Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/3depict-0.0.22/src/gl/select.h
Examining data/3depict-0.0.22/src/gl/tr.cpp
Examining data/3depict-0.0.22/src/gl/textures.cpp
Examining data/3depict-0.0.22/src/gl/select.cpp
Examining data/3depict-0.0.22/src/gl/effect.cpp
Examining data/3depict-0.0.22/src/gl/drawables.h
Examining data/3depict-0.0.22/src/gl/cameras.cpp
Examining data/3depict-0.0.22/src/gl/tr.h
Examining data/3depict-0.0.22/src/gl/cameras.h
Examining data/3depict-0.0.22/src/gl/scene.cpp
Examining data/3depict-0.0.22/src/gl/textures.h
Examining data/3depict-0.0.22/src/gl/drawables.cpp
Examining data/3depict-0.0.22/src/gl/isoSurface.h
Examining data/3depict-0.0.22/src/gl/scene.h
Examining data/3depict-0.0.22/src/gl/effect.h
Examining data/3depict-0.0.22/src/gl/isoSurface.cpp
Examining data/3depict-0.0.22/src/gl/glDebug.h
Examining data/3depict-0.0.22/src/wx/wxcomponents.cpp
Examining data/3depict-0.0.22/src/wx/wxcommon.cpp
Examining data/3depict-0.0.22/src/wx/propertyGridUpdater.h
Examining data/3depict-0.0.22/src/wx/propertyGridUpdater.cpp
Examining data/3depict-0.0.22/src/wx/wxcommon.h
Examining data/3depict-0.0.22/src/wx/wxcomponents.h
Examining data/3depict-0.0.22/src/common/basics.cpp
Examining data/3depict-0.0.22/src/common/pngread.c
Examining data/3depict-0.0.22/src/common/assertion.cpp
Examining data/3depict-0.0.22/src/common/endianTest.h
Examining data/3depict-0.0.22/src/common/mathfuncs.cpp
Examining data/3depict-0.0.22/src/common/stringFuncs.cpp
Examining data/3depict-0.0.22/src/common/basics.h
Examining data/3depict-0.0.22/src/common/pngread.h
Examining data/3depict-0.0.22/src/common/voxels.cpp
Examining data/3depict-0.0.22/src/common/mathfuncs.h
Examining data/3depict-0.0.22/src/common/translation.h
Examining data/3depict-0.0.22/src/common/mesh.h
Examining data/3depict-0.0.22/src/common/stringFuncs.h
Examining data/3depict-0.0.22/src/common/colourmap.h
Examining data/3depict-0.0.22/src/common/gsl_helper.cpp
Examining data/3depict-0.0.22/src/common/array2D.h
Examining data/3depict-0.0.22/src/common/assertion.h
Examining data/3depict-0.0.22/src/common/colourmap.cpp
Examining data/3depict-0.0.22/src/common/xmlHelper.h
Examining data/3depict-0.0.22/src/common/constants.cpp
Examining data/3depict-0.0.22/src/common/constants.h
Examining data/3depict-0.0.22/src/common/voxels.h
Examining data/3depict-0.0.22/src/common/xmlHelper.cpp
Examining data/3depict-0.0.22/src/common/mesh.cpp
Examining data/3depict-0.0.22/src/common/gsl_helper.h
Examining data/3depict-0.0.22/src/gui/glPane.h
Examining data/3depict-0.0.22/src/gui/glPane.cpp
Examining data/3depict-0.0.22/src/gui/cropPanel.cpp
Examining data/3depict-0.0.22/src/gui/dialogs/autosaveDialog.h
Examining data/3depict-0.0.22/src/gui/dialogs/animateFilterDialog.h
Examining data/3depict-0.0.22/src/gui/dialogs/ExportPos.h
Examining data/3depict-0.0.22/src/gui/dialogs/ExportRngDialog.cpp
Examining data/3depict-0.0.22/src/gui/dialogs/rangeEditDialog.cpp
Examining data/3depict-0.0.22/src/gui/dialogs/autosaveDialog.cpp
Examining data/3depict-0.0.22/src/gui/dialogs/StashDialog.h
Examining data/3depict-0.0.22/src/gui/dialogs/filterErrorDialog.cpp
Examining data/3depict-0.0.22/src/gui/dialogs/transferFuncDialog.cpp
Examining data/3depict-0.0.22/src/gui/dialogs/StashDialog.cpp
Examining data/3depict-0.0.22/src/gui/dialogs/animateSubDialogs/stringKeyFrameDialog.h
Examining data/3depict-0.0.22/src/gui/dialogs/animateSubDialogs/choiceKeyFrameDialog.cpp
Examining data/3depict-0.0.22/src/gui/dialogs/animateSubDialogs/choiceKeyFrameDialog.h
Examining data/3depict-0.0.22/src/gui/dialogs/animateSubDialogs/colourKeyFrameDialog.h
Examining data/3depict-0.0.22/src/gui/dialogs/animateSubDialogs/realKeyFrameDialog.h
Examining data/3depict-0.0.22/src/gui/dialogs/animateSubDialogs/stringKeyFrameDialog.cpp
Examining data/3depict-0.0.22/src/gui/dialogs/animateSubDialogs/colourKeyFrameDialog.cpp
Examining data/3depict-0.0.22/src/gui/dialogs/transferFuncDialog.h
Examining data/3depict-0.0.22/src/gui/dialogs/animateFilterDialog.cpp
