Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/osmo-0.4.4/src/vcf.c
Examining data/osmo-0.4.4/src/calendar_notes.c
Examining data/osmo-0.4.4/src/i18n.h
Examining data/osmo-0.4.4/src/backup.h
Examining data/osmo-0.4.4/src/calendar_jumpto.h
Examining data/osmo-0.4.4/src/calendar_calc.c
Examining data/osmo-0.4.4/src/utils_date_time.c
Examining data/osmo-0.4.4/src/calendar.c
Examining data/osmo-0.4.4/src/preferences_gui.c
Examining data/osmo-0.4.4/src/calendar_fullyear.h
Examining data/osmo-0.4.4/src/notes_items.c
Examining data/osmo-0.4.4/src/tasks_preferences_gui.c
Examining data/osmo-0.4.4/src/tasks_items.c
Examining data/osmo-0.4.4/src/about.h
Examining data/osmo-0.4.4/src/utils_date.h
Examining data/osmo-0.4.4/src/notes_preferences_gui.h
Examining data/osmo-0.4.4/src/tasks_utils.c
Examining data/osmo-0.4.4/src/about.c
Examining data/osmo-0.4.4/src/gui.h
Examining data/osmo-0.4.4/src/notes.c
Examining data/osmo-0.4.4/src/utils.c
Examining data/osmo-0.4.4/src/calendar_ical.h
Examining data/osmo-0.4.4/src/contacts.c
Examining data/osmo-0.4.4/src/contacts_items.c
Examining data/osmo-0.4.4/src/calendar_ical.c
Examining data/osmo-0.4.4/src/calendar_fullyear.c
Examining data/osmo-0.4.4/src/contacts_export.c
Examining data/osmo-0.4.4/src/calendar_preferences_gui.h
Examining data/osmo-0.4.4/src/calendar_utils.h
Examining data/osmo-0.4.4/src/utils_time.h
Examining data/osmo-0.4.4/src/contacts.h
Examining data/osmo-0.4.4/src/stock_icons.h
Examining data/osmo-0.4.4/src/utils.h
Examining data/osmo-0.4.4/src/tasks_export.c
Examining data/osmo-0.4.4/src/notes_preferences_gui.c
Examining data/osmo-0.4.4/src/calendar_calc.h
Examining data/osmo-0.4.4/src/contacts_import_csv.h
Examining data/osmo-0.4.4/src/calendar_timeline.c
Examining data/osmo-0.4.4/src/contacts_export.h
Examining data/osmo-0.4.4/src/tasks_preferences_gui.h
Examining data/osmo-0.4.4/src/utils_date_time.h
Examining data/osmo-0.4.4/src/calendar.h
Examining data/osmo-0.4.4/src/contacts_import.h
Examining data/osmo-0.4.4/src/tasks.h
Examining data/osmo-0.4.4/src/tasks.c
Examining data/osmo-0.4.4/src/tasks_print.c
Examining data/osmo-0.4.4/src/utils_gui.c
Examining data/osmo-0.4.4/src/contacts_import_csv.c
Examining data/osmo-0.4.4/src/tasks_print.h
Examining data/osmo-0.4.4/src/options_prefs.h
Examining data/osmo-0.4.4/src/contacts_items.h
Examining data/osmo-0.4.4/src/check_events.c
Examining data/osmo-0.4.4/src/contacts_birthdays.c
Examining data/osmo-0.4.4/src/calendar_print.c
Examining data/osmo-0.4.4/src/calendar_jumpto.c
Examining data/osmo-0.4.4/src/tasks_export.h
Examining data/osmo-0.4.4/src/gtksourceiter.h
Examining data/osmo-0.4.4/src/gtksourceiter.c
Examining data/osmo-0.4.4/src/contacts_import.c
Examining data/osmo-0.4.4/src/gui.c
Examining data/osmo-0.4.4/src/contacts_preferences_gui.h
Examining data/osmo-0.4.4/src/notes_items.h
Examining data/osmo-0.4.4/src/calendar_print.h
Examining data/osmo-0.4.4/src/calendar_widget.c
Examining data/osmo-0.4.4/src/options_prefs.c
Examining data/osmo-0.4.4/src/contacts_preferences_gui.c
Examining data/osmo-0.4.4/src/calendar_timeline.h
Examining data/osmo-0.4.4/src/main.c
Examining data/osmo-0.4.4/src/utils_gui.h
Examining data/osmo-0.4.4/src/backup.c
Examining data/osmo-0.4.4/src/calendar_widget.h
Examining data/osmo-0.4.4/src/vcf.h
Examining data/osmo-0.4.4/src/check_events.h
Examining data/osmo-0.4.4/src/preferences_gui.h
Examining data/osmo-0.4.4/src/notes.h
Examining data/osmo-0.4.4/src/utils_date.c
Examining data/osmo-0.4.4/src/stock_icons.c
Examining data/osmo-0.4.4/src/calendar_preferences_gui.c
Examining data/osmo-0.4.4/src/contacts_birthdays.h
Examining data/osmo-0.4.4/src/calendar_notes.h
Examining data/osmo-0.4.4/src/calendar_utils.c
Examining data/osmo-0.4.4/src/tasks_utils.h
Examining data/osmo-0.4.4/src/tasks_items.h
Examining data/osmo-0.4.4/src/utils_time.c
FINAL RESULTS:
data/osmo-0.4.4/src/contacts_export.c:587:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(filehandle, format, arguments);
data/osmo-0.4.4/src/utils.c:1013:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (url_path, qURL);
