Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/apngdis-2.9/apngdis.cpp
FINAL RESULTS:
data/apngdis-2.9/apngdis.cpp:517:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(szPath, szInput);
data/apngdis-2.9/apngdis.cpp:543:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(szPath, szOption+j);
data/apngdis-2.9/apngdis.cpp:558:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(szOut, szInput);
data/apngdis-2.9/apngdis.cpp:573:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szOut, "%s%.*d.png", szPath, len, i+res);
data/apngdis-2.9/apngdis.cpp:576:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szOut, "%s%.*d.txt", szPath, len, i+res);
data/apngdis-2.9/apngdis.cpp:100:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dp, sp, w*4);
data/apngdis-2.9/apngdis.cpp:105:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dp, sp, 4);
data/apngdis-2.9/apngdis.cpp:120:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dp, sp, 4);
data/apngdis-2.9/apngdis.cpp:128:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char len[4];
data/apngdis-2.9/apngdis.cpp:138:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pChunk->p, len, 4);
data/apngdis-2.9/apngdis.cpp:147:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[8] = {137, 80, 78, 71, 13, 10, 26, 10};
data/apngdis-2.9/apngdis.cpp:190:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char footer[12] = {0, 0, 0, 0, 73, 69, 78, 68, 174, 66, 96, 130};
data/apngdis-2.9/apngdis.cpp:212:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sig[8];
data/apngdis-2.9/apngdis.cpp:228:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(szIn, "rb")) != 0)
data/apngdis-2.9/apngdis.cpp:285:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frameNext.p, frameCur.p, imagesize);
data/apngdis-2.9/apngdis.cpp:294:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frameNext.p, frameCur.p, imagesize);
data/apngdis-2.9/apngdis.cpp:330:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chunkIHDR.p + 8, chunk.p + 12, 8);
data/apngdis-2.9/apngdis.cpp:363:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chunk.p + 8, "IDAT", 4);
data/apngdis-2.9/apngdis.cpp:441:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(szOut, "wb")) != 0)
data/apngdis-2.9/apngdis.cpp:475:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(szOut, "wb")) != 0)
data/apngdis-2.9/apngdis.cpp:491:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(szOut, "wt")) != 0)
data/apngdis-2.9/apngdis.cpp:503:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[256];
data/apngdis-2.9/apngdis.cpp:504:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szOut[256];
data/apngdis-2.9/apngdis.cpp:547:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szPath, "apngframe");
data/apngdis-2.9/apngdis.cpp:561:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szOut, "_strip.png");
data/apngdis-2.9/apngdis.cpp:567:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
unsigned int len = sprintf(szOut, "%d", num_frames);
data/apngdis-2.9/apngdis.cpp:509:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argc > 1 && strlen(argv[1]) < 256)
ANALYSIS SUMMARY:
Hits = 27
Lines analyzed = 589 in approximately 0.02 seconds (24781 lines/second)
Physical Source Lines of Code (SLOC) = 487
Hits@level = [0] 10 [1] 1 [2] 21 [3] 0 [4] 5 [5] 0
Hits@level+ = [0+] 37 [1+] 27 [2+] 26 [3+] 5 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 75.9754 [1+] 55.4415 [2+] 53.3881 [3+] 10.2669 [4+] 10.2669 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.