Examining data/3depict-0.0.22/src/gui/dialogs/resolutionDialog.cpp
Examining data/3depict-0.0.22/src/gui/dialogs/prefDialog.h
Examining data/3depict-0.0.22/src/gui/dialogs/ExportPos.cpp
Examining data/3depict-0.0.22/src/gui/dialogs/ExportRngDialog.h
Examining data/3depict-0.0.22/src/gui/dialogs/filterErrorDialog.h
Examining data/3depict-0.0.22/src/gui/dialogs/rangeEditDialog.h
Examining data/3depict-0.0.22/src/gui/dialogs/resolutionDialog.h
Examining data/3depict-0.0.22/src/gui/dialogs/prefDialog.cpp
Examining data/3depict-0.0.22/src/gui/mainFrame.h
Examining data/3depict-0.0.22/src/gui/cropPanel.h
Examining data/3depict-0.0.22/src/gui/mainFrame.cpp
Examining data/3depict-0.0.22/src/gui/art.h
Examining data/3depict-0.0.22/src/gui/mathglPane.h
Examining data/3depict-0.0.22/src/gui/mathglPane.cpp
Examining data/3depict-0.0.22/src/testing/testing.h
Examining data/3depict-0.0.22/src/testing/filtertesting.cpp
Examining data/3depict-0.0.22/src/testing/testing.cpp
Examining data/3depict-0.0.22/src/testing/mglTesting.cpp
Examining data/3depict-0.0.22/src/testing/mglTesting.h
Examining data/3depict-0.0.22/src/testing/filtertesting.h
Examining data/3depict-0.0.22/src/winconsole.cpp
Examining data/3depict-0.0.22/src/winconsole.h
Examining data/3depict-0.0.22/src/backend/configFile.cpp
Examining data/3depict-0.0.22/src/backend/plot.cpp
Examining data/3depict-0.0.22/src/backend/filtertree.cpp
Examining data/3depict-0.0.22/src/backend/filtertree.h
Examining data/3depict-0.0.22/src/backend/filter.h
Examining data/3depict-0.0.22/src/backend/animator.h
Examining data/3depict-0.0.22/src/backend/filtertreeAnalyse.h
Examining data/3depict-0.0.22/src/backend/viscontrol.cpp
Examining data/3depict-0.0.22/src/backend/filters/externalProgram.cpp
Examining data/3depict-0.0.22/src/backend/filters/voxelLoad.cpp
Examining data/3depict-0.0.22/src/backend/filters/algorithms/spatial.h
Examining data/3depict-0.0.22/src/backend/filters/algorithms/K3DTree-mk2.h
Examining data/3depict-0.0.22/src/backend/filters/algorithms/K3DTree.cpp
Examining data/3depict-0.0.22/src/backend/filters/algorithms/binomial.cpp
Examining data/3depict-0.0.22/src/backend/filters/algorithms/mass.cpp
Examining data/3depict-0.0.22/src/backend/filters/algorithms/mass.h
Examining data/3depict-0.0.22/src/backend/filters/algorithms/K3DTree.h
Examining data/3depict-0.0.22/src/backend/filters/algorithms/K3DTree-mk2.cpp
Examining data/3depict-0.0.22/src/backend/filters/algorithms/binomial.h
Examining data/3depict-0.0.22/src/backend/filters/algorithms/convexHull.cpp
Examining data/3depict-0.0.22/src/backend/filters/algorithms/convexHull.h
Examining data/3depict-0.0.22/src/backend/filters/algorithms/spatial.cpp
Examining data/3depict-0.0.22/src/backend/filters/transform.h
Examining data/3depict-0.0.22/src/backend/filters/ionClip.cpp
Examining data/3depict-0.0.22/src/backend/filters/ionColour.h
Examining data/3depict-0.0.22/src/backend/filters/filterCommon.h
Examining data/3depict-0.0.22/src/backend/filters/clusterAnalysis.cpp
Examining data/3depict-0.0.22/src/backend/filters/voxelise.cpp
Examining data/3depict-0.0.22/src/backend/filters/geometryHelpers.cpp
Examining data/3depict-0.0.22/src/backend/filters/spectrumPlot.h
Examining data/3depict-0.0.22/src/backend/filters/ionColour.cpp
Examining data/3depict-0.0.22/src/backend/filters/clusterAnalysis.h
Examining data/3depict-0.0.22/src/backend/filters/boundingBox.h
Examining data/3depict-0.0.22/src/backend/filters/allFilter.cpp
Examining data/3depict-0.0.22/src/backend/filters/spatialAnalysis.cpp
Examining data/3depict-0.0.22/src/backend/filters/ionDownsample.h
Examining data/3depict-0.0.22/src/backend/filters/allFilter.h
Examining data/3depict-0.0.22/src/backend/filters/profile.h
Examining data/3depict-0.0.22/src/backend/filters/filterCommon.cpp
Examining data/3depict-0.0.22/src/backend/filters/profile.cpp
Examining data/3depict-0.0.22/src/backend/filters/transform.cpp
Examining data/3depict-0.0.22/src/backend/filters/spatialAnalysis.h
Examining data/3depict-0.0.22/src/backend/filters/boundingBox.cpp
