Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pidgin-latex-1.5.0/LaTeX.c
Examining data/pidgin-latex-1.5.0/LaTeX.h
FINAL RESULTS:
data/pidgin-latex-1.5.0/LaTeX.c:80:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(finalmsg, prep);
data/pidgin-latex-1.5.0/LaTeX.c:82:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(finalmsg, errmsg);
data/pidgin-latex-1.5.0/LaTeX.c:94:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(finalmsg, errmsg);
data/pidgin-latex-1.5.0/LaTeX.c:134:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r,file);
data/pidgin-latex-1.5.0/LaTeX.c:169:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmd, file);
data/pidgin-latex-1.5.0/LaTeX.c:190:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(params, cmd);
data/pidgin-latex-1.5.0/LaTeX.c:194:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(params, opts[i]);
data/pidgin-latex-1.5.0/LaTeX.c:256:14: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
exitcode=execvp(cmd,opt);
data/pidgin-latex-1.5.0/LaTeX.c:332:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(begin_not_secure,not_secure[i]+0x01);
data/pidgin-latex-1.5.0/LaTeX.c:374:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file_tex, file_tmp);
data/pidgin-latex-1.5.0/LaTeX.c:376:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file_dvi, file_tmp);
data/pidgin-latex-1.5.0/LaTeX.c:378:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*file_png, file_tmp);
data/pidgin-latex-1.5.0/LaTeX.c:418:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(texfile, HEADER "%s" HEADER_COLOR "%s" HEADER_MATH "%s" FOOTER_MATH FOOTER, fgcolor, bgcolor, latex);
data/pidgin-latex-1.5.0/LaTeX.c:530:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tex2, tex);
data/pidgin-latex-1.5.0/LaTeX.c:537:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(shortcut, tex2);
data/pidgin-latex-1.5.0/LaTeX.c:614:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(message, IMG_BEGIN);
data/pidgin-latex-1.5.0/LaTeX.c:616:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(message, IMG_BEGIN);
data/pidgin-latex-1.5.0/LaTeX.c:618:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(message, idstring);
data/pidgin-latex-1.5.0/LaTeX.c:619:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(message, IMG_END);
data/pidgin-latex-1.5.0/LaTeX.c:624:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(message, &ptr2[strlen(enddelim)]);
data/pidgin-latex-1.5.0/LaTeX.c:633:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*tmp2, message);
data/pidgin-latex-1.5.0/LaTeX.c:714:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp2,*buffer);
data/pidgin-latex-1.5.0/LaTeX.c:764:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp2,*buffer);
data/pidgin-latex-1.5.0/LaTeX.c:206:7: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
if(!CreateProcess(NULL, params, NULL, NULL, TRUE, 0, NULL, NULL, &sup, &pi))
data/pidgin-latex-1.5.0/LaTeX.c:206:7: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
if(!CreateProcess(NULL, params, NULL, NULL, TRUE, 0, NULL, NULL, &sup, &pi))
data/pidgin-latex-1.5.0/LaTeX.c:81:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(finalmsg, ": ");
data/pidgin-latex-1.5.0/LaTeX.c:120:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r,file, s-file);
data/pidgin-latex-1.5.0/LaTeX.c:142:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r,s,strlen(file)*sizeof(char)+file-s);
data/pidgin-latex-1.5.0/LaTeX.c:191:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(params, "\" ");
data/pidgin-latex-1.5.0/LaTeX.c:310:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(pData,"\\convert.exe");
data/pidgin-latex-1.5.0/LaTeX.c:324:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *not_secure[NB_BLACKLIST] = BLACKLIST;
data/pidgin-latex-1.5.0/LaTeX.c:331:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(begin_not_secure,"\\\\begin\\W*{\\W*");
data/pidgin-latex-1.5.0/LaTeX.c:333:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(begin_not_secure,"\\W*}");
data/pidgin-latex-1.5.0/LaTeX.c:375:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(file_tex, ".tex");
data/pidgin-latex-1.5.0/LaTeX.c:377:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(file_dvi, ".dvi");
