Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cal3d-0.11.0/src/cal3d/animation.h
Examining data/cal3d-0.11.0/src/cal3d/animation_action.h
Examining data/cal3d-0.11.0/src/cal3d/animation_cycle.h
Examining data/cal3d-0.11.0/src/cal3d/animcallback.h
Examining data/cal3d-0.11.0/src/cal3d/bone.h
Examining data/cal3d-0.11.0/src/cal3d/buffersource.h
Examining data/cal3d-0.11.0/src/cal3d/cal3d.h
Examining data/cal3d-0.11.0/src/cal3d/cal3d_wrapper.h
Examining data/cal3d-0.11.0/src/cal3d/coreanimation.h
Examining data/cal3d-0.11.0/src/cal3d/corebone.h
Examining data/cal3d-0.11.0/src/cal3d/corekeyframe.h
Examining data/cal3d-0.11.0/src/cal3d/corematerial.h
Examining data/cal3d-0.11.0/src/cal3d/coremesh.h
Examining data/cal3d-0.11.0/src/cal3d/coremodel.h
Examining data/cal3d-0.11.0/src/cal3d/coreskeleton.h
Examining data/cal3d-0.11.0/src/cal3d/coresubmesh.h
Examining data/cal3d-0.11.0/src/cal3d/coresubmorphtarget.h
Examining data/cal3d-0.11.0/src/cal3d/coretrack.h
Examining data/cal3d-0.11.0/src/cal3d/datasource.h
Examining data/cal3d-0.11.0/src/cal3d/error.h
Examining data/cal3d-0.11.0/src/cal3d/global.h
Examining data/cal3d-0.11.0/src/cal3d/hardwaremodel.h
Examining data/cal3d-0.11.0/src/cal3d/loader.h
Examining data/cal3d-0.11.0/src/cal3d/matrix.h
Examining data/cal3d-0.11.0/src/cal3d/mesh.h
Examining data/cal3d-0.11.0/src/cal3d/mixer.h
Examining data/cal3d-0.11.0/src/cal3d/model.h
Examining data/cal3d-0.11.0/src/cal3d/morphtargetmixer.h
Examining data/cal3d-0.11.0/src/cal3d/physique.h
Examining data/cal3d-0.11.0/src/cal3d/platform.h
Examining data/cal3d-0.11.0/src/cal3d/quaternion.h
Examining data/cal3d-0.11.0/src/cal3d/refcounted.h
Examining data/cal3d-0.11.0/src/cal3d/refptr.h
Examining data/cal3d-0.11.0/src/cal3d/renderer.h
Examining data/cal3d-0.11.0/src/cal3d/resource.h
Examining data/cal3d-0.11.0/src/cal3d/saver.h
Examining data/cal3d-0.11.0/src/cal3d/skeleton.h
Examining data/cal3d-0.11.0/src/cal3d/springsystem.h
Examining data/cal3d-0.11.0/src/cal3d/streamsource.h
Examining data/cal3d-0.11.0/src/cal3d/submesh.h
Examining data/cal3d-0.11.0/src/cal3d/vector.h
Examining data/cal3d-0.11.0/src/cal3d/tinyxml.h
Examining data/cal3d-0.11.0/src/cal3d/transform.h
Examining data/cal3d-0.11.0/src/cal3d/coremorphanimation.h
Examining data/cal3d-0.11.0/src/cal3d/animation.cpp
Examining data/cal3d-0.11.0/src/cal3d/animation_action.cpp
Examining data/cal3d-0.11.0/src/cal3d/animation_cycle.cpp
Examining data/cal3d-0.11.0/src/cal3d/bone.cpp
Examining data/cal3d-0.11.0/src/cal3d/buffersource.cpp
Examining data/cal3d-0.11.0/src/cal3d/cal3d_wrapper.cpp
Examining data/cal3d-0.11.0/src/cal3d/coreanimation.cpp
Examining data/cal3d-0.11.0/src/cal3d/corebone.cpp
Examining data/cal3d-0.11.0/src/cal3d/corekeyframe.cpp
Examining data/cal3d-0.11.0/src/cal3d/corematerial.cpp
Examining data/cal3d-0.11.0/src/cal3d/coremesh.cpp
Examining data/cal3d-0.11.0/src/cal3d/coremodel.cpp
Examining data/cal3d-0.11.0/src/cal3d/coreskeleton.cpp
Examining data/cal3d-0.11.0/src/cal3d/coresubmesh.cpp
Examining data/cal3d-0.11.0/src/cal3d/coresubmorphtarget.cpp
Examining data/cal3d-0.11.0/src/cal3d/coretrack.cpp
Examining data/cal3d-0.11.0/src/cal3d/error.cpp
Examining data/cal3d-0.11.0/src/cal3d/global.cpp
Examining data/cal3d-0.11.0/src/cal3d/matrix.cpp
Examining data/cal3d-0.11.0/src/cal3d/mesh.cpp
Examining data/cal3d-0.11.0/src/cal3d/mixer.cpp
Examining data/cal3d-0.11.0/src/cal3d/model.cpp
Examining data/cal3d-0.11.0/src/cal3d/morphtargetmixer.cpp
Examining data/cal3d-0.11.0/src/cal3d/physique.cpp
Examining data/cal3d-0.11.0/src/cal3d/quaternion.cpp
Examining data/cal3d-0.11.0/src/cal3d/saver.cpp
Examining data/cal3d-0.11.0/src/cal3d/skeleton.cpp
Examining data/cal3d-0.11.0/src/cal3d/springsystem.cpp
Examining data/cal3d-0.11.0/src/cal3d/streamsource.cpp
Examining data/cal3d-0.11.0/src/cal3d/vector.cpp
Examining data/cal3d-0.11.0/src/cal3d/tinyxml.cpp
Examining data/cal3d-0.11.0/src/cal3d/tinyxmlerror.cpp
Examining data/cal3d-0.11.0/src/cal3d/tinyxmlparser.cpp