Examining data/3depict-0.0.22/src/backend/filters/ionInfo.h
Examining data/3depict-0.0.22/src/backend/filters/annotation.cpp
Examining data/3depict-0.0.22/src/backend/filters/voxelLoad.h
Examining data/3depict-0.0.22/src/backend/filters/ionDownsample.cpp
Examining data/3depict-0.0.22/src/backend/filters/ionInfo.cpp
Examining data/3depict-0.0.22/src/backend/filters/dataLoad.cpp
Examining data/3depict-0.0.22/src/backend/filters/spectrumPlot.cpp
Examining data/3depict-0.0.22/src/backend/filters/ionClip.h
Examining data/3depict-0.0.22/src/backend/filters/rangeFile.cpp
Examining data/3depict-0.0.22/src/backend/filters/geometryHelpers.h
Examining data/3depict-0.0.22/src/backend/filters/dataLoad.h
Examining data/3depict-0.0.22/src/backend/filters/annotation.h
Examining data/3depict-0.0.22/src/backend/filters/externalProgram.h
Examining data/3depict-0.0.22/src/backend/filters/voxelise.h
Examining data/3depict-0.0.22/src/backend/filters/rangeFile.h
Examining data/3depict-0.0.22/src/backend/animator.cpp
Examining data/3depict-0.0.22/src/backend/state.cpp
Examining data/3depict-0.0.22/src/backend/plot.h
Examining data/3depict-0.0.22/src/backend/configFile.h
Examining data/3depict-0.0.22/src/backend/filtertreeAnalyse.cpp
Examining data/3depict-0.0.22/src/backend/state.h
Examining data/3depict-0.0.22/src/backend/viscontrol.h
Examining data/3depict-0.0.22/src/backend/APT/APTFileIO.h
Examining data/3depict-0.0.22/src/backend/APT/3DapReader.cpp
Examining data/3depict-0.0.22/src/backend/APT/abundanceParser.cpp
Examining data/3depict-0.0.22/src/backend/APT/ionhit.cpp
Examining data/3depict-0.0.22/src/backend/APT/APTFileIO.cpp
Examining data/3depict-0.0.22/src/backend/APT/vtk.cpp
Examining data/3depict-0.0.22/src/backend/APT/3DapReader.h
Examining data/3depict-0.0.22/src/backend/APT/ionhit.h
Examining data/3depict-0.0.22/src/backend/APT/APTRanges.h
Examining data/3depict-0.0.22/src/backend/APT/APTRanges.cpp
Examining data/3depict-0.0.22/src/backend/APT/abundanceParser.h
Examining data/3depict-0.0.22/src/backend/APT/vtk.h
Examining data/3depict-0.0.22/src/backend/APT/ionMapFile.h
Examining data/3depict-0.0.22/src/backend/APT/ionMapFile.cpp
Examining data/3depict-0.0.22/src/backend/filter.cpp
Examining data/3depict-0.0.22/src/3Depict.cpp
FINAL RESULTS:
data/3depict-0.0.22/src/backend/filters/annotation.cpp:371:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf,num,formatStr.c_str(),angleVal);
data/3depict-0.0.22/src/backend/filters/dataLoad.cpp:1408:2: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(s.c_str());
data/3depict-0.0.22/src/backend/filters/dataLoad.cpp:1492:2: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(s.c_str());
data/3depict-0.0.22/src/backend/filters/externalProgram.cpp:357:14: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
result=std::system(substitutedCommand.c_str());
data/3depict-0.0.22/src/backend/filters/externalProgram.cpp:762:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
errCode=system("echo testing... > /dev/null");
data/3depict-0.0.22/src/backend/filters/externalProgram.cpp:764:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
errCode=system("echo testing... > NUL");
data/3depict-0.0.22/src/common/basics.cpp:1703:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
result=system(command.c_str());
data/3depict-0.0.22/src/common/basics.cpp:1712:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
result=system(command.c_str());
data/3depict-0.0.22/src/3Depict.cpp:484:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand (time(NULL));
data/3depict-0.0.22/src/backend/filters/transform.cpp:1102:8: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand(time(0));
data/3depict-0.0.22/src/common/colourmap.cpp:186:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((int)(65000*(value-min)/(max-min)));
data/3depict-0.0.22/src/common/stringFuncs.cpp:227:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/3depict-0.0.22/src/3Depict.cpp:139:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