data/osmo-0.4.4/src/vcf.c:227:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, replacement);
data/osmo-0.4.4/src/vcf.c:236:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(string, buffer);
data/osmo-0.4.4/src/vcf.c:282:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(component_buffer, components[i]);
data/osmo-0.4.4/src/vcf.c:284:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, component_buffer);
data/osmo-0.4.4/src/vcf.c:338:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, content);
data/osmo-0.4.4/src/main.c:378:50: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_snprintf (dirname, PATH_MAX, "%s%c%s", g_get_home_dir(), G_DIR_SEPARATOR, CONFIG_DIR);
data/osmo-0.4.4/src/main.c:382:50: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_snprintf (dirname, PATH_MAX, "%s%c%s", g_get_home_dir(), G_DIR_SEPARATOR, OLD_CONFIG_DIRNAME);
data/osmo-0.4.4/src/backup.c:77:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/osmo-0.4.4/src/calendar_calc.c:637:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[BUFFER_SIZE];
data/osmo-0.4.4/src/calendar_ical.c:207:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ics_stream = fopen (filename, "r");
data/osmo-0.4.4/src/calendar_ical.c:610:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
disabled = atoi((gchar *) key);
data/osmo-0.4.4/src/calendar_ical.c:617:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
desc_flag = atoi((gchar *) key);
data/osmo-0.4.4/src/calendar_ical.c:624:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mark_flag = atoi((gchar *) key);
data/osmo-0.4.4/src/calendar_ical.c:638:71: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ICAL_COLUMN_FULL_DATE, atoi((gchar *) key), -1);
data/osmo-0.4.4/src/calendar_jumpto.c:77:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[BUFFER_SIZE];
data/osmo-0.4.4/src/calendar_jumpto.c:89:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a = atoi(gtk_entry_get_text(GTK_ENTRY(appGUI->cal->day_entry)));
data/osmo-0.4.4/src/calendar_jumpto.c:108:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[BUFFER_SIZE];
data/osmo-0.4.4/src/calendar_jumpto.c:120:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a = atoi(gtk_entry_get_text(GTK_ENTRY(appGUI->cal->month_entry)));
data/osmo-0.4.4/src/calendar_jumpto.c:143:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
appGUI->cal->jday = atoi (gtk_entry_get_text (GTK_ENTRY (appGUI->cal->day_entry)));
data/osmo-0.4.4/src/calendar_jumpto.c:144:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
appGUI->cal->jmonth = atoi (gtk_entry_get_text (GTK_ENTRY (appGUI->cal->month_entry)));
data/osmo-0.4.4/src/calendar_jumpto.c:145:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
appGUI->cal->jyear = atoi (gtk_entry_get_text (GTK_ENTRY (appGUI->cal->year_entry)));
data/osmo-0.4.4/src/calendar_utils.c:80:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[BUFFER_SIZE];
data/osmo-0.4.4/src/calendar_utils.c:112:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*first = atoi(token);
data/osmo-0.4.4/src/calendar_utils.c:114:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*second = atoi(token);
data/osmo-0.4.4/src/calendar_utils.c:116:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*third = atoi(token);
data/osmo-0.4.4/src/calendar_utils.c:154:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
day = atoi(token);
data/osmo-0.4.4/src/calendar_utils.c:158:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
year = atoi(token);
data/osmo-0.4.4/src/calendar_widget.c:129:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *default_abbreviated_dayname[7];
data/osmo-0.4.4/src/calendar_widget.c:130:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *default_monthname[12];
data/osmo-0.4.4/src/calendar_widget.c:306:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[255];
data/osmo-0.4.4/src/calendar_widget.c:1456:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[255];
data/osmo-0.4.4/src/calendar_widget.c:1549:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[255];
data/osmo-0.4.4/src/calendar_widget.c:1631:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[32];
