Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mlv-3.1.0/examples/advanced/12_paths.c
Examining data/mlv-3.1.0/examples/advanced/09_animation.c
Examining data/mlv-3.1.0/examples/advanced/10_read_xml_file.c
Examining data/mlv-3.1.0/examples/advanced/08_zone_click.c
Examining data/mlv-3.1.0/examples/advanced/02_font.c
Examining data/mlv-3.1.0/examples/advanced/05_playlist.c
Examining data/mlv-3.1.0/examples/advanced/06_image.c
Examining data/mlv-3.1.0/examples/advanced/03_music.c
Examining data/mlv-3.1.0/examples/advanced/01_texts_and_boxes.c
Examining data/mlv-3.1.0/examples/advanced/11_animation_book.c
Examining data/mlv-3.1.0/examples/advanced/07_transparency.c
Examining data/mlv-3.1.0/examples/advanced/04_sound.c
Examining data/mlv-3.1.0/examples/beginner/06_keyboard.c
Examining data/mlv-3.1.0/examples/beginner/03_random.c
Examining data/mlv-3.1.0/examples/beginner/08_mouse_keyboard_input_box_timer.c
Examining data/mlv-3.1.0/examples/beginner/04_texts_and_boxes.c
Examining data/mlv-3.1.0/examples/beginner/02_shapes.c
Examining data/mlv-3.1.0/examples/beginner/09_colors.c
Examining data/mlv-3.1.0/examples/beginner/07_input_box.c
Examining data/mlv-3.1.0/examples/beginner/10_library_informations.c
Examining data/mlv-3.1.0/examples/beginner/11_turtle.c
Examining data/mlv-3.1.0/examples/beginner/05_mouse.c
Examining data/mlv-3.1.0/examples/beginner/01_hello_world.c
Examining data/mlv-3.1.0/examples/medium/10_mouse_or_keyboard_access.c
Examining data/mlv-3.1.0/examples/medium/08_full_screen.c
Examining data/mlv-3.1.0/examples/medium/01_keyboard_events.c
Examining data/mlv-3.1.0/examples/medium/06_colors.c
Examining data/mlv-3.1.0/examples/medium/11_keys_codes.c
Examining data/mlv-3.1.0/examples/medium/12_desktop_size.c
Examining data/mlv-3.1.0/examples/medium/04_events.c
Examining data/mlv-3.1.0/examples/medium/03_input_box_events.c
Examining data/mlv-3.1.0/examples/medium/09_keyboard_accents.c
Examining data/mlv-3.1.0/examples/medium/07_time.c
Examining data/mlv-3.1.0/examples/medium/05_exit.c
Examining data/mlv-3.1.0/examples/medium/02_mouse_events.c
Examining data/mlv-3.1.0/MLV/xml.c
Examining data/mlv-3.1.0/MLV/input_box_wait.c
Examining data/mlv-3.1.0/MLV/informations.c
Examining data/mlv-3.1.0/MLV/warning_error.h
Examining data/mlv-3.1.0/MLV/MLV_input_box.h
Examining data/mlv-3.1.0/MLV/MLV_all.h
Examining data/mlv-3.1.0/MLV/window.h
Examining data/mlv-3.1.0/MLV/MLV_information.h
Examining data/mlv-3.1.0/MLV/MLV_random.h
Examining data/mlv-3.1.0/MLV/shapes.c
Examining data/mlv-3.1.0/MLV/key.c
Examining data/mlv-3.1.0/MLV/path.c
Examining data/mlv-3.1.0/MLV/image.h
Examining data/mlv-3.1.0/MLV/MLV_color.h
Examining data/mlv-3.1.0/MLV/data_structure.h
Examining data/mlv-3.1.0/MLV/platform.h
Examining data/mlv-3.1.0/MLV/MLV_device_with_buttons.h
Examining data/mlv-3.1.0/MLV/MLV_image.h
Examining data/mlv-3.1.0/MLV/tree_map.c
Examining data/mlv-3.1.0/MLV/input_box.h
Examining data/mlv-3.1.0/MLV/MLV_path.h
Examining data/mlv-3.1.0/MLV/MLV_keyboard.h
Examining data/mlv-3.1.0/MLV/MLV_mouse.h
Examining data/mlv-3.1.0/MLV/MLV_animation.h
Examining data/mlv-3.1.0/MLV/turtle.h
Examining data/mlv-3.1.0/MLV/MLV_xml.h
Examining data/mlv-3.1.0/MLV/keyboard.c
Examining data/mlv-3.1.0/MLV/tree_set.h
Examining data/mlv-3.1.0/MLV/list.h
Examining data/mlv-3.1.0/MLV/MLV_turtle.h
Examining data/mlv-3.1.0/MLV/MLV_text.h
Examining data/mlv-3.1.0/MLV/sdlkeyboardtochar.h
Examining data/mlv-3.1.0/MLV/animation.c
Examining data/mlv-3.1.0/MLV/time.c
Examining data/mlv-3.1.0/MLV/SDLMain.h
Examining data/mlv-3.1.0/MLV/color.c
Examining data/mlv-3.1.0/MLV/MLV_shape.h
Examining data/mlv-3.1.0/MLV/sdlkeyboardtochar.c