debugLogStream.open(filePath.c_str());
data/3depict-0.0.22/src/3Depict.cpp:503:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/3depict-0.0.22/src/backend/APT/APTFileIO.cpp:242:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(buffer2[i * sizeof(float)]), &(buffer[index[i] * sizeof(float)]), sizeof(float));
data/3depict-0.0.22/src/backend/APT/APTFileIO.cpp:402:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(buffer2[i * sizeof(float)]), &(buffer[index[i] * sizeof(float)]), sizeof(float));
data/3depict-0.0.22/src/backend/APT/APTFileIO.cpp:548:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(buffer2[j * maxPosCols + i * sizeof(float)]),
data/3depict-0.0.22/src/backend/APT/APTFileIO.cpp:641:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
CFile.open(textFile);
data/3depict-0.0.22/src/backend/APT/APTFileIO.cpp:689:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
CFile.open(textFile,std::ios::binary);
data/3depict-0.0.22/src/backend/APT/APTFileIO.cpp:808:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
CFile.open(textFile);
data/3depict-0.0.22/src/backend/APT/APTRanges.cpp:589:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
unsigned int RangeFile::open(const char *rangeFilename, unsigned int fileFormat)
data/3depict-0.0.22/src/backend/APT/APTRanges.cpp:598:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpRange=fopen(rangeFilename,"r");
data/3depict-0.0.22/src/backend/APT/APTRanges.cpp:675:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!open(rangeFilename,assumedFileFormat))
data/3depict-0.0.22/src/backend/APT/APTRanges.cpp:690:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!open(rangeFilename,ui))
data/3depict-0.0.22/src/backend/APT/APTRanges.cpp:1284:5: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(rangeFile,"r");
data/3depict-0.0.22/src/backend/APT/APTRanges.h:157:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
unsigned int open(const char *rangeFile, unsigned int format=RANGE_FORMAT_ORNL);
data/3depict-0.0.22/src/backend/APT/abundanceParser.cpp:69:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
size_t AbundanceData::open(const char *file, bool strict)
data/3depict-0.0.22/src/backend/APT/abundanceParser.cpp:417:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TEST(massTable.open(tableFile) == 0,"load table");
data/3depict-0.0.22/src/backend/APT/abundanceParser.h:76:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
size_t open(const char *file, bool strict=false);
data/3depict-0.0.22/src/backend/APT/vtk.cpp:47:4: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(filename.c_str());
data/3depict-0.0.22/src/backend/APT/vtk.h:65:4: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(filename.c_str());
data/3depict-0.0.22/src/backend/APT/vtk.h:122:4: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(filename.c_str());
data/3depict-0.0.22/src/backend/filters/algorithms/convexHull.cpp:637:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outSquelch=fopen("/dev/null","w");
data/3depict-0.0.22/src/backend/filters/algorithms/convexHull.cpp:639:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outSquelch=fopen("NUL","w");
data/3depict-0.0.22/src/backend/filters/algorithms/convexHull.cpp:762:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outSquelch=fopen("/dev/null","w");
data/3depict-0.0.22/src/backend/filters/algorithms/convexHull.cpp:764:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outSquelch=fopen("NUL","w");
data/3depict-0.0.22/src/backend/filters/algorithms/convexHull.cpp:848:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outSquelch=fopen("/dev/null","w");
data/3depict-0.0.22/src/backend/filters/algorithms/convexHull.cpp:850:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outSquelch=fopen("NUL","w");
data/3depict-0.0.22/src/backend/filters/algorithms/mass.cpp:27:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *BACKGROUND_MODE_STRING[FIT_MODE_ENUM_END] = {NTRANS("None"),
