Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/morla-0.16.1/modules/test.c
Examining data/morla-0.16.1/src/blanknode.c
Examining data/morla-0.16.1/src/browser.c
Examining data/morla-0.16.1/src/checks.c
Examining data/morla-0.16.1/src/datatype.c
Examining data/morla-0.16.1/src/dialog.c
Examining data/morla-0.16.1/src/edit.c
Examining data/morla-0.16.1/src/file.c
Examining data/morla-0.16.1/src/filechooser.c
Examining data/morla-0.16.1/src/graph.c
Examining data/morla-0.16.1/src/help.c
Examining data/morla-0.16.1/src/info.c
Examining data/morla-0.16.1/src/js.c
Examining data/morla-0.16.1/src/last.c
Examining data/morla-0.16.1/src/maker.c
Examining data/morla-0.16.1/src/merge.c
Examining data/morla-0.16.1/src/module.c
Examining data/morla-0.16.1/src/morla-module.h
Examining data/morla-0.16.1/src/morla.h
Examining data/morla-0.16.1/src/namespace.c
Examining data/morla-0.16.1/src/navigator.c
Examining data/morla-0.16.1/src/ntriples.c
Examining data/morla-0.16.1/src/rdf.c
Examining data/morla-0.16.1/src/rdfs.c
Examining data/morla-0.16.1/src/search.c
Examining data/morla-0.16.1/src/splash.c
Examining data/morla-0.16.1/src/template.c
Examining data/morla-0.16.1/src/textview.c
Examining data/morla-0.16.1/src/unredo.c
Examining data/morla-0.16.1/src/update.c
Examining data/morla-0.16.1/src/query.c
Examining data/morla-0.16.1/src/about.c
Examining data/morla-0.16.1/src/download.c
Examining data/morla-0.16.1/src/editor.h
Examining data/morla-0.16.1/src/gconf.c
Examining data/morla-0.16.1/src/init.c
Examining data/morla-0.16.1/src/main.c
Examining data/morla-0.16.1/src/preferences.c
FINAL RESULTS:
data/morla-0.16.1/src/datatype.c:31:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (s, sizeof (s), c, msg, w); \
data/morla-0.16.1/src/main.c:299:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, PACKAGE " " VERSION ": %s\n", error->message);
data/morla-0.16.1/src/main.c:1517:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (s, sizeof (s), PACKAGE " " VERSION " (%s)", u.sysname);
data/morla-0.16.1/src/file.c:511:44: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_snprintf (s, sizeof (s), "%s%c%d", g_get_tmp_dir (), G_DIR_SEPARATOR,
data/morla-0.16.1/src/file.c:542:45: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
return g_strdup_printf ("%s%cIMPOSSIBLE", g_get_tmp_dir (),
data/morla-0.16.1/src/filechooser.c:91:7: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_get_home_dir ());
data/morla-0.16.1/src/init.c:229:36: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_build_path (G_DIR_SEPARATOR_S, g_get_home_dir (),
data/morla-0.16.1/src/init.c:1660:42: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
if (!strcmp (g_get_user_config_dir (), g_get_home_dir ()))
data/morla-0.16.1/src/init.c:1664:38: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_build_path (G_DIR_SEPARATOR_S, g_get_home_dir (), "." PACKAGE, NULL);
data/morla-0.16.1/src/init.c:1693:39: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_build_path (G_DIR_SEPARATOR_S, g_get_home_dir (), "." PACKAGE,
data/morla-0.16.1/src/blanknode.c:56:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*id = atoi (what);
data/morla-0.16.1/src/download.c:224:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mem->mm + mem->size, ptr, realsize);
data/morla-0.16.1/src/edit.c:1503:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi (prev_rdf->predicate +
data/morla-0.16.1/src/edit.c:2010:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id_a = atoi (a->predicate + len);
data/morla-0.16.1/src/edit.c:2011:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id_b = atoi (b->predicate + len);
data/morla-0.16.1/src/edit.c:2057:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tocheck = atoi (rdf->predicate + len);
data/morla-0.16.1/src/edit.c:2149:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tocheck = atoi (rdf->predicate + len);
data/morla-0.16.1/src/graph.c:411:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (s, "...");
data/morla-0.16.1/src/init.c:161:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
last_id = atoi (last);
data/morla-0.16.1/src/init.c:323:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
undo_max_value = atoi (t);
data/morla-0.16.1/src/init.c:333:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
last_document_value = atoi (t);
data/morla-0.16.1/src/init.c:355:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
update_show = atoi (t);
data/morla-0.16.1/src/init.c:365:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
automatic_extensions = atoi (t) == 1 ? TRUE : FALSE;