Examining data/cal3d-0.11.0/src/cal3d/coremorphanimation.cpp
Examining data/cal3d-0.11.0/src/cal3d/hardwaremodel.cpp
Examining data/cal3d-0.11.0/src/cal3d/platform.cpp
Examining data/cal3d-0.11.0/src/cal3d/renderer.cpp
Examining data/cal3d-0.11.0/src/cal3d/submesh.cpp
Examining data/cal3d-0.11.0/src/cal3d/loader.cpp
Examining data/cal3d-0.11.0/src/cal3d_converter.cpp
FINAL RESULTS:
data/cal3d-0.11.0/src/cal3d/tinyxml.cpp:118:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( buffer, str.c_str() );
data/cal3d-0.11.0/src/cal3d/tinyxml.h:51:19: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define TIXML_LOG printf
data/cal3d-0.11.0/src/cal3d/global.h:51:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char SKELETON_FILE_MAGIC[4] = { 'C', 'S', 'F', '\0' };
data/cal3d-0.11.0/src/cal3d/global.h:52:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char ANIMATION_FILE_MAGIC[4] = { 'C', 'A', 'F', '\0' };
data/cal3d-0.11.0/src/cal3d/global.h:53:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char MESH_FILE_MAGIC[4] = { 'C', 'M', 'F', '\0' };
data/cal3d-0.11.0/src/cal3d/global.h:54:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char MATERIAL_FILE_MAGIC[4] = { 'C', 'R', 'F', '\0' };
data/cal3d-0.11.0/src/cal3d/global.h:56:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char SKELETON_XMLFILE_MAGIC[4] = { 'X', 'S', 'F', '\0' };
data/cal3d-0.11.0/src/cal3d/global.h:57:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char ANIMATION_XMLFILE_MAGIC[4] = { 'X', 'A', 'F', '\0' };
data/cal3d-0.11.0/src/cal3d/global.h:58:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char MESH_XMLFILE_MAGIC[4] = { 'X', 'M', 'F', '\0' };
data/cal3d-0.11.0/src/cal3d/global.h:59:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char MATERIAL_XMLFILE_MAGIC[4] = { 'X', 'R', 'F', '\0' };
data/cal3d-0.11.0/src/cal3d/hardwaremodel.cpp:755:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m_pVertexBuffer[(hardwareMesh.baseVertexIndex+i)*m_vertexStride],&vectorVertex[indice].position,sizeof(CalVector));
data/cal3d-0.11.0/src/cal3d/hardwaremodel.cpp:757:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m_pNormalBuffer[(hardwareMesh.baseVertexIndex+i)*m_normalStride],&vectorVertex[indice].normal,sizeof(CalVector));
data/cal3d-0.11.0/src/cal3d/hardwaremodel.cpp:764:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m_pTextureCoordBuffer[mapId][(hardwareMesh.baseVertexIndex+i)*m_textureCoordStride[mapId]],&vectorvectorTextureCoordinate[mapId][indice],sizeof(CalCoreSubmesh::TextureCoordinate));
data/cal3d-0.11.0/src/cal3d/hardwaremodel.cpp:775:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m_pTangentSpaceBuffer[mapId][(hardwareMesh.baseVertexIndex+i)*m_tangentSpaceStride[mapId]],&vectorvectorTangentSpace[mapId][indice],sizeof(CalCoreSubmesh::TangentSpace));
data/cal3d-0.11.0/src/cal3d/hardwaremodel.cpp:789:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m_pWeightBuffer[(hardwareMesh.baseVertexIndex+i)*m_weightStride+l * sizeof(float) ], &vectorVertex[indice].vectorInfluence[l].weight ,sizeof(float));
data/cal3d-0.11.0/src/cal3d/hardwaremodel.cpp:790:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m_pMatrixIndexBuffer[(hardwareMesh.baseVertexIndex+i)*m_matrixIndexStride+l * sizeof(float) ], &newBoneId ,sizeof(float));
data/cal3d-0.11.0/src/cal3d/hardwaremodel.h:103:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * m_pTextureCoordBuffer[8];
data/cal3d-0.11.0/src/cal3d/hardwaremodel.h:106:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * m_pTangentSpaceBuffer[8];
data/cal3d-0.11.0/src/cal3d/loader.cpp:117:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(strFilename.c_str(), std::ios::in | std::ios::binary);
data/cal3d-0.11.0/src/cal3d/loader.cpp:160:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(strFilename.c_str(), std::ios::in | std::ios::binary);
data/cal3d-0.11.0/src/cal3d/loader.cpp:204:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(strFilename.c_str(), std::ios::in | std::ios::binary);