data/osmo-0.4.4/src/calendar_widget.c:1943:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&text_color, &calendar->pf_day_color, sizeof(GdkRGBA));
data/osmo-0.4.4/src/calendar_widget.c:1945:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&text_color, &calendar->pf_day_color, sizeof(GdkRGBA));
data/osmo-0.4.4/src/calendar_widget.c:1960:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&text_color, &calendar->day_color, sizeof(GdkRGBA));
data/osmo-0.4.4/src/calendar_widget.c:1965:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&text_color, &calendar->weekend_color, sizeof(GdkRGBA));
data/osmo-0.4.4/src/contacts_export.c:174:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmpbuf, " ");
data/osmo-0.4.4/src/contacts_export.c:217:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmpbuf, " ");
data/osmo-0.4.4/src/gui.c:1487:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdSTDERRn = open("/dev/null", O_WRONLY);
data/osmo-0.4.4/src/main.c:159:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_sprintf (appGUI->version, "%02d%02d%02d", atoi(VERSION_MAJOR), atoi(VERSION_MINOR), atoi(VERSION_MICRO));
data/osmo-0.4.4/src/main.c:159:70: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_sprintf (appGUI->version, "%02d%02d%02d", atoi(VERSION_MAJOR), atoi(VERSION_MINOR), atoi(VERSION_MICRO));
data/osmo-0.4.4/src/main.c:159:91: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_sprintf (appGUI->version, "%02d%02d%02d", atoi(VERSION_MAJOR), atoi(VERSION_MINOR), atoi(VERSION_MICRO));
data/osmo-0.4.4/src/main.c:242:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fhandle = open(prefs_get_runtime_filename (RUN_FLAG_FILE, appGUI), O_RDWR);
data/osmo-0.4.4/src/options_prefs.c:917:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
source_fd = open(source, O_RDONLY);
data/osmo-0.4.4/src/options_prefs.c:922:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
target_fd = open(target, O_WRONLY | O_CREAT | O_EXCL, perm);
data/osmo-0.4.4/src/tasks_items.c:1334:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tasks_version = atoi (prop);
data/osmo-0.4.4/src/tasks_items.c:1356:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
calendar_state = atoi (calendar_prop);
data/osmo-0.4.4/src/tasks_items.c:1361:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tasks_state = atoi (tasks_prop);
data/osmo-0.4.4/src/utils.c:532:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*iname = atoi ((gchar *) key);
data/osmo-0.4.4/src/utils.c:548:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*uname = (guint) atoi ((gchar *) key);
data/osmo-0.4.4/src/about.c:426:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(credits[i].tag) > 2) {
data/osmo-0.4.4/src/backup.c:78:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buff, sizeof (buff));
data/osmo-0.4.4/src/backup.c:81:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buff, sizeof (buff));
data/osmo-0.4.4/src/backup.c:303:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p1len = strlen(bpass1);
data/osmo-0.4.4/src/backup.c:305:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p2len = strlen(bpass2);
data/osmo-0.4.4/src/backup.c:448:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
passlen = strlen(password);
data/osmo-0.4.4/src/calendar_ical.c:596:29: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (item_name, (gchar *) key, BUFFER_SIZE-1);
data/osmo-0.4.4/src/calendar_ical.c:603:29: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (item_filename, (gchar *) key, BUFFER_SIZE-1);
data/osmo-0.4.4/src/calendar_ical.c:1390:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (get_export_items(appGUI) == 0 || strlen(filename) == 0) {
data/osmo-0.4.4/src/calendar_jumpto.c:39:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(str);
data/osmo-0.4.4/src/calendar_preferences_gui.c:265:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (gtk_entry_get_text (GTK_ENTRY (appGUI->opt->date_header_format_entry))))
data/osmo-0.4.4/src/calendar_preferences_gui.c:626:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (gtk_entry_get_text (entry)))
