Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/lxml-4.6.1/src/lxml/includes/etree_defs.h
Examining data/lxml-4.6.1/src/lxml/includes/lxml-version.h
Examining data/lxml-4.6.1/src/lxml/sax.c
Examining data/lxml-4.6.1/src/lxml/_elementpath.c
Examining data/lxml-4.6.1/src/lxml/lxml_endian.h
Examining data/lxml-4.6.1/src/lxml/objectify.c
Examining data/lxml-4.6.1/src/lxml/etree_api.h
Examining data/lxml-4.6.1/src/lxml/etree.c
Examining data/lxml-4.6.1/src/lxml/html/diff.c
Examining data/lxml-4.6.1/src/lxml/html/clean.c
Examining data/lxml-4.6.1/src/lxml/lxml.etree_api.h
Examining data/lxml-4.6.1/src/lxml/etree.h
Examining data/lxml-4.6.1/src/lxml/builder.c
Examining data/lxml-4.6.1/src/lxml/lxml.etree.h
FINAL RESULTS:
data/lxml-4.6.1/src/lxml/_elementpath.c:807:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
data/lxml-4.6.1/src/lxml/builder.c:807:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
data/lxml-4.6.1/src/lxml/etree.c:921:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
data/lxml-4.6.1/src/lxml/etree.c:49644:14: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)(sprintf(__pyx_v_c_message, __pyx_v_msg, __pyx_v_c_element));
data/lxml-4.6.1/src/lxml/etree.c:49751:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)(sprintf(__pyx_v_c_message, ((char const *)"%s, element '%s'"), __pyx_v_c_text, __pyx_v_c_element));
data/lxml-4.6.1/src/lxml/html/clean.c:807:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
data/lxml-4.6.1/src/lxml/html/diff.c:807:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
data/lxml-4.6.1/src/lxml/objectify.c:870:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
data/lxml-4.6.1/src/lxml/sax.c:807:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
data/lxml-4.6.1/src/lxml/builder.c:8371:18: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!setstate) PyErr_Clear();
data/lxml-4.6.1/src/lxml/builder.c:8372:18: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
data/lxml-4.6.1/src/lxml/builder.c:8372:58: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
data/lxml-4.6.1/src/lxml/builder.c:8377:29: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
} else if (!setstate || PyErr_Occurred()) {
data/lxml-4.6.1/src/lxml/builder.c:8397:16: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Py_XDECREF(setstate);
data/lxml-4.6.1/src/lxml/sax.c:12468:18: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!setstate) PyErr_Clear();
data/lxml-4.6.1/src/lxml/sax.c:12469:18: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
data/lxml-4.6.1/src/lxml/sax.c:12469:58: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
data/lxml-4.6.1/src/lxml/sax.c:12474:29: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
} else if (!setstate || PyErr_Occurred()) {
data/lxml-4.6.1/src/lxml/sax.c:12494:16: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Py_XDECREF(setstate);
data/lxml-4.6.1/src/lxml/_elementpath.c:760:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii_chars[128];
data/lxml-4.6.1/src/lxml/_elementpath.c:18085:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctversion[4], rtversion[4];
data/lxml-4.6.1/src/lxml/_elementpath.c:18089:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[200];
data/lxml-4.6.1/src/lxml/builder.c:760:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii_chars[128];
data/lxml-4.6.1/src/lxml/builder.c:9204:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctversion[4], rtversion[4];
data/lxml-4.6.1/src/lxml/builder.c:9208:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[200];
data/lxml-4.6.1/src/lxml/etree.c:874:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii_chars[128];
data/lxml-4.6.1/src/lxml/etree.c:109866:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)(memcpy(__pyx_v_c_buffer, __pyx_v_c_start, __pyx_v_remaining));
data/lxml-4.6.1/src/lxml/etree.c:110179:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)(memcpy(__pyx_v_c_buffer, __pyx_v_c_start, __pyx_v_c_requested));
data/lxml-4.6.1/src/lxml/etree.c:116793:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)(memcpy(__pyx_v_sax, (&htmlDefaultSAXHandler), (sizeof(htmlDefaultSAXHandler))));
data/lxml-4.6.1/src/lxml/etree.c:130543:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
