gtk-groups.h
Examining data/loqui-0.6.4/src/loqui-general-pref-gtk.h
Examining data/loqui-0.6.4/src/loqui-notifier-gtk-private.h
Examining data/loqui-0.6.4/src/loqui-notifier-gtk.c
Examining data/loqui-0.6.4/src/loqui-notifier-gtk.h
Examining data/loqui-0.6.4/src/loqui-protocol-selection-dialog-private.h
Examining data/loqui-0.6.4/src/loqui-protocol-selection-dialog.c
Examining data/loqui-0.6.4/src/loqui-protocol-selection-dialog.h
Examining data/loqui-0.6.4/src/loqui-style-entry-private.h
Examining data/loqui-0.6.4/src/loqui-style-entry.c
Examining data/loqui-0.6.4/src/loqui-style-entry.h
Examining data/loqui-0.6.4/src/loqui-transfer-window-private.h
Examining data/loqui-0.6.4/src/loqui-transfer-window.c
Examining data/loqui-0.6.4/src/loqui-transfer-window.h
Examining data/loqui-0.6.4/src/loqui-tray-icon-private.h
Examining data/loqui-0.6.4/src/loqui-tray-icon.c
Examining data/loqui-0.6.4/src/loqui-tray-icon.h
Examining data/loqui-0.6.4/src/loqui_account_manager_store.c
Examining data/loqui-0.6.4/src/loqui_account_manager_store.h
Examining data/loqui-0.6.4/src/loqui_app.c
Examining data/loqui-0.6.4/src/loqui_app.h
Examining data/loqui-0.6.4/src/loqui_app_actions.c
Examining data/loqui-0.6.4/src/loqui_app_actions.h
Examining data/loqui-0.6.4/src/loqui_app_info.c
Examining data/loqui-0.6.4/src/loqui_app_info.h
Examining data/loqui-0.6.4/src/loqui_channel_buffer_gtk.c
Examining data/loqui-0.6.4/src/loqui_channel_buffer_gtk.h
Examining data/loqui-0.6.4/src/loqui_channel_entry_action.c
Examining data/loqui-0.6.4/src/loqui_channel_entry_action.h
Examining data/loqui-0.6.4/src/loqui_channel_entry_store.c
Examining data/loqui-0.6.4/src/loqui_channel_entry_store.h
Examining data/loqui-0.6.4/src/loqui_channel_text_view.c
Examining data/loqui-0.6.4/src/loqui_channel_text_view.h
Examining data/loqui-0.6.4/src/loqui_channelbar.c
Examining data/loqui-0.6.4/src/loqui_channelbar.h
Examining data/loqui-0.6.4/src/loqui_dropdown_box.c
Examining data/loqui-0.6.4/src/loqui_dropdown_box.h
Examining data/loqui-0.6.4/src/loqui_select_dialog.c
Examining data/loqui-0.6.4/src/loqui_select_dialog.h
Examining data/loqui-0.6.4/src/loqui_statusbar.c
Examining data/loqui-0.6.4/src/loqui_statusbar.h
Examining data/loqui-0.6.4/src/loqui_stock.c
Examining data/loqui-0.6.4/src/loqui_stock.h
Examining data/loqui-0.6.4/src/main.c
Examining data/loqui-0.6.4/src/main.h
Examining data/loqui-0.6.4/src/nick_list.c
Examining data/loqui-0.6.4/src/nick_list.h
Examining data/loqui-0.6.4/src/prefs_dialog.c
Examining data/loqui-0.6.4/src/prefs_dialog.h
Examining data/loqui-0.6.4/src/prefs_general_upgrader.c
Examining data/loqui-0.6.4/src/prefs_general_upgrader.h
Examining data/loqui-0.6.4/src/remark_entry.c
Examining data/loqui-0.6.4/src/remark_entry.h
FINAL RESULTS:
data/loqui-0.6.4/libloqui/loqui-utils.c:456:6: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(path, S_IRWXU) < 0) {
data/loqui-0.6.4/libloqui/loqui-core.c:457:39: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
self->user_dir = g_build_filename(g_get_home_dir(), LOQUI_USER_DIR_DEFAULT_BASENAME, NULL);
data/loqui-0.6.4/src/loqui_account_manager_store.c:219:17: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
store->stamp = g_random_int();
data/loqui-0.6.4/src/loqui_channel_entry_store.c:211:17: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
store->stamp = g_random_int();
data/loqui-0.6.4/libloqui/loqui-utils.c:321:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*got_uri, start_uri_ptr, cur - start_uri_ptr + 1);
data/loqui-0.6.4/libloqui/loqui_codeconv_tools.c:105:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(utf8char, cur, srclen);
data/loqui-0.6.4/libloqui/ctcp_handle.c:374:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (d == 0 || d > G_MAXINT || endptr != (port_str + strlen(port_str))) {
data/loqui-0.6.4/libloqui/ctcp_handle.c:381:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (d == 0 || d > G_MAXUINT || endptr != (size_str + strlen(size_str))) {
data/loqui-0.6.4/libloqui/ctcp_handle.c:389:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (d == 0 || d > G_MAXUINT || endptr != (address + strlen(address))) {
data/loqui-0.6.4/libloqui/ipmsg_packet.c:199:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
real_len = strlen(str);
data/loqui-0.6.4/libloqui/irc_message.c:420:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(msg->parameter[i]) > 0 && strchr(msg->parameter[i], ' ') == NULL) {
data/loqui-0.6.4/libloqui/irc_message.c:484:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string = g_string_new_len(NULL, strlen(format));
data/loqui-0.6.4/libloqui/loqui-notifier.c:384:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_len = strlen(text);
data/loqui-0.6.4/libloqui/loqui-notifier.c:433:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
self_search_highlight_word_regexp(self, msgtext, raw + strlen(HIGHLIGHT_WORD_RE_PREIX));
data/loqui-0.6.4/libloqui/loqui-notifier.c:438:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
word = raw + strlen(HIGHLIGHT_WORD_PLAIN_PREFIX);
data/loqui-0.6.4/libloqui/loqui-notifier.c:443:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(word);
data/loqui-0.6.4/libloqui/loqui-pref-sequence.c:459:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id_str = array[i] + strlen(self->prefix);
data/loqui-0.6.4/libloqui/loqui-socket-ipmsg.c:253:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2zero = strlen(buf);
