Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/gettext.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_about.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_about.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_app.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_app_chooser_widget.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_app_chooser_widget.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_app_info.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_app_info.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_cell_renderer_button.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_cell_renderer_button.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_color.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_color.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_commands.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_commands.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_config_property.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_config_proxy.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_config_proxy.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_config_updater.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_config_updater.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_consts.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_debug.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_debug.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_display_module.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_display_module.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_eggaccelerators.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_eggaccelerators.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_gui.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_gui.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_gussian_blur.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_gussian_blur.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_image_button.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_image_button.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_intl.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_keybinder.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_keybinder.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_keybinding_settings.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_keybindings.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_keybindings.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_lrc.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_lrc.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_lyric_candidate_list.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_lyric_candidate_list.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_lyric_candidate_selector.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_lyric_candidate_selector.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_lyric_source.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_lyric_source.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_lyric_source_list.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_lyric_source_list.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_lyrics.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_lyrics.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_main.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_marshal.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_marshal.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_md5.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_md5.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_menu.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_menu.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_metadata.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_metadata.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_notify.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_notify.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_option.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_option.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_osd_module.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_osd_module.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_osd_render.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_osd_render.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_osd_toolbar.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_osd_toolbar.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_osd_window.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_osd_window.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_path_pattern.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_path_pattern.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_player.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_player.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_player_chooser.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_player_chooser.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_scroll_module.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_scroll_module.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_scroll_window.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_scroll_window.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_search_dialog.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_search_dialog.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_stock.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_stock.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_timeline.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_timeline.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_trayicon.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_trayicon.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_utils.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_utils.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_utils_cmdline.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_utils_cmdline.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_utils_dbus.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_utils_dbus.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_utils_dcop.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_utils_dcop.h
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_utils_network.c
Examining data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_utils_network.h
FINAL RESULTS:
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_debug.c:68:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (flog, fmt, ap);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_eggaccelerators.c:404:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (accelerator + l, text_release);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_eggaccelerators.c:409:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (accelerator + l, text_shift);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_eggaccelerators.c:414:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (accelerator + l, text_control);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_eggaccelerators.c:419:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (accelerator + l, text_mod1);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_eggaccelerators.c:424:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (accelerator + l, text_mod2);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_eggaccelerators.c:429:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (accelerator + l, text_mod3);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_eggaccelerators.c:434:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (accelerator + l, text_mod4);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_eggaccelerators.c:439:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (accelerator + l, text_mod5);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_eggaccelerators.c:444:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (accelerator + l, text_meta);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_eggaccelerators.c:449:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (accelerator + l, text_hyper);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_eggaccelerators.c:454:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (accelerator + l, text_super);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_eggaccelerators.c:458:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (accelerator + l, keyval_name);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_utils_dcop.c:36:17: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE *pPipe = popen (cmd, "r");
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_path_pattern.c:282:16: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
home_dir = g_get_home_dir ();
data/osdlyrics-0.5.5~rc2+dfsg1/src/gettext.h:201:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_ctxt_id[msgctxt_len + msgid_len];