data/morla-0.16.1/src/init.c:375:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
default_height = atoi (attr->value);
data/morla-0.16.1/src/init.c:378:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
default_width = atoi (attr->value);
data/morla-0.16.1/src/init.c:396:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
download_proxy_port = atoi (attr->value);
data/morla-0.16.1/src/init.c:876:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
graph->fontsize = atoi (attr->value);
data/morla-0.16.1/src/init.c:969:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szDefault[MAX_PATH];
data/morla-0.16.1/src/init.c:1035:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szDefault[MAX_PATH];
data/morla-0.16.1/src/init.c:1099:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (file, O_WRONLY | O_CREAT, 0644)) < 0)
data/morla-0.16.1/src/js.c:355:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (error_return, "morla_alert: illegal argument");
data/morla-0.16.1/src/js.c:376:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (error_return, "morla_confirm: illegal argument");
data/morla-0.16.1/src/js.c:442:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (error_return, "morla_set_value: too many argument");
data/morla-0.16.1/src/js.c:448:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (error_return, "morla_set_value: the argument is not an array");
data/morla-0.16.1/src/namespace.c:180:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (ns->prefix[0] == '_' && (i = atoi (ns->prefix + 1)) && max < i)
data/morla-0.16.1/src/preferences.c:1936:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
graph_resource_node.fontsize = atoi (fontname + i + 1);
data/morla-0.16.1/src/preferences.c:2039:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
graph_blank_node.fontsize = atoi (fontname + i + 1);
data/morla-0.16.1/src/preferences.c:2142:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
graph_literal_node.fontsize = atoi (fontname + i + 1);
data/morla-0.16.1/src/preferences.c:2194:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
graph_edge.fontsize = atoi (fontname + i + 1);
data/morla-0.16.1/src/preferences.c:2445:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fprintf (fl, "fontsize=\"%d\",", atoi (fontname + i + 1));
data/morla-0.16.1/src/preferences.c:2573:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fprintf (fl, "fontsize=\"%d\",", atoi (fontname + i + 1));
data/morla-0.16.1/src/splash.c:534:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/morla-0.16.1/src/splash.c:578:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/morla-0.16.1/src/template.c:652:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_cardinality = atoi (r->object);
data/morla-0.16.1/src/template.c:656:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_cardinality = atoi (r->object);
data/morla-0.16.1/src/blanknode.c:48:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (sp[0]);
data/morla-0.16.1/src/blanknode.c:59:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (buf);
data/morla-0.16.1/src/blanknode.c:64:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (sp[1]);
data/morla-0.16.1/src/datatype.c:284:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (w);
data/morla-0.16.1/src/datatype.c:338:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (w);
data/morla-0.16.1/src/datatype.c:365:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (w);
data/morla-0.16.1/src/datatype.c:437:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (w);
data/morla-0.16.1/src/datatype.c:465:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (w);
data/morla-0.16.1/src/datatype.c:497:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (w);
data/morla-0.16.1/src/datatype.c:523:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (w);
data/morla-0.16.1/src/datatype.c:539:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (w);
data/morla-0.16.1/src/datatype.c:553:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (w);
data/morla-0.16.1/src/datatype.c:575:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (w);
data/morla-0.16.1/src/datatype.c:589:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (w);
data/morla-0.16.1/src/datatype.c:617:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (w);
data/morla-0.16.1/src/dialog.c:238:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = j = 0, len = strlen (error); i < len; i++)
data/morla-0.16.1/src/edit.c:55:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (data->node_nsselect);
data/morla-0.16.1/src/edit.c:247:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (data->node_nsselect);