data/cal3d-0.11.0/src/cal3d/loader.cpp:409:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[4];
data/cal3d-0.11.0/src/cal3d/loader.cpp:494:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[4];
data/cal3d-0.11.0/src/cal3d/loader.cpp:604:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[4];
data/cal3d-0.11.0/src/cal3d/loader.cpp:668:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[4];
data/cal3d-0.11.0/src/cal3d/loader.cpp:1344:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(skeleton->Attribute("VERSION")) < Cal::EARLIEST_COMPATIBLE_FILE_VERSION )
data/cal3d-0.11.0/src/cal3d/loader.cpp:1365:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(skeleton->Attribute("VERSION")!=NULL && atoi(skeleton->Attribute("VERSION")) < Cal::EARLIEST_COMPATIBLE_FILE_VERSION )
data/cal3d-0.11.0/src/cal3d/loader.cpp:1525:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
parentId = atoi(parentid->Value());
data/cal3d-0.11.0/src/cal3d/loader.cpp:1587:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int childId = atoi(childid->Value());
data/cal3d-0.11.0/src/cal3d/loader.cpp:1647:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(animation->Attribute("VERSION")) < Cal::EARLIEST_COMPATIBLE_FILE_VERSION )
data/cal3d-0.11.0/src/cal3d/loader.cpp:1668:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(animation->Attribute("VERSION")!=NULL && atoi(animation->Attribute("VERSION")) < Cal::EARLIEST_COMPATIBLE_FILE_VERSION )
data/cal3d-0.11.0/src/cal3d/loader.cpp:1674:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int trackCount= atoi(animation->Attribute("NUMTRACKS"));
data/cal3d-0.11.0/src/cal3d/loader.cpp:1723:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int coreBoneId = atoi(track->Attribute("BONEID"));
data/cal3d-0.11.0/src/cal3d/loader.cpp:1729:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int keyframeCount= atoi(track->Attribute("NUMKEYFRAMES"));
data/cal3d-0.11.0/src/cal3d/loader.cpp:1894:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(mesh->Attribute("VERSION")) < Cal::EARLIEST_COMPATIBLE_FILE_VERSION )
data/cal3d-0.11.0/src/cal3d/loader.cpp:1914:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(mesh->Attribute("VERSION")!=NULL && atoi(mesh->Attribute("VERSION")) < Cal::EARLIEST_COMPATIBLE_FILE_VERSION )
data/cal3d-0.11.0/src/cal3d/loader.cpp:1921:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int submeshCount = atoi(mesh->Attribute("NUMSUBMESH"));
data/cal3d-0.11.0/src/cal3d/loader.cpp:1944:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int coreMaterialThreadId = atoi(submesh->Attribute("MATERIAL"));
data/cal3d-0.11.0/src/cal3d/loader.cpp:1947:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int vertexCount = atoi(submesh->Attribute("NUMVERTICES"));
data/cal3d-0.11.0/src/cal3d/loader.cpp:1949:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int faceCount = atoi(submesh->Attribute("NUMFACES"));
data/cal3d-0.11.0/src/cal3d/loader.cpp:1951:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int lodCount = atoi(submesh->Attribute("NUMLODSTEPS"));
data/cal3d-0.11.0/src/cal3d/loader.cpp:1953:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int springCount = atoi(submesh->Attribute("NUMSPRINGS"));
data/cal3d-0.11.0/src/cal3d/loader.cpp:1955:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int textureCoordinateCount = atoi(submesh->Attribute("NUMTEXCOORDS"));
data/cal3d-0.11.0/src/cal3d/loader.cpp:2063:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Vertex.collapseId = atoi(collapseid->Value());
data/cal3d-0.11.0/src/cal3d/loader.cpp:2087:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Vertex.faceCollapseCount= atoi(collapseCountdata->Value());
data/cal3d-0.11.0/src/cal3d/loader.cpp:2141:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int influenceCount= atoi(vertex->Attribute("NUMINFLUENCES"));
data/cal3d-0.11.0/src/cal3d/loader.cpp:2182:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Vertex.vectorInfluence[influenceId].boneId = atoi(influence->Attribute("ID"));