data/osdlyrics-0.5.5~rc2+dfsg1/src/gettext.h:203:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/osdlyrics-0.5.5~rc2+dfsg1/src/gettext.h:211:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1);
data/osdlyrics-0.5.5~rc2+dfsg1/src/gettext.h:213:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len);
data/osdlyrics-0.5.5~rc2+dfsg1/src/gettext.h:247:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_ctxt_id[msgctxt_len + msgid_len];
data/osdlyrics-0.5.5~rc2+dfsg1/src/gettext.h:249:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/osdlyrics-0.5.5~rc2+dfsg1/src/gettext.h:257:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1);
data/osdlyrics-0.5.5~rc2+dfsg1/src/gettext.h:259:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_color.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colors[3][3] = {{0}};
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_color.c:64:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ret[10] = "";
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_debug.c:95:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
flog = fopen (logfile, "w");
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_gussian_blur.c:141:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (old_pixels, pixels, sizeof (guint32) * width * height);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_lrc.c:158:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
priv->offset = atoi (offset);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_md5.c:87:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->block + ctx->index, data, length);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_md5.c:93:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->block + ctx->index, data, left);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_md5.c:107:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->block, data, length);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_metadata.c:347:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmpbuf[100];
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_option.c:405:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[24];
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_option.c:406:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "OSD/lrc-align-%d", i);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_option.c:583:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expanded_path[BUFFER_SIZE];
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_option.c:628:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[BUFFER_SIZE] = "";
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_option.c:719:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[24];
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_option.c:720:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "OSD/lrc-align-%d", i);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_path_pattern.c:116:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_path_pattern.c:312:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[MAX_PATH_LEN] = "";
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_utils.c:341:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (current, "%02x", (unsigned char)*data);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_utils_dcop.c:62:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*returnval = atoi (ret);
data/osdlyrics-0.5.5~rc2+dfsg1/src/gettext.h:197:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgctxt_len = strlen (msgctxt) + 1;
data/osdlyrics-0.5.5~rc2+dfsg1/src/gettext.h:198:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgid_len = strlen (msgid) + 1;
data/osdlyrics-0.5.5~rc2+dfsg1/src/gettext.h:243:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgctxt_len = strlen (msgctxt) + 1;
data/osdlyrics-0.5.5~rc2+dfsg1/src/gettext.h:244:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgid_len = strlen (msgid) + 1;
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_app_info.c:448:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
binfile += strlen (dirname);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_color.c:31:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (color_str) != 7)
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_eggaccelerators.c:224:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (accelerator);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_eggaccelerators.c:396:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l += strlen (keyval_name);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_metadata.c:339:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cnt += strlen (metadata->title);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_metadata.c:342:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cnt += strlen (metadata->artist);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_metadata.c:345:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cnt += strlen (metadata->album);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_metadata.c:350:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cnt += strlen (metadata->uri);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_option.c:1522:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (text),
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_osd_module.c:349:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (key[strlen (key) - 1] == '1')
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_path_pattern.c:124:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *pat_end = pattern + strlen (pattern);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_path_pattern.c:180:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
append, strlen (append));
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_path_pattern.c:195:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *end = g_utf8_strrchr (uri, strlen (uri), '?');
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_path_pattern.c:197:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = uri + strlen (uri);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_path_pattern.c:214:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *end = g_utf8_strrchr (uri, strlen (uri), '?');
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_path_pattern.c:216:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = uri + strlen (uri);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_path_pattern.c:223:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gchar *ext = g_utf8_strrchr (file_name, strlen (uri), '.');
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_path_pattern.c:227:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ret = ol_strnncpy (dest, dest_len, file_name, strlen (file_name));
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_path_pattern.c:257:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ret = ol_strnncpy (dest, dest_len, dirname, strlen (dirname));
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_path_pattern.c:283:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *end = ol_strnncpy (filename, len, home_dir, strlen (home_dir));
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_path_pattern.c:287:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pattern + 1, strlen (pattern + 1));
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_path_pattern.c:293:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *end = ol_strnncpy (filename, len, pattern, strlen (pattern));
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_utils.c:116:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen (str);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_utils.c:171:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len1 = strlen(str1);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_utils.c:172:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len2 = strlen(str2);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_utils.c:198:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len[0] = strlen (str1);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_utils.c:199:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len[1] = strlen (str2);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_utils.c:238:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t src_real_len = strlen (src);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_utils.c:246:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (dest, src, src_len);
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_utils.c:300:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (str) - 1;
data/osdlyrics-0.5.5~rc2+dfsg1/src/ol_utils.c:335:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (data);
ANALYSIS SUMMARY:
Hits = 77
Lines analyzed = 25285 in approximately 0.59 seconds (42713 lines/second)
Physical Source Lines of Code (SLOC) = 19115
Hits@level = [0] 14 [1] 35 [2] 27 [3] 1 [4] 14 [5] 0
Hits@level+ = [0+] 91 [1+] 77 [2+] 42 [3+] 15 [4+] 14 [5+] 0
Hits/KSLOC@level+ = [0+] 4.76066 [1+] 4.02825 [2+] 2.19723 [3+] 0.784724 [4+] 0.732409 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.