data/osmo-0.4.4/src/calendar_preferences_gui.c:688:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (gtk_entry_get_text (GTK_ENTRY (appGUI->opt->color_edit_name_entry))))
data/osmo-0.4.4/src/calendar_preferences_gui.c:776:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen (category_name)) return;
data/osmo-0.4.4/src/calendar_preferences_gui.c:829:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (gtk_entry_get_text (entry)))
data/osmo-0.4.4/src/calendar_preferences_gui.c:1092:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (gtk_entry_get_text (GTK_ENTRY (appGUI->opt->calendar_ical_files_name_entry))) &&
data/osmo-0.4.4/src/calendar_preferences_gui.c:1093:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (gtk_entry_get_text (GTK_ENTRY (appGUI->opt->calendar_ical_files_filename_entry))))
data/osmo-0.4.4/src/calendar_preferences_gui.c:1207:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (gtk_entry_get_text (GTK_ENTRY (appGUI->opt->ical_edit_name_entry))) &&
data/osmo-0.4.4/src/calendar_preferences_gui.c:1208:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (gtk_entry_get_text (GTK_ENTRY (appGUI->opt->ical_edit_filename_entry))))
data/osmo-0.4.4/src/calendar_preferences_gui.c:1225:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (gtk_entry_get_text (GTK_ENTRY (appGUI->opt->ical_edit_name_entry))))
data/osmo-0.4.4/src/check_events.c:413:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (item->desc != NULL && strlen(item->desc)) {
data/osmo-0.4.4/src/check_events.c:439:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (item->desc != NULL && strlen(item->desc)) {
data/osmo-0.4.4/src/check_events.c:477:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (item->desc != NULL && strlen(item->desc)) {
data/osmo-0.4.4/src/check_events.c:504:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(item->alarm_command)) {
data/osmo-0.4.4/src/check_events.c:508:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(config.global_notification_command)) {
data/osmo-0.4.4/src/contacts.c:283:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (text == NULL || !strlen(text)) {
data/osmo-0.4.4/src/contacts.c:398:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(gtk_entry_get_text (GTK_ENTRY(appGUI->cnt->contacts_find_entry)))) {
data/osmo-0.4.4/src/contacts.c:702:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gtk_entry_get_text(GTK_ENTRY(appGUI->cnt->contacts_find_entry)))) {
data/osmo-0.4.4/src/contacts.c:1140:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text)) n++;
data/osmo-0.4.4/src/contacts.c:1144:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text)) n++;
data/osmo-0.4.4/src/contacts.c:1148:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text)) n++;
data/osmo-0.4.4/src/contacts_birthdays.c:91:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (gtk_entry_get_text (GTK_ENTRY (appGUI->cnt->contacts_find_entry)))) {
data/osmo-0.4.4/src/contacts_export.c:63:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(text) && k) {
data/osmo-0.4.4/src/contacts_export.c:99:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gtk_entry_get_text (GTK_ENTRY(appGUI->cnt->output_file_entry)))) {
data/osmo-0.4.4/src/contacts_export.c:171:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (a = b = 0; a < strlen(appGUI->cnt->contact_fields_tags_name[i * 2]); a++) {
data/osmo-0.4.4/src/contacts_export.c:214:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (a = b = 0; a < strlen(value); a++) {
data/osmo-0.4.4/src/contacts_export.c:301:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(value);
data/osmo-0.4.4/src/contacts_import.c:170:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(text)) {
data/osmo-0.4.4/src/contacts_import.c:459:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = strlen(field_str);
data/osmo-0.4.4/src/contacts_import_csv.c:77:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize len = strlen(line_buffer);
data/osmo-0.4.4/src/contacts_import_csv.c:95:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gchar *value = substring_fragment(line_buffer, strlen(line_buffer), FIELD_SEPARATOR, field);
data/osmo-0.4.4/src/contacts_import_csv.c:98:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize len = strlen(value);