Examining data/mlv-3.1.0/MLV/memory_management.h
Examining data/mlv-3.1.0/MLV/test_turtle.c
Examining data/mlv-3.1.0/MLV/list.c
Examining data/mlv-3.1.0/MLV/audio.c
Examining data/mlv-3.1.0/MLV/MLV_window.h
Examining data/mlv-3.1.0/MLV/mouse.c
Examining data/mlv-3.1.0/MLV/playlist.c
Examining data/mlv-3.1.0/MLV/turtle.c
Examining data/mlv-3.1.0/MLV/text.h
Examining data/mlv-3.1.0/MLV/window.c
Examining data/mlv-3.1.0/MLV/MLV_input_box_va.h
Examining data/mlv-3.1.0/MLV/memory_debug.c
Examining data/mlv-3.1.0/MLV/MLV_playlist.h
Examining data/mlv-3.1.0/MLV/test_random.c
Examining data/mlv-3.1.0/MLV/tree_map.h
Examining data/mlv-3.1.0/MLV/test_list.c
Examining data/mlv-3.1.0/MLV/MLV_text_va.h
Examining data/mlv-3.1.0/MLV/MLV_time.h
Examining data/mlv-3.1.0/MLV/tree_set.c
Examining data/mlv-3.1.0/MLV/text.c
Examining data/mlv-3.1.0/MLV/MLV_xml_va.h
Examining data/mlv-3.1.0/MLV/random.c
Examining data/mlv-3.1.0/MLV/image.c
Examining data/mlv-3.1.0/MLV/MLV_audio.h
Examining data/mlv-3.1.0/MLV/mathematics.h
Examining data/mlv-3.1.0/MLV/event.c
Examining data/mlv-3.1.0/MLV/key.h
Examining data/mlv-3.1.0/MLV/memory_debug.h
Examining data/mlv-3.1.0/MLV/MLV_event.h
Examining data/mlv-3.1.0/MLV/mathematics.c
Examining data/mlv-3.1.0/MLV/input_box.c
FINAL RESULTS:
data/mlv-3.1.0/MLV/input_box.c:556:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( input_box->informativeMessage, informativeMessage );
data/mlv-3.1.0/MLV/input_box.c:713:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( input_box->informativeMessage, message );
data/mlv-3.1.0/MLV/input_box.c:776:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( dst, src );
data/mlv-3.1.0/MLV/input_box.c:780:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( input_box->history->data, src );
data/mlv-3.1.0/MLV/keyboard.c:1397:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( result, "%s", text );
data/mlv-3.1.0/MLV/path.c:116:9: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
return g_get_tmp_dir();
data/mlv-3.1.0/MLV/path.c:120:9: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
return g_get_home_dir();
data/mlv-3.1.0/MLV/random.c:39:9: [3] (random) g_random_boolean:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return g_random_boolean( );
data/mlv-3.1.0/MLV/random.c:43:9: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return g_random_int_range( begin, end+1 );
data/mlv-3.1.0/MLV/random.c:47:9: [3] (random) g_random_double_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return g_random_double_range( begin, end );
data/mlv-3.1.0/MLV/event.c:167:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/mlv-3.1.0/MLV/keyboard.c:1500:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, " | " );
data/mlv-3.1.0/MLV/keyboard.c:1502:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, "MLV_KEYBOARD_KMOD_NONE" );
data/mlv-3.1.0/MLV/keyboard.c:1507:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, " | " );
data/mlv-3.1.0/MLV/keyboard.c:1509:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, "MLV_KEYBOARD_KMOD_LSHIFT" );
data/mlv-3.1.0/MLV/keyboard.c:1514:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, " | " );
data/mlv-3.1.0/MLV/keyboard.c:1516:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, "MLV_KEYBOARD_KMOD_RSHIFT" );
data/mlv-3.1.0/MLV/keyboard.c:1521:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, " | " );
data/mlv-3.1.0/MLV/keyboard.c:1523:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, "MLV_KEYBOARD_KMOD_LCTRL" );
data/mlv-3.1.0/MLV/keyboard.c:1528:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, " | " );