__pyx_t_3 = __Pyx_decode_c_string(((char const *)(__pyx_v_c_attributes[3])), 0, __pyx_v_c_len, NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_3)) __PYX_ERR(3, 383, __pyx_L9_error)
data/lxml-4.6.1/src/lxml/etree.c:145191:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char __pyx_v_tmp[12];
data/lxml-4.6.1/src/lxml/etree.c:145798:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
__pyx_t_2 = ((((unsigned char const )(__pyx_v_cur[0])) >= 0x80) != 0);
data/lxml-4.6.1/src/lxml/etree.c:224697:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
__pyx_v_f = fopen(__pyx_t_8, ((char const *)"w"));
data/lxml-4.6.1/src/lxml/etree.c:225125:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
__pyx_v_f = fopen(__pyx_t_8, ((char const *)"w"));
data/lxml-4.6.1/src/lxml/etree.c:261761:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char DIGIT_PAIRS_10[2*10*10+1] = {
data/lxml-4.6.1/src/lxml/etree.c:261773:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char DIGIT_PAIRS_8[2*8*8+1] = {
data/lxml-4.6.1/src/lxml/etree.c:261783:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char DIGITS_HEX[2*16+1] = {
data/lxml-4.6.1/src/lxml/etree.c:261878:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digits[sizeof(xmlElementType)*3+2];
data/lxml-4.6.1/src/lxml/etree.c:262276:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digits[sizeof(Py_ssize_t)*3+2];
data/lxml-4.6.1/src/lxml/etree.c:262384:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)result_udata + char_pos * result_ukind, udata, (size_t) (ulength * result_ukind));
data/lxml-4.6.1/src/lxml/etree.c:262473:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digits[sizeof(int)*3+2];
data/lxml-4.6.1/src/lxml/etree.c:265946:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digits[sizeof(xmlXPathObjectType)*3+2];
data/lxml-4.6.1/src/lxml/etree.c:266077:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char warning[200];
data/lxml-4.6.1/src/lxml/etree.c:268213:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctversion[4], rtversion[4];
data/lxml-4.6.1/src/lxml/etree.c:268217:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[200];
data/lxml-4.6.1/src/lxml/html/clean.c:760:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii_chars[128];
data/lxml-4.6.1/src/lxml/html/clean.c:20696:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctversion[4], rtversion[4];
data/lxml-4.6.1/src/lxml/html/clean.c:20700:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[200];
data/lxml-4.6.1/src/lxml/html/diff.c:760:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii_chars[128];
data/lxml-4.6.1/src/lxml/html/diff.c:22086:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)result_udata + char_pos * result_ukind, udata, (size_t) (ulength * result_ukind));
data/lxml-4.6.1/src/lxml/html/diff.c:26595:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctversion[4], rtversion[4];
data/lxml-4.6.1/src/lxml/html/diff.c:26599:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[200];
data/lxml-4.6.1/src/lxml/lxml_endian.h:10:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union {uint32_t i; char c[4];} x = {0x01020304};
data/lxml-4.6.1/src/lxml/objectify.c:823:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii_chars[128];
data/lxml-4.6.1/src/lxml/objectify.c:38775:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)result_udata + char_pos * result_ukind, udata, (size_t) (ulength * result_ukind));
data/lxml-4.6.1/src/lxml/objectify.c:39372:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char DIGIT_PAIRS_10[2*10*10+1] = {
data/lxml-4.6.1/src/lxml/objectify.c:39384:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char DIGIT_PAIRS_8[2*8*8+1] = {
data/lxml-4.6.1/src/lxml/objectify.c:39394:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char DIGITS_HEX[2*16+1] = {
data/lxml-4.6.1/src/lxml/objectify.c:39489:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digits[sizeof(Py_ssize_t)*3+2];
data/lxml-4.6.1/src/lxml/objectify.c:40656:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char warning[200];
data/lxml-4.6.1/src/lxml/objectify.c:42231:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctversion[4], rtversion[4];
data/lxml-4.6.1/src/lxml/objectify.c:42235:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[200];
data/lxml-4.6.1/src/lxml/sax.c:760:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii_chars[128];