data/3depict-0.0.22/src/backend/filters/algorithms/mass.cpp:33:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * errorMsgs[BACKGROUND_PARAMS::FIT_FAIL_END] = {
data/3depict-0.0.22/src/backend/filters/algorithms/mass.h:39:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *BACKGROUND_MODE_STRING[FIT_MODE_ENUM_END];
data/3depict-0.0.22/src/backend/filters/boundingBox.cpp:192:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/3depict-0.0.22/src/backend/filters/filterCommon.cpp:298:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[3]; //RGB array
data/3depict-0.0.22/src/backend/filters/filterCommon.cpp:1380:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[3];
data/3depict-0.0.22/src/backend/filters/filterCommon.cpp:1519:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[3];
data/3depict-0.0.22/src/backend/filters/ionColour.cpp:150:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[3]; //RGB array
data/3depict-0.0.22/src/backend/filters/profile.cpp:691:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[3];
data/3depict-0.0.22/src/backend/plot.cpp:1812:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[3];
data/3depict-0.0.22/src/common/array2D.h:40:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data,rhs.data,nWidth*nHeight*sizeof(T));
data/3depict-0.0.22/src/common/basics.cpp:1470:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inBuffer[BUFFER_SIZE];
data/3depict-0.0.22/src/common/basics.h:489:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[4];
data/3depict-0.0.22/src/common/colourmap.cpp:399:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[3];
data/3depict-0.0.22/src/common/endianTest.h:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/3depict-0.0.22/src/common/endianTest.h:79:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2];
data/3depict-0.0.22/src/common/pngread.c:28:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[bytes_to_check];
data/3depict-0.0.22/src/common/pngread.c:31:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((*fp = fopen(file_name, "rb")) == NULL)
data/3depict-0.0.22/src/common/stringFuncs.cpp:249:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(s.c_str());
data/3depict-0.0.22/src/gl/drawables.cpp:2885:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[3];
data/3depict-0.0.22/src/gl/drawables.cpp:3028:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[3];
data/3depict-0.0.22/src/gl/drawables.h:1256:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char v[3];
data/3depict-0.0.22/src/gl/textures.cpp:251:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (!check_if_png((char *)fileNames[ui].c_str(), &fp, 8))
data/3depict-0.0.22/src/gui/dialogs/animateFilterDialog.cpp:83:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *extension[RANGE_FORMAT_NUM_OPTIONS] =
data/3depict-0.0.22/src/gui/dialogs/animateFilterDialog.cpp:90:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * comboRange_choices[RANGE_FORMAT_NUM_OPTIONS] =
data/3depict-0.0.22/src/gui/dialogs/rangeEditDialog.cpp:235:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
abundanceData.open(fileLoc.c_str());
data/3depict-0.0.22/src/gui/glPane.cpp:1085:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char clear[3];
data/3depict-0.0.22/src/gui/mainFrame.cpp:144:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * comboFilters_choices[FILTER_DROP_COUNT] =
data/3depict-0.0.22/src/testing/filtertesting.cpp:192:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileOut.open(sClone.c_str());
data/3depict-0.0.22/src/testing/testing.cpp:457:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
manifest.open(paths[ui].c_str());
data/3depict-0.0.22/src/testing/testing.cpp:473:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
manifest.open(str.c_str());
data/3depict-0.0.22/src/winconsole.cpp:35:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_out.open("CONOUT$");
data/3depict-0.0.22/src/winconsole.cpp:40:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_err.open("CONOUT$");
data/3depict-0.0.22/src/winconsole.cpp:45:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_in.open("CONIN$");