data/pidgin-latex-1.5.0/LaTeX.c:379:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(*file_png, ".png");
data/pidgin-latex-1.5.0/LaTeX.c:386:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fgcolor, "0,0,0");
data/pidgin-latex-1.5.0/LaTeX.c:396:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fgcolor,"%d,%d,%d", rgb >> 16, (rgb >> 8) & 0xff, rgb & 0xff);
data/pidgin-latex-1.5.0/LaTeX.c:403:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(bgcolor, "255,255,255");
data/pidgin-latex-1.5.0/LaTeX.c:413:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bgcolor,"%d,%d,%d", rgb >> 16, (rgb >> 8) & 0xff, rgb & 0xff);
data/pidgin-latex-1.5.0/LaTeX.c:417:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! (texfile = fopen(file_tex, "w"))) return FALSE;
data/pidgin-latex-1.5.0/LaTeX.c:424:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *latexopts[2]={"--interaction=nonstopmode", file_tex};
data/pidgin-latex-1.5.0/LaTeX.c:425:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dvipngopts[8]={"-Q", "10", "-T", "tight", "--follow", "-o", *file_png, file_dvi};
data/pidgin-latex-1.5.0/LaTeX.c:455:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(file_tex, ".aux");
data/pidgin-latex-1.5.0/LaTeX.c:458:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(file_tex, ".log");
data/pidgin-latex-1.5.0/LaTeX.c:536:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(shortcut,"$$");
data/pidgin-latex-1.5.0/LaTeX.c:538:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(shortcut, "$$");
data/pidgin-latex-1.5.0/LaTeX.c:600:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(idstring, "%d\0", idimg);
data/pidgin-latex-1.5.0/LaTeX.c:73:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
finalmsg=malloc((strlen(errmsg)+ strlen(prep) + 3)*sizeof(char));
data/pidgin-latex-1.5.0/LaTeX.c:73:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
finalmsg=malloc((strlen(errmsg)+ strlen(prep) + 3)*sizeof(char));
data/pidgin-latex-1.5.0/LaTeX.c:87:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
finalmsg = malloc((strlen(errmsg)+1)*sizeof(char));
data/pidgin-latex-1.5.0/LaTeX.c:133:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r=malloc((strlen(file)+1)*sizeof(char));
data/pidgin-latex-1.5.0/LaTeX.c:139:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r=malloc((strlen(file)+1)*sizeof(char)+file-s);
data/pidgin-latex-1.5.0/LaTeX.c:142:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(r,s,strlen(file)*sizeof(char)+file-s);
data/pidgin-latex-1.5.0/LaTeX.c:143:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r[strlen(file)+(file-s)/sizeof(char)]='\0';
data/pidgin-latex-1.5.0/LaTeX.c:167:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd=malloc((strlen(file)+1)*sizeof(char));
data/pidgin-latex-1.5.0/LaTeX.c:179:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len=strlen(cmd) + 4;
data/pidgin-latex-1.5.0/LaTeX.c:183:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len+=(strlen(opts[i]))*sizeof(char);
data/pidgin-latex-1.5.0/LaTeX.c:189:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(params, "\"");
data/pidgin-latex-1.5.0/LaTeX.c:195:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(params, " ");
data/pidgin-latex-1.5.0/LaTeX.c:330:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *begin_not_secure = malloc((strlen(not_secure[i])+18)*sizeof(char));
data/pidgin-latex-1.5.0/LaTeX.c:358:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_tex=malloc((strlen(file_tmp)+5)*sizeof(char));
data/pidgin-latex-1.5.0/LaTeX.c:359:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_dvi=malloc((strlen(file_tmp)+5)*sizeof(char));
data/pidgin-latex-1.5.0/LaTeX.c:360:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*file_png=malloc((strlen(file_tmp)+5)*sizeof(char));
data/pidgin-latex-1.5.0/LaTeX.c:453:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_tex[strlen(file_tex)-4]='\0';
data/pidgin-latex-1.5.0/LaTeX.c:457:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_tex[strlen(file_tex)-4]='\0';
data/pidgin-latex-1.5.0/LaTeX.c:487:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos1 = strlen(*tmp2) - strlen(ptr1);
data/pidgin-latex-1.5.0/LaTeX.c:487:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos1 = strlen(*tmp2) - strlen(ptr1);
