Note: Not every hit is necessarily a security vulnerability.
result at commit 70aa7564d54e9fd719eca06ea3919e696fbbaec5
raqm.h
raqm.h:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
raqm.h:36: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
raqm.c
raqm.c:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
raqm.c:428: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
The first three warnings are in testing and debugging code that is not compiled by default (except in make check), so can be safely ignored. I fixed the last one.
Note: Not every hit is necessarily a security vulnerability.
result at commit 70aa7564d54e9fd719eca06ea3919e696fbbaec5
raqm.h
raqm.c