data/3depict-0.0.22/src/wx/wxcommon.cpp:132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/3depict-0.0.22/src/wx/wxcommon.cpp:498:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char*)name,"%ls",pspid->ImageName.Buffer);
data/3depict-0.0.22/src/wx/wxcommon.cpp:567:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgbIm[3],rgbaOv[4];
data/3depict-0.0.22/src/backend/APT/APTFileIO.cpp:239:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CFile.read(buffer,BUFFERSIZE);
data/3depict-0.0.22/src/backend/APT/APTFileIO.cpp:391:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CFile.read(buffer,BUFFERSIZE);
data/3depict-0.0.22/src/backend/APT/APTFileIO.cpp:536:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CFile.read(buffer,curBufferSize);
data/3depict-0.0.22/src/backend/APT/APTFileIO.cpp:716:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CFile.read(buffer,bytesToRead);
data/3depict-0.0.22/src/backend/APT/APTFileIO.cpp:923:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CFile.read((char*)&versionByte,sizeof(unsigned int));
data/3depict-0.0.22/src/backend/APT/APTFileIO.cpp:993:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CFile.read((char*)buffer,LAWATAP_ATO_RECORD_SIZE);
data/3depict-0.0.22/src/backend/APT/APTFileIO.cpp:1093:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CFile.read((char*)buffer,LAWATAP_ATO_RECORD_SIZE);
data/3depict-0.0.22/src/backend/APT/APTFileIO.cpp:1113:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CFile.read((char*)buffer,LAWATAP_ATO_RECORD_SIZE);
data/3depict-0.0.22/src/backend/APT/APTFileIO.cpp:1221:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f.read(buffer,recordSize);
data/3depict-0.0.22/src/backend/APT/APTRanges.cpp:497:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(strlen(elementList[offset]))
data/3depict-0.0.22/src/backend/APT/APTRanges.cpp:732:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(ret && strlen(ret) < MAX_LINE_SIZE-1 && ret[0] != '-')
data/3depict-0.0.22/src/backend/APT/APTRanges.cpp:737:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!ret || strlen(ret) >= MAX_LINE_SIZE -1)
data/3depict-0.0.22/src/backend/APT/APTRanges.cpp:829:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!ret || strlen(ret) >= MAX_LINE_SIZE-1)
data/3depict-0.0.22/src/backend/APT/APTRanges.cpp:837:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!ret || strlen(ret) >= MAX_LINE_SIZE-1)
data/3depict-0.0.22/src/backend/APT/APTRanges.cpp:1359:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(fgetc(fpRange) == EOF)
data/3depict-0.0.22/src/backend/APT/APTRanges.cpp:1373:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(fgetc(fpRange) == EOF)
data/3depict-0.0.22/src/backend/APT/APTRanges.cpp:1381:7: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if(!fscanf(fpRange, " %255s", inBuffer))
data/3depict-0.0.22/src/backend/APT/APTRanges.cpp:1391:7: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if(!fscanf(fpRange, " %255s", inBuffer))
data/3depict-0.0.22/src/backend/APT/APTRanges.cpp:1570:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strlen(inBuffer) >=MAX_LINE_SIZE-1)
data/3depict-0.0.22/src/backend/APT/APTRanges.cpp:1831:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strlen(inBuffer) >=MAX_LINE_SIZE-1)
data/3depict-0.0.22/src/backend/APT/APTRanges.cpp:2362:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(strlen(RANGE_EXTS[extOff]))
data/3depict-0.0.22/src/backend/APT/ionMapFile.cpp:72:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned int IonMapTable::read(const char *filename)
data/3depict-0.0.22/src/backend/APT/ionMapFile.cpp:335:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST(!mapTable.read("../test/ionMapExample.xml"),"ion map read");
data/3depict-0.0.22/src/backend/APT/ionMapFile.cpp:340:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mapTableB.read(s.c_str());
data/3depict-0.0.22/src/backend/APT/ionMapFile.h:51:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned int read(const char *filename);