data/pidgin-latex-1.5.0/LaTeX.c:490:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr2 = strstr(&ptr1[strlen(startdelim)], enddelim);
data/pidgin-latex-1.5.0/LaTeX.c:494:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos2 = strlen(*tmp2) - strlen(ptr2) + strlen(enddelim);
data/pidgin-latex-1.5.0/LaTeX.c:494:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos2 = strlen(*tmp2) - strlen(ptr2) + strlen(enddelim);
data/pidgin-latex-1.5.0/LaTeX.c:494:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos2 = strlen(*tmp2) - strlen(ptr2) + strlen(enddelim);
data/pidgin-latex-1.5.0/LaTeX.c:496:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((tex = malloc(pos2 - pos1 - strlen(enddelim) - strlen(startdelim) + 1)) == NULL)
data/pidgin-latex-1.5.0/LaTeX.c:496:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((tex = malloc(pos2 - pos1 - strlen(enddelim) - strlen(startdelim) + 1)) == NULL)
data/pidgin-latex-1.5.0/LaTeX.c:503:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tex, &ptr1[strlen(startdelim)], pos2 - pos1 - strlen(startdelim)-strlen(enddelim));
data/pidgin-latex-1.5.0/LaTeX.c:503:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(tex, &ptr1[strlen(startdelim)], pos2 - pos1 - strlen(startdelim)-strlen(enddelim));
data/pidgin-latex-1.5.0/LaTeX.c:503:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(tex, &ptr1[strlen(startdelim)], pos2 - pos1 - strlen(startdelim)-strlen(enddelim));
data/pidgin-latex-1.5.0/LaTeX.c:503:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(tex, &ptr1[strlen(startdelim)], pos2 - pos1 - strlen(startdelim)-strlen(enddelim));
data/pidgin-latex-1.5.0/LaTeX.c:504:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tex[pos2-pos1-strlen(startdelim)-strlen(enddelim)] = '\0';
data/pidgin-latex-1.5.0/LaTeX.c:504:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tex[pos2-pos1-strlen(startdelim)-strlen(enddelim)] = '\0';
data/pidgin-latex-1.5.0/LaTeX.c:529:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tex2 = (char*)malloc((strlen(tex)+1)*sizeof(char));
data/pidgin-latex-1.5.0/LaTeX.c:535:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shortcut = (char*)malloc((strlen(tex2)+5)*sizeof(char));
data/pidgin-latex-1.5.0/LaTeX.c:587:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((message = malloc (strlen(*tmp2) + 1)) == NULL)
data/pidgin-latex-1.5.0/LaTeX.c:603:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((message = malloc (strlen(*tmp2) - pos2 + pos1 + strlen(idstring) + strlen(IMG_BEGIN) + strlen(IMG_END) + 1)) == NULL)
data/pidgin-latex-1.5.0/LaTeX.c:603:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((message = malloc (strlen(*tmp2) - pos2 + pos1 + strlen(idstring) + strlen(IMG_BEGIN) + strlen(IMG_END) + 1)) == NULL)
data/pidgin-latex-1.5.0/LaTeX.c:603:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((message = malloc (strlen(*tmp2) - pos2 + pos1 + strlen(idstring) + strlen(IMG_BEGIN) + strlen(IMG_END) + 1)) == NULL)
data/pidgin-latex-1.5.0/LaTeX.c:603:99: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((message = malloc (strlen(*tmp2) - pos2 + pos1 + strlen(idstring) + strlen(IMG_BEGIN) + strlen(IMG_END) + 1)) == NULL)
data/pidgin-latex-1.5.0/LaTeX.c:612:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(message, *tmp2, pos1);
data/pidgin-latex-1.5.0/LaTeX.c:623:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pos2 < strlen(*tmp2))
data/pidgin-latex-1.5.0/LaTeX.c:624:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcat(message, &ptr2[strlen(enddelim)]);
data/pidgin-latex-1.5.0/LaTeX.c:627:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((*tmp2 = malloc(strlen(message)+1)) == NULL)
data/pidgin-latex-1.5.0/LaTeX.c:701:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((tmp2 = malloc(strlen(*buffer)+1)) == NULL)
data/pidgin-latex-1.5.0/LaTeX.c:757:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((tmp2 = malloc(strlen(*buffer)+1)) == NULL)
ANALYSIS SUMMARY:
Hits = 93
Lines analyzed = 1050 in approximately 0.05 seconds (22867 lines/second)
Physical Source Lines of Code (SLOC) = 712
Hits@level = [0] 0 [1] 45 [2] 23 [3] 2 [4] 23 [5] 0
Hits@level+ = [0+] 93 [1+] 93 [2+] 48 [3+] 25 [4+] 23 [5+] 0
Hits/KSLOC@level+ = [0+] 130.618 [1+] 130.618 [2+] 67.4157 [3+] 35.1124 [4+] 32.3034 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.