data/loqui-0.6.4/libloqui/loqui-utils.c:75:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (s = str + strlen(str) - 1;
data/loqui-0.6.4/libloqui/loqui-utils.c:92:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(str_array[i]) == 0)
data/loqui-0.6.4/libloqui/loqui-utils.c:148:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string = g_string_new_len(NULL, strlen(format));
data/loqui-0.6.4/libloqui/loqui-utils.c:298:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur += strlen(used_prefix);
data/loqui-0.6.4/libloqui/loqui-utils.c:354:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
format_len = strlen(format);
data/loqui-0.6.4/libloqui/loqui-utils.c:552:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string = g_string_sized_new(strlen(str));
data/loqui-0.6.4/libloqui/loqui-utils.c:573:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string = g_string_sized_new(strlen(str));
data/loqui-0.6.4/libloqui/loqui_account_irc.c:367:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (password && strlen(password) > 0) {
data/loqui-0.6.4/libloqui/loqui_account_irc.c:555:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_output_stream_write_async(priv->out_stream, line, strlen(line),
data/loqui-0.6.4/libloqui/loqui_codeconv.c:268:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (codeconv->codeset && strlen(codeconv->codeset) > 0) {
data/loqui-0.6.4/libloqui/loqui_codeconv.c:381:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output = g_convert_with_iconv(input, strlen(input)+1, codeconv->cd_to_server,
data/loqui-0.6.4/libloqui/loqui_codeconv.c:410:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
original_len = strlen(input);
data/loqui-0.6.4/libloqui/loqui_codeconv_tools.c:205:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string = g_string_new_len(NULL, strlen(input));
data/loqui-0.6.4/libloqui/loqui_codeconv_tools.c:360:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/loqui-0.6.4/libloqui/loqui_codeconv_tools.c:388:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/loqui-0.6.4/libloqui/loqui_receiver_irc.c:868:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (autojoin && strlen(autojoin) > 0) {
data/loqui-0.6.4/libloqui/loqui_receiver_irc.c:1224:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
loqui_channel_entry_set_topic(LOQUI_CHANNEL_ENTRY(channel), strlen(topic) ? topic : NULL);
data/loqui-0.6.4/libloqui/loqui_receiver_irc.c:1248:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
loqui_channel_entry_set_topic(LOQUI_CHANNEL_ENTRY(channel), strlen(topic) ? topic : NULL);
data/loqui-0.6.4/libloqui/loqui_sender_irc.c:95:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(str == NULL || strlen(str) == 0) {
data/loqui-0.6.4/libloqui/loqui_sender_irc.c:268:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(array[i]) == 0)
data/loqui-0.6.4/libloqui/loqui_sender_irc.c:474:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (key == NULL || strlen(key) == 0)
data/loqui-0.6.4/libloqui/loqui_sender_irc.c:666:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (username == NULL || strlen(username) == 0) {
data/loqui-0.6.4/libloqui/loqui_sender_irc.c:674:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (realname == NULL || strlen(realname) == 0) {
data/loqui-0.6.4/libloqui/loqui_sender_irc.c:697:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (password == NULL || strlen(password) == 0) {
data/loqui-0.6.4/libloqui/loqui_string_tokenizer.c:151:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
st->cur_peeked = st->cur + strlen(st->cur);
data/loqui-0.6.4/libloqui/loqui_title_format.c:170:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmp) == 0)
data/loqui-0.6.4/libloqui/loqui_title_format.c:792:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (padstr == NULL || strlen(padstr) == 0)
data/loqui-0.6.4/src/loqui-notifier-gtk.c:194:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (notification_command && strlen(notification_command) > 0) {
data/loqui-0.6.4/src/loqui_app_info.c:660:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(_pref) > 0) { \
data/loqui-0.6.4/src/prefs_dialog.c:379:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) > 0) { \
data/loqui-0.6.4/src/remark_entry.c:584:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(word, text, strlen(word)) == 0) {
data/loqui-0.6.4/src/remark_entry.c:640:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len < strlen(prefix)) {
data/loqui-0.6.4/src/remark_entry.c:687:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = text_before + strlen(text_before) - strlen(word);
data/loqui-0.6.4/src/remark_entry.c:687:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = text_before + strlen(text_before) - strlen(word);
data/loqui-0.6.4/src/remark_entry.c:772:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(remark_entry_get_text(remark_entry)) == 0)
data/loqui-0.6.4/src/remark_entry.c:803:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur += strlen(command_prefix);
ANALYSIS SUMMARY:
Hits = 54
Lines analyzed = 59782 in approximately 2.27 seconds (26331 lines/second)
Physical Source Lines of Code (SLOC) = 45459
Hits@level = [0] 0 [1] 48 [2] 2 [3] 3 [4] 0 [5] 1
Hits@level+ = [0+] 54 [1+] 54 [2+] 6 [3+] 4 [4+] 1 [5+] 1
Hits/KSLOC@level+ = [0+] 1.18788 [1+] 1.18788 [2+] 0.131987 [3+] 0.0879914 [4+] 0.0219978 [5+] 0.0219978
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.