data/3depict-0.0.22/src/backend/configFile.cpp:141:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned int ConfigFile::read()
data/3depict-0.0.22/src/backend/configFile.h:112:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned int read();
data/3depict-0.0.22/src/backend/filters/clusterAnalysis.cpp:1254:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(p->dataLabel.substr(strlen(SIZE_DIST_DATALABEL)) ==SIZE_DIST_DATALABEL )
data/3depict-0.0.22/src/backend/filters/clusterAnalysis.cpp:1351:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(p->dataLabel.substr(0,strlen(CHEM_DIST_DATALABEL)) ==CHEM_DIST_DATALABEL )
data/3depict-0.0.22/src/backend/filters/ionInfo.cpp:234:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(remapTable.read(remapFilename.c_str()))
data/3depict-0.0.22/src/backend/filters/profile.cpp:595:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(remapTable.read(remapFilename.c_str()))
data/3depict-0.0.22/src/common/basics.h:86:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(stream);
data/3depict-0.0.22/src/common/mesh.cpp:829:14: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return std::equal(t1.begin(),t1.end(),t2.begin());
data/3depict-0.0.22/src/common/mesh.cpp:848:14: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return std::equal(ta.begin(),ta.end(),tb.begin());
data/3depict-0.0.22/src/common/mesh.cpp:1670:14: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(std::equal(triNodes.begin(),triNodes.end(),tetFaceNodes.begin()))
data/3depict-0.0.22/src/common/voxels.h:1164:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CFile.read((char *)buffer,curBufferSize);
data/3depict-0.0.22/src/common/xmlHelper.cpp:75:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
<< data.substr( pos + strlen( refs[i] ) ) ;
data/3depict-0.0.22/src/common/xmlHelper.cpp:78:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = data.find( refs[i], pos + strlen( refs[i] ) ) ;
data/3depict-0.0.22/src/gui/mainFrame.cpp:810:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(configFile.read() == CONFIG_ERR_BADFILE)
data/3depict-0.0.22/src/gui/mainFrame.cpp:2465:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inputF.read(c,CHUNKSIZE);
data/3depict-0.0.22/src/gui/mainFrame.cpp:5984:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefixLen = stlStr(configDirPath).size() + strlen(AUTOSAVE_PREFIX) + 1;
data/3depict-0.0.22/src/gui/mainFrame.cpp:5994:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(tmp.size() >=(strlen(AUTOSAVE_PREFIX) + strlen(AUTOSAVE_SUFFIX)));
data/3depict-0.0.22/src/gui/mainFrame.cpp:5994:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(tmp.size() >=(strlen(AUTOSAVE_PREFIX) + strlen(AUTOSAVE_SUFFIX)));
data/3depict-0.0.22/src/gui/mainFrame.cpp:5997:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = tmp.substr(prefixLen-1,tmp.size()-(strlen(AUTOSAVE_SUFFIX) + prefixLen-1));
data/3depict-0.0.22/src/gui/mathglPane.cpp:313:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(gr->Message()))
data/3depict-0.0.22/src/testing/filtertesting.cpp:150:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
configFile.read();
data/3depict-0.0.22/src/wx/wxcommon.h:43:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s2=std::string(tmp_str, strlen(tmp_str));
data/3depict-0.0.22/src/wx/wxcomponents.cpp:522:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(strlen(dirs[ui]))
data/3depict-0.0.22/src/wx/wxcomponents.cpp:568:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(strlen(dirs[ui]))
data/3depict-0.0.22/src/wx/wxcomponents.cpp:604:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(strlen(dirs[ui]))
ANALYSIS SUMMARY:
Hits = 125
Lines analyzed = 110100 in approximately 1.90 seconds (57999 lines/second)
Physical Source Lines of Code (SLOC) = 71981
Hits@level = [0] 7 [1] 50 [2] 63 [3] 4 [4] 8 [5] 0
Hits@level+ = [0+] 132 [1+] 125 [2+] 75 [3+] 12 [4+] 8 [5+] 0
Hits/KSLOC@level+ = [0+] 1.83382 [1+] 1.73657 [2+] 1.04194 [3+] 0.166711 [4+] 0.11114 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.