data/morla-0.16.1/src/edit.c:1252:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (prev_rdf && strncmp (prev_rdf->predicate, RDF_ITEM, strlen (RDF_ITEM)))
data/morla-0.16.1/src/edit.c:1266:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (ns->namespace);
data/morla-0.16.1/src/edit.c:1331:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (prev_rdf && strncmp (prev_rdf->predicate, RDF_ITEM, strlen (RDF_ITEM))
data/morla-0.16.1/src/edit.c:1501:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (prev_rdf && !strncmp (prev_rdf->predicate, RDF_ITEM, strlen (RDF_ITEM)))
data/morla-0.16.1/src/edit.c:1504:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (RDF_ITEM)));
data/morla-0.16.1/src/edit.c:1542:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp (prev_rdf->predicate, RDF_ITEM, strlen (RDF_ITEM)))
data/morla-0.16.1/src/edit.c:2009:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (RDF_ITEM);
data/morla-0.16.1/src/edit.c:2021:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint len = strlen (RDF_ITEM);
data/morla-0.16.1/src/edit.c:2121:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint len = strlen (RDF_ITEM);
data/morla-0.16.1/src/file.c:253:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (len = strlen (file) - 1; len >= 0; len--)
data/morla-0.16.1/src/gconf.c:88:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
morla_proxy_enable = (gboolean) (strlen (morla_proxy) && morla_proxy_port);
data/morla-0.16.1/src/gconf.c:138:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
morla_proxy_enable = (gboolean) (strlen (morla_proxy) && morla_proxy_port);
data/morla-0.16.1/src/graph.c:39:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint len = strlen (str);
data/morla-0.16.1/src/graph.c:406:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (rdf->object) > 40)
data/morla-0.16.1/src/graph.c:409:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (s, rdf->object, 40);
data/morla-0.16.1/src/help.c:144:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (uri) > 8)
data/morla-0.16.1/src/help.c:189:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(doc = xmlParseMemory (memory, strlen (memory))))
data/morla-0.16.1/src/help.c:195:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(ss_doc = xmlParseMemory (ss, strlen (ss))))
data/morla-0.16.1/src/help.c:237:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (output, (gchar *) ret, len);
data/morla-0.16.1/src/help.c:368:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
html_document_write_stream (help_doc, tmp, strlen (tmp));
data/morla-0.16.1/src/help.c:377:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (data.output));
data/morla-0.16.1/src/info.c:326:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint len = strlen (tmp);
data/morla-0.16.1/src/init.c:231:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint len = strlen (path);
data/morla-0.16.1/src/init.c:764:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
real = rdfs->path + strlen (path);
data/morla-0.16.1/src/init.c:1102:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (morla_rdfs);
data/morla-0.16.1/src/init.c:1624:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp (*str, MORLA_OLD_WEBSITE_1, strlen (MORLA_OLD_WEBSITE_1)))
data/morla-0.16.1/src/init.c:1627:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*str) + strlen (MORLA_OLD_WEBSITE_1));
data/morla-0.16.1/src/init.c:1633:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp (*str, MORLA_OLD_WEBSITE_2, strlen (MORLA_OLD_WEBSITE_2)))
data/morla-0.16.1/src/init.c:1636:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*str) + strlen (MORLA_OLD_WEBSITE_2));
data/morla-0.16.1/src/init.c:1642:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp (*str, MORLA_OLD_WEBSITE_3, strlen (MORLA_OLD_WEBSITE_3)))
data/morla-0.16.1/src/init.c:1645:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*str) + strlen (MORLA_OLD_WEBSITE_3));
data/morla-0.16.1/src/js.c:184:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
JS_EvaluateScript (cx, global, buffer, strlen (buffer), "script", 0, &rval);
data/morla-0.16.1/src/js.c:253:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(js->cx, js->global, str, strlen (str), "script", 0, &rval) == JS_FALSE)
data/morla-0.16.1/src/js.c:257:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(js->cx, js->global, buffer, strlen (buffer), NULL, 0,
data/morla-0.16.1/src/js.c:263:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(js->cx, js->global, str, strlen (str), "script", 0, &rval) == JS_FALSE)