data/mlv-3.1.0/MLV/keyboard.c:1530:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, "MLV_KEYBOARD_KMOD_RCTRL" );
data/mlv-3.1.0/MLV/keyboard.c:1535:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, " | " );
data/mlv-3.1.0/MLV/keyboard.c:1537:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, "MLV_KEYBOARD_KMOD_LALT" );
data/mlv-3.1.0/MLV/keyboard.c:1542:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, " | " );
data/mlv-3.1.0/MLV/keyboard.c:1544:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, "MLV_KEYBOARD_KMOD_RALT" );
data/mlv-3.1.0/MLV/keyboard.c:1549:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, " | " );
data/mlv-3.1.0/MLV/keyboard.c:1551:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, "MLV_KEYBOARD_KMOD_LMETA" );
data/mlv-3.1.0/MLV/keyboard.c:1556:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, " | " );
data/mlv-3.1.0/MLV/keyboard.c:1558:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, "MLV_KEYBOARD_KMOD_RMETA" );
data/mlv-3.1.0/MLV/keyboard.c:1563:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, " | " );
data/mlv-3.1.0/MLV/keyboard.c:1565:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, "MLV_KEYBOARD_KMOD_NUM" );
data/mlv-3.1.0/MLV/keyboard.c:1570:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, " | " );
data/mlv-3.1.0/MLV/keyboard.c:1572:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, "MLV_KEYBOARD_KMOD_CAPS" );
data/mlv-3.1.0/MLV/keyboard.c:1577:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, " | " );
data/mlv-3.1.0/MLV/keyboard.c:1579:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, "MLV_KEYBOARD_KMOD_MODE" );
data/mlv-3.1.0/MLV/keyboard.c:1584:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, " | " );
data/mlv-3.1.0/MLV/keyboard.c:1586:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
text += sprintf( text, "MLV_KEYBOARD_KMOD_RESERVED" );
data/mlv-3.1.0/MLV/event.c:165:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int size = strlen(event.user.data2)+1;
data/mlv-3.1.0/MLV/input_box.c:220:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(input_box->history->data);
data/mlv-3.1.0/MLV/input_box.c:224:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( new, input_box->history->data , m );
data/mlv-3.1.0/MLV/input_box.c:226:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( new + m + 1 , input_box->history->data + m , l - m );
data/mlv-3.1.0/MLV/input_box.c:255:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(input_box->history->data);
data/mlv-3.1.0/MLV/input_box.c:282:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(input_box->history->data);
data/mlv-3.1.0/MLV/input_box.c:467:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( message_before_input_box, message, input_box->positionCursor );
data/mlv-3.1.0/MLV/input_box.c:555:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input_box->informativeMessage = MLV_MALLOC( (strlen(informativeMessage)+1), char );
data/mlv-3.1.0/MLV/input_box.c:712:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input_box->informativeMessage = MLV_MALLOC( (strlen(message)+1), char );
data/mlv-3.1.0/MLV/input_box.c:775:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(dst) >= strlen(src) ){
data/mlv-3.1.0/MLV/input_box.c:775:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(dst) >= strlen(src) ){
data/mlv-3.1.0/MLV/input_box.c:779:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input_box->history->data = MLV_MALLOC( (strlen(src) + 1), char );
data/mlv-3.1.0/MLV/input_box.c:789:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input_box->positionCursor = strlen(input_box->history->data);