data/lxml-4.6.1/src/lxml/sax.c:14063:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctversion[4], rtversion[4];
data/lxml-4.6.1/src/lxml/sax.c:14067:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[200];
data/lxml-4.6.1/src/lxml/_elementpath.c:684:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
data/lxml-4.6.1/src/lxml/_elementpath.c:805:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
data/lxml-4.6.1/src/lxml/_elementpath.c:18133:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
data/lxml-4.6.1/src/lxml/builder.c:684:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
data/lxml-4.6.1/src/lxml/builder.c:805:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
data/lxml-4.6.1/src/lxml/builder.c:9283:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
data/lxml-4.6.1/src/lxml/etree.c:798:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
data/lxml-4.6.1/src/lxml/etree.c:919:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
data/lxml-4.6.1/src/lxml/etree.c:19564:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_3 = __Pyx_decode_c_string(__pyx_t_4, 0, strlen(__pyx_t_4), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_3)) __PYX_ERR(6, 41, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:19594:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_5 = __Pyx_decode_c_string(__pyx_t_4, 0, strlen(__pyx_t_4), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_5)) __PYX_ERR(6, 43, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:19787:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_3 = __Pyx_decode_c_string(__pyx_t_4, 0, strlen(__pyx_t_4), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_3)) __PYX_ERR(6, 61, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:19847:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_5 = __Pyx_decode_c_string(__pyx_t_4, 0, strlen(__pyx_t_4), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_5)) __PYX_ERR(6, 64, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:22640:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_5 = __Pyx_decode_c_string(__pyx_t_4, 0, strlen(__pyx_t_4), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_5)) __PYX_ERR(6, 309, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:35054:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_2 = __Pyx_decode_c_string(((char const *)__pyx_v_s), 0, strlen(((char const *)__pyx_v_s)), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_2)) __PYX_ERR(6, 1506, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:35172:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_v_slen = (__pyx_v_slen + strlen(((char const *)__pyx_v_spos)));
data/lxml-4.6.1/src/lxml/etree.c:40421:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_v_size = strlen(__pyx_v_self->_c_message);
data/lxml-4.6.1/src/lxml/etree.c:49617:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_v_text_size = strlen(__pyx_v_msg);
data/lxml-4.6.1/src/lxml/etree.c:49626:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_v_element_size = strlen(__pyx_v_c_element);
data/lxml-4.6.1/src/lxml/etree.c:49724:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_v_text_size = strlen(__pyx_v_c_text);
data/lxml-4.6.1/src/lxml/etree.c:49733:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_v_element_size = strlen(__pyx_v_c_element);
data/lxml-4.6.1/src/lxml/etree.c:87138:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_5 = __Pyx_decode_c_string(__pyx_t_9, 0, strlen(__pyx_t_9), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 3445, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:113197:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_6 = __Pyx_decode_c_string(__pyx_t_10, 0, strlen(__pyx_t_10), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_6)) __PYX_ERR(2, 645, __pyx_L8_error)
data/lxml-4.6.1/src/lxml/etree.c:113241:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_14 = __Pyx_decode_c_string(__pyx_t_10, 0, strlen(__pyx_t_10), NULL, NULL, PyUnicode_DecodeLatin1); if (unlikely(!__pyx_t_14)) __PYX_ERR(2, 648, __pyx_L10_except_error)
data/lxml-4.6.1/src/lxml/etree.c:126259:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_2 = __Pyx_decode_c_string(__pyx_t_9, 0, strlen(__pyx_t_9), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_2)) __PYX_ERR(2, 1882, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:146211:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_5 = strlen(((char const *)__pyx_v_tmp));