data/cal3d-0.11.0/src/cal3d/loader.cpp:2350:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(material->Attribute("VERSION")) < Cal::EARLIEST_COMPATIBLE_FILE_VERSION )
data/cal3d-0.11.0/src/cal3d/loader.cpp:2371:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(material->Attribute("VERSION") != NULL && atoi(material->Attribute("VERSION")) < Cal::EARLIEST_COMPATIBLE_FILE_VERSION )
data/cal3d-0.11.0/src/cal3d/platform.cpp:177:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pBuffer, input, length );
data/cal3d-0.11.0/src/cal3d/platform.cpp:199:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*)&value, (void*)input, 4 );
data/cal3d-0.11.0/src/cal3d/platform.cpp:229:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*)&value, (void*)input, 4 );
data/cal3d-0.11.0/src/cal3d/platform.cpp:261:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*)&length, (void*)input, 4 );
data/cal3d-0.11.0/src/cal3d/platform.cpp:278:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*)strBuffer, (char*)input+4, length );
data/cal3d-0.11.0/src/cal3d/renderer.cpp:309:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTangentSpaceBuffer, &vectorTangentSpace[0], tangentSpaceCount * sizeof(CalCoreSubmesh::TangentSpace));
data/cal3d-0.11.0/src/cal3d/renderer.cpp:316:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pBuffer[0], &vectorTangentSpace[i], sizeof(CalCoreSubmesh::TangentSpace));
data/cal3d-0.11.0/src/cal3d/renderer.cpp:356:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNormalBuffer, &vectorNormal[0], normalCount * sizeof(CalVector));
data/cal3d-0.11.0/src/cal3d/renderer.cpp:363:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pBuffer[0], &vectorNormal[i], sizeof(CalVector));
data/cal3d-0.11.0/src/cal3d/renderer.cpp:490:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTextureCoordinateBuffer, &vectorvectorTextureCoordinate[mapId][0], textureCoordinateCount * sizeof(CalCoreSubmesh::TextureCoordinate));
data/cal3d-0.11.0/src/cal3d/renderer.cpp:497:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pBuffer[0], &vectorvectorTextureCoordinate[mapId][i], sizeof(CalCoreSubmesh::TextureCoordinate));
data/cal3d-0.11.0/src/cal3d/renderer.cpp:559:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pVertexBuffer, &vectorVertex[0], vertexCount * sizeof(CalVector));
data/cal3d-0.11.0/src/cal3d/renderer.cpp:566:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pBuffer[0], &vectorVertex[i], sizeof(CalVector));
data/cal3d-0.11.0/src/cal3d/renderer.cpp:614:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pBuffer[0], &vectorVertex[i], sizeof(CalVector));
data/cal3d-0.11.0/src/cal3d/renderer.cpp:615:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pBuffer[sizeof(CalVector)], &vectorNormal[i], sizeof(CalVector));
data/cal3d-0.11.0/src/cal3d/renderer.cpp:673:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pVertexBuffer[0], &vectorVertex[vertexId], sizeof(CalVector));
data/cal3d-0.11.0/src/cal3d/renderer.cpp:674:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pVertexBuffer[3], &vectorNormal[vertexId], sizeof(CalVector));
data/cal3d-0.11.0/src/cal3d/renderer.cpp:684:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pVertexBuffer[0], &vectorVertex[vertexId], sizeof(CalVector));
data/cal3d-0.11.0/src/cal3d/renderer.cpp:685:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pVertexBuffer[3], &vectorNormal[vertexId], sizeof(CalVector));
data/cal3d-0.11.0/src/cal3d/renderer.cpp:686:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pVertexBuffer[6], &vectorvectorTextureCoordinate[0][vertexId], sizeof(CalCoreSubmesh::TextureCoordinate));
data/cal3d-0.11.0/src/cal3d/renderer.cpp:694:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pVertexBuffer[0], &vectorVertex[vertexId], sizeof(CalVector));
data/cal3d-0.11.0/src/cal3d/renderer.cpp:695:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pVertexBuffer[3], &vectorNormal[vertexId], sizeof(CalVector));