data/osmo-0.4.4/src/contacts_items.c:141:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text)) {
data/osmo-0.4.4/src/contacts_items.c:248:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(gtk_entry_get_text(GTK_ENTRY(appGUI->cnt->contact_entries[COLUMN_FIRST_NAME]))) ||
data/osmo-0.4.4/src/contacts_items.c:249:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(gtk_entry_get_text(GTK_ENTRY(appGUI->cnt->contact_entries[COLUMN_LAST_NAME])))) {
data/osmo-0.4.4/src/contacts_items.c:274:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(text) && i != COLUMN_HOME_PHONE_4 && i != COLUMN_WORK_PHONE_4 &&
data/osmo-0.4.4/src/contacts_items.c:381:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(text) && i != COLUMN_HOME_PHONE_4 && i != COLUMN_WORK_PHONE_4 &&
data/osmo-0.4.4/src/contacts_items.c:527:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(text)) break;
data/osmo-0.4.4/src/contacts_items.c:1290:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(item)) {
data/osmo-0.4.4/src/contacts_preferences_gui.c:279:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen (category_name)) return;
data/osmo-0.4.4/src/contacts_preferences_gui.c:319:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (gtk_entry_get_text (widget)))
data/osmo-0.4.4/src/gtksourceiter.c:93:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
needle_len = strlen (needle);
data/osmo-0.4.4/src/gtksourceiter.c:149:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
needle_len = strlen (needle);
data/osmo-0.4.4/src/gtksourceiter.c:197:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_s1 = strlen (normalized_s1);
data/osmo-0.4.4/src/gtksourceiter.c:198:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_s2 = strlen (normalized_s2);
data/osmo-0.4.4/src/gtksourceiter.c:320:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (g_utf8_caselessnmatch (line_text, *lines, strlen (line_text),
data/osmo-0.4.4/src/gtksourceiter.c:321:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (*lines)))
data/osmo-0.4.4/src/gtksourceiter.c:418:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (g_utf8_caselessnmatch (line_text, *lines, strlen (line_text),
data/osmo-0.4.4/src/gtksourceiter.c:419:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (*lines)))
data/osmo-0.4.4/src/gtksourceiter.c:480:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
guint delimiter_len = strlen (delimiter);
data/osmo-0.4.4/src/gtksourceiter.c:488:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (new_string, string, len);
data/osmo-0.4.4/src/gui.c:629:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gtk_entry_get_text(GTK_ENTRY(appGUI->tsk->tasks_find_entry)))) {
data/osmo-0.4.4/src/gui.c:728:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gtk_entry_get_text(GTK_ENTRY(appGUI->cnt->contacts_find_entry)))) {
data/osmo-0.4.4/src/gui.c:869:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gtk_entry_get_text(GTK_ENTRY(appGUI->nte->notes_find_entry)))) {
data/osmo-0.4.4/src/notes.c:176:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(gchar *) text, strlen((gchar *) text), NULL);
data/osmo-0.4.4/src/notes.c:520:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes = strlen (text);
data/osmo-0.4.4/src/notes.c:598:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(txtinfo_selection)) {
data/osmo-0.4.4/src/notes.c:693:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(find_text)) {
data/osmo-0.4.4/src/notes.c:1227:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(gtk_entry_get_text (GTK_ENTRY(appGUI->nte->notes_find_entry)))) {
data/osmo-0.4.4/src/notes.c:1249:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gtk_entry_get_text(GTK_ENTRY(appGUI->nte->notes_find_entry)))) {
data/osmo-0.4.4/src/notes_items.c:49:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint a = strlen(gtk_entry_get_text(GTK_ENTRY(appGUI->nte->note_name_entry)));
data/osmo-0.4.4/src/notes_items.c:54:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b = strlen(gtk_entry_get_text(GTK_ENTRY(appGUI->nte->password_entry)));