data/morla-0.16.1/src/js.c:405:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (value->value));
data/morla-0.16.1/src/js.c:412:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned char *) value->lang, strlen (value->lang));
data/morla-0.16.1/src/js.c:420:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (value->datatype));
data/morla-0.16.1/src/js.c:503:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (VERSION));
data/morla-0.16.1/src/js.c:544:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
JSString *version = JS_NewStringCopyN (cx, VERSION, strlen (VERSION));
data/morla-0.16.1/src/js.c:564:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str = JS_NewStringCopyN (cx, value->value, strlen (value->value));
data/morla-0.16.1/src/js.c:577:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str = JS_NewStringCopyN (cx, value->lang, strlen (value->lang));
data/morla-0.16.1/src/js.c:590:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str = JS_NewStringCopyN (cx, value->datatype, strlen (value->datatype));
data/morla-0.16.1/src/last.c:59:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = fgetc (fl)) != EOF)
data/morla-0.16.1/src/main.c:166:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (s, (gchar *) l->data, strlen (s));
data/morla-0.16.1/src/main.c:166:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (s, (gchar *) l->data, strlen (s));
data/morla-0.16.1/src/main.c:169:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat (s, ", ", strlen (s));
data/morla-0.16.1/src/main.c:169:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (s, ", ", strlen (s));
data/morla-0.16.1/src/main.c:1234:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
remaining_bytes = strlen (name);
data/morla-0.16.1/src/maker.c:1710:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (data->node_nsselect);
data/morla-0.16.1/src/maker.c:1947:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(len = strlen (data->node_nsselect)))
data/morla-0.16.1/src/namespace.c:83:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint len = strlen (data->predicate);
data/morla-0.16.1/src/namespace.c:141:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (ns->namespace);
data/morla-0.16.1/src/namespace.c:215:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (r->namespace);
data/morla-0.16.1/src/ntriples.c:150:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = g_malloc (strlen (ptr) + 1);
data/morla-0.16.1/src/preferences.c:1930:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen (fontname); i != 0; i--)
data/morla-0.16.1/src/preferences.c:2033:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen (fontname); i != 0; i--)
data/morla-0.16.1/src/preferences.c:2136:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen (fontname); i != 0; i--)
data/morla-0.16.1/src/preferences.c:2188:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen (fontname); i != 0; i--)
data/morla-0.16.1/src/preferences.c:2439:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen (fontname); i != 0; i--)
data/morla-0.16.1/src/preferences.c:2567:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen (fontname); i != 0; i--)
data/morla-0.16.1/src/rdf.c:310:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = j = 0, len = strlen (str); i < len; i++)
data/morla-0.16.1/src/rdf.c:618:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (tmp);
data/morla-0.16.1/src/rdf.c:626:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (tmp);
data/morla-0.16.1/src/rdf.c:1391:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = g_malloc (strlen (ptr) + 1);
data/morla-0.16.1/src/splash.c:378:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_bytelen = strlen (text);
data/morla-0.16.1/src/splash.c:554:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attr->end_index = strlen (buf);
data/morla-0.16.1/src/splash.c:559:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attr->end_index = strlen (buf);
data/morla-0.16.1/src/template.c:151:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint len = strlen (str);
data/morla-0.16.1/src/template.c:953:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!strncmp (data->predicate, RDF_ITEM, strlen (RDF_ITEM)))
ANALYSIS SUMMARY:
Hits = 133
Lines analyzed = 34247 in approximately 0.70 seconds (48829 lines/second)
Physical Source Lines of Code (SLOC) = 25010
Hits@level = [0] 164 [1] 88 [2] 35 [3] 7 [4] 3 [5] 0
Hits@level+ = [0+] 297 [1+] 133 [2+] 45 [3+] 10 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 11.8752 [1+] 5.31787 [2+] 1.79928 [3+] 0.39984 [4+] 0.119952 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.