data/mlv-3.1.0/MLV/input_box.c:837:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( input_box->positionCursor < strlen( input_box->history->data ) ){
data/mlv-3.1.0/MLV/key.c:67:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen( text );
data/mlv-3.1.0/MLV/key.c:69:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( text_copy, text, l+1);
data/mlv-3.1.0/MLV/keyboard.c:1396:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = MLV_MALLOC( strlen(text)+1, char );
data/mlv-3.1.0/MLV/keyboard.c:1405:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_size += strlen( "MLV_KEYBOARD_KMOD_NONE" );
data/mlv-3.1.0/MLV/keyboard.c:1412:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_size += strlen( "MLV_KEYBOARD_KMOD_LSHIFT" );
data/mlv-3.1.0/MLV/keyboard.c:1419:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_size += strlen( "MLV_KEYBOARD_KMOD_RSHIFT" );
data/mlv-3.1.0/MLV/keyboard.c:1426:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_size += strlen( "MLV_KEYBOARD_KMOD_LCTRL" );
data/mlv-3.1.0/MLV/keyboard.c:1433:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_size += strlen( "MLV_KEYBOARD_KMOD_RCTRL" );
data/mlv-3.1.0/MLV/keyboard.c:1440:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_size += strlen( "MLV_KEYBOARD_KMOD_LALT" );
data/mlv-3.1.0/MLV/keyboard.c:1447:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_size += strlen( "MLV_KEYBOARD_KMOD_RALT" );
data/mlv-3.1.0/MLV/keyboard.c:1454:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_size += strlen( "MLV_KEYBOARD_KMOD_LMETA" );
data/mlv-3.1.0/MLV/keyboard.c:1461:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_size += strlen( "MLV_KEYBOARD_KMOD_RMETA" );
data/mlv-3.1.0/MLV/keyboard.c:1468:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_size += strlen( "MLV_KEYBOARD_KMOD_NUM" );
data/mlv-3.1.0/MLV/keyboard.c:1475:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_size += strlen( "MLV_KEYBOARD_KMOD_CAPS" );
data/mlv-3.1.0/MLV/keyboard.c:1482:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_size += strlen( "MLV_KEYBOARD_KMOD_MODE" );
data/mlv-3.1.0/MLV/keyboard.c:1489:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_size += strlen( "MLV_KEYBOARD_KMOD_RESERVED" );
data/mlv-3.1.0/MLV/text.c:96:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( complete_text ) ){
data/mlv-3.1.0/MLV/text.c:171:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( message ) ){
data/mlv-3.1.0/MLV/text.c:377:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* copy = (char*) MLV_MALLOC( (strlen(message)+1), char );
data/mlv-3.1.0/MLV/text.c:378:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(copy, strlen(message)+1, "%s", message);
data/mlv-3.1.0/MLV/text.c:545:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* copy = (char*) MLV_MALLOC( (strlen(complete_message)+1), char );
data/mlv-3.1.0/MLV/text.c:546:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(copy, strlen(complete_message)+1, "%s", complete_message);
data/mlv-3.1.0/MLV/text.c:667:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* copy = (char*) MLV_MALLOC( (strlen(message)+1), char );
data/mlv-3.1.0/MLV/text.c:668:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(copy, strlen(message)+1, "%s", message);
ANALYSIS SUMMARY:
Hits = 75
Lines analyzed = 35117 in approximately 0.88 seconds (40062 lines/second)
Physical Source Lines of Code (SLOC) = 18985
Hits@level = [0] 98 [1] 38 [2] 27 [3] 5 [4] 5 [5] 0
Hits@level+ = [0+] 173 [1+] 75 [2+] 37 [3+] 10 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 9.11246 [1+] 3.95049 [2+] 1.94891 [3+] 0.526732 [4+] 0.263366 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.