data/osmo-0.4.4/src/notes_items.c:59:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = strlen(gtk_entry_get_text(GTK_ENTRY(appGUI->nte->spassword_entry)));
data/osmo-0.4.4/src/notes_preferences_gui.c:272:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen (category_name)) return;
data/osmo-0.4.4/src/notes_preferences_gui.c:302:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (gtk_entry_get_text (entry)))
data/osmo-0.4.4/src/options_prefs.c:928:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(source_fd, buff, sizeof (buff));
data/osmo-0.4.4/src/options_prefs.c:931:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(source_fd, buff, sizeof (buff));
data/osmo-0.4.4/src/preferences_gui.c:404:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (gtk_entry_get_text (entry)))
data/osmo-0.4.4/src/preferences_gui.c:522:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (gtk_entry_get_text (GTK_ENTRY (appGUI->opt->entry_web_browser))))
data/osmo-0.4.4/src/preferences_gui.c:525:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (gtk_entry_get_text (GTK_ENTRY (appGUI->opt->entry_email_client))))
data/osmo-0.4.4/src/preferences_gui.c:528:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (gtk_entry_get_text (GTK_ENTRY (appGUI->opt->entry_sound_player))))
data/osmo-0.4.4/src/tasks_items.c:532:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (gtk_entry_get_text (GTK_ENTRY (editable)))) {
data/osmo-0.4.4/src/tasks_preferences_gui.c:268:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen (category_name)) return;
data/osmo-0.4.4/src/tasks_preferences_gui.c:380:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (gtk_entry_get_text (widget)))
data/osmo-0.4.4/src/utils.c:519:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_return_if_fail (strlen (buffer) > 0);
data/osmo-0.4.4/src/utils.c:749:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = n = d = 0; i < strlen (link); i++) {
data/osmo-0.4.4/src/utils.c:1004:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tsize = strlen(config.web_browser);
data/osmo-0.4.4/src/utils.c:1011:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tsize + strlen(qURL) < PATH_MAX) {
data/osmo-0.4.4/src/utils.c:1012:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tsize += strlen(qURL) + 1 /* space */;
data/osmo-0.4.4/src/utils.c:1014:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (url_path, " ");
data/osmo-0.4.4/src/utils.c:1018:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tsize += strlen(qURL) + 1 /* space */;
data/osmo-0.4.4/src/utils_gui.c:538:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_snprintf(color_str, strlen(color_str) + 1, ". c %s", color);
data/osmo-0.4.4/src/utils_gui.c:652:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i < strlen(cmd); i++) {
data/osmo-0.4.4/src/vcf.c:217:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
replacement_size = strlen(replacement);
data/osmo-0.4.4/src/vcf.c:218:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size = strlen(string);
data/osmo-0.4.4/src/vcf.c:257:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size = strlen(property) + 1; /* property */
data/osmo-0.4.4/src/vcf.c:262:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size += (strlen(components[i]) * MAX_ESCAPE_SIZE); /* escaped value */
data/osmo-0.4.4/src/vcf.c:274:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint len = strlen(buffer);
data/osmo-0.4.4/src/vcf.c:280:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint len = strlen(components[i]);
data/osmo-0.4.4/src/vcf.c:326:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize len = strlen(content);
data/osmo-0.4.4/src/vcf.c:330:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, content, len);
ANALYSIS SUMMARY:
Hits = 154
Lines analyzed = 43094 in approximately 1.09 seconds (39712 lines/second)
Physical Source Lines of Code (SLOC) = 31679
Hits@level = [0] 13 [1] 101 [2] 44 [3] 2 [4] 7 [5] 0
Hits@level+ = [0+] 167 [1+] 154 [2+] 53 [3+] 9 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 5.27163 [1+] 4.86126 [2+] 1.67303 [3+] 0.2841 [4+] 0.220967 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.