data/lxml-4.6.1/src/lxml/etree.c:149212:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_6 = __Pyx_decode_c_string(__pyx_v_c_enc, 0, strlen(__pyx_v_c_enc), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_6)) __PYX_ERR(9, 789, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:149553:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_5 = __Pyx_decode_c_string(__pyx_t_15, 0, strlen(__pyx_t_15), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_5)) __PYX_ERR(9, 810, __pyx_L4_error)
data/lxml-4.6.1/src/lxml/etree.c:150454:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_7 = __Pyx_decode_c_string(__pyx_t_17, 0, strlen(__pyx_t_17), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_7)) __PYX_ERR(9, 876, __pyx_L4_error)
data/lxml-4.6.1/src/lxml/etree.c:187411:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_13 = __Pyx_decode_c_string(__pyx_t_14, 0, strlen(__pyx_t_14), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_13)) __PYX_ERR(10, 612, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:198981:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_4 = __Pyx_decode_c_string(__pyx_t_8, 0, strlen(__pyx_t_8), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_4)) __PYX_ERR(4, 254, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:206399:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_5 = __Pyx_decode_c_string(((char const *)__pyx_t_4), 0, strlen(((char const *)__pyx_t_4)), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_5)) __PYX_ERR(4, 914, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:253740:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_1 = __Pyx_decode_c_string(((char const *)__pyx_t_11), 0, strlen(((char const *)__pyx_t_11)), NULL, NULL, PyUnicode_DecodeASCII); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 257, __pyx_L13_error)
data/lxml-4.6.1/src/lxml/etree.c:253818:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_9 = __Pyx_decode_c_string(((char const *)__pyx_t_11), 0, strlen(((char const *)__pyx_t_11)), NULL, NULL, PyUnicode_DecodeLatin1); if (unlikely(!__pyx_t_9)) __PYX_ERR(0, 259, __pyx_L15_except_error)
data/lxml-4.6.1/src/lxml/etree.c:253908:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_1 = __Pyx_decode_c_string(LXML_VERSION_STRING, 0, strlen(LXML_VERSION_STRING), NULL, NULL, PyUnicode_DecodeASCII); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 266, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:261958:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = strlen(cstring);
data/lxml-4.6.1/src/lxml/etree.c:268298:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
data/lxml-4.6.1/src/lxml/html/clean.c:684:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
data/lxml-4.6.1/src/lxml/html/clean.c:805:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
data/lxml-4.6.1/src/lxml/html/clean.c:20744:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
data/lxml-4.6.1/src/lxml/html/diff.c:684:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
data/lxml-4.6.1/src/lxml/html/diff.c:805:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
data/lxml-4.6.1/src/lxml/html/diff.c:26643:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
data/lxml-4.6.1/src/lxml/objectify.c:747:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
data/lxml-4.6.1/src/lxml/objectify.c:868:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
data/lxml-4.6.1/src/lxml/objectify.c:42279:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
data/lxml-4.6.1/src/lxml/sax.c:684:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
data/lxml-4.6.1/src/lxml/sax.c:805:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
data/lxml-4.6.1/src/lxml/sax.c:14148:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
ANALYSIS SUMMARY:
Hits = 113
Lines analyzed = 402403 in approximately 10.53 seconds (38231 lines/second)
Physical Source Lines of Code (SLOC) = 241705
Hits@level = [0] 1 [1] 48 [2] 46 [3] 10 [4] 9 [5] 0
Hits@level+ = [0+] 114 [1+] 113 [2+] 65 [3+] 19 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 0.471649 [1+] 0.467512 [2+] 0.268923 [3+] 0.0786082 [4+] 0.0372355 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.