data/cal3d-0.11.0/src/cal3d/renderer.cpp:699:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pVertexBuffer[0], &vectorvectorTextureCoordinate[mapId][vertexId], sizeof(CalCoreSubmesh::TextureCoordinate));
data/cal3d-0.11.0/src/cal3d/saver.cpp:58:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(strFilename.c_str(), std::ios::out | std::ios::binary);
data/cal3d-0.11.0/src/cal3d/saver.cpp:273:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(strFilename.c_str(), std::ios::out | std::ios::binary);
data/cal3d-0.11.0/src/cal3d/saver.cpp:371:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(strFilename.c_str(), std::ios::out | std::ios::binary);
data/cal3d-0.11.0/src/cal3d/saver.cpp:443:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(strFilename.c_str(), std::ios::out | std::ios::binary);
data/cal3d-0.11.0/src/cal3d/submesh.cpp:142:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pFaceBuffer, &m_vectorFace[0], m_faceCount * sizeof(Face));
data/cal3d-0.11.0/src/cal3d/tinyxml.cpp:97:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 32 ];
data/cal3d-0.11.0/src/cal3d/tinyxml.cpp:98:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf, "&#x%02X;", (unsigned) ( c & 0xff ) );
data/cal3d-0.11.0/src/cal3d/tinyxml.cpp:489:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*i = atoi( s );
data/cal3d-0.11.0/src/cal3d/tinyxml.cpp:533:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/cal3d-0.11.0/src/cal3d/tinyxml.cpp:534:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf, "%d", val );
data/cal3d-0.11.0/src/cal3d/tinyxml.cpp:719:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* file = fopen( value.c_str (), "r" );
data/cal3d-0.11.0/src/cal3d/tinyxml.cpp:742:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/cal3d-0.11.0/src/cal3d/tinyxml.cpp:764:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen( filename, "w" );
data/cal3d-0.11.0/src/cal3d/tinyxml.cpp:888:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [64];
data/cal3d-0.11.0/src/cal3d/tinyxml.cpp:889:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", _value);
data/cal3d-0.11.0/src/cal3d/tinyxml.cpp:895:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [64];
data/cal3d-0.11.0/src/cal3d/tinyxml.cpp:896:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%lf", _value);
data/cal3d-0.11.0/src/cal3d/tinyxml.cpp:902:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi (value.c_str ());
data/cal3d-0.11.0/src/cal3d/platform.cpp:59:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
input.read((char *)pBuffer, length);
data/cal3d-0.11.0/src/cal3d/platform.cpp:79:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
input.read((char *)&value, 4);
data/cal3d-0.11.0/src/cal3d/platform.cpp:107:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
input.read((char *)&value, 4);
data/cal3d-0.11.0/src/cal3d/platform.cpp:137:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
input.read((char *)&length, 4);
data/cal3d-0.11.0/src/cal3d/platform.cpp:152:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
input.read(strBuffer, length);
data/cal3d-0.11.0/src/cal3d/tinyxml.cpp:99:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outString->append( buf, strlen( buf ) );
data/cal3d-0.11.0/src/cal3d/tinyxmlparser.cpp:267:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( strlen( entity[i].str ) == entity[i].strLength );
data/cal3d-0.11.0/src/cal3d/tinyxmlparser.cpp:378:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return p + strlen( endTag );
data/cal3d-0.11.0/src/cal3d/tinyxmlparser.cpp:968:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen( startTag );
ANALYSIS SUMMARY:
Hits = 99
Lines analyzed = 26296 in approximately 0.69 seconds (37908 lines/second)
Physical Source Lines of Code (SLOC) = 13606
Hits@level = [0] 25 [1] 9 [2] 88 [3] 0 [4] 2 [5] 0
Hits@level+ = [0+] 124 [1+] 99 [2+] 90 [3+] 2 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 9.11363 [1+] 7.2762 [2+] 6.61473 [3+] 0.146994 [4+] 0.146994 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.