Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/fractalnow-0.8.2/gui/include/fractal_explorer.h
Examining data/fractalnow-0.8.2/gui/include/task_progress_dialog.h
Examining data/fractalnow-0.8.2/gui/include/mpfr_spin_box.h
Examining data/fractalnow-0.8.2/gui/include/hoverpoints.h
Examining data/fractalnow-0.8.2/gui/include/shade_widget.h
Examining data/fractalnow-0.8.2/gui/include/gradient_editor.h
Examining data/fractalnow-0.8.2/gui/include/main.h
Examining data/fractalnow-0.8.2/gui/include/command_line.h
Examining data/fractalnow-0.8.2/gui/include/gradient_box.h
Examining data/fractalnow-0.8.2/gui/include/fractal_rendering_widget.h
Examining data/fractalnow-0.8.2/gui/include/gradient_dialog.h
Examining data/fractalnow-0.8.2/gui/include/help.h
Examining data/fractalnow-0.8.2/gui/include/export_fractal_image_dialog.h
Examining data/fractalnow-0.8.2/gui/include/fractal_config_widget.h
Examining data/fractalnow-0.8.2/gui/include/gradient_label.h
Examining data/fractalnow-0.8.2/gui/include/color_button.h
Examining data/fractalnow-0.8.2/gui/include/main_window.h
Examining data/fractalnow-0.8.2/gui/src/task_progress_dialog.cpp
Examining data/fractalnow-0.8.2/gui/src/export_fractal_image_dialog.cpp
Examining data/fractalnow-0.8.2/gui/src/main.cpp
Examining data/fractalnow-0.8.2/gui/src/help.cpp
Examining data/fractalnow-0.8.2/gui/src/gradient_label.cpp
Examining data/fractalnow-0.8.2/gui/src/fractal_rendering_widget.cpp
Examining data/fractalnow-0.8.2/gui/src/fractal_explorer.cpp
Examining data/fractalnow-0.8.2/gui/src/gradient_box.cpp
Examining data/fractalnow-0.8.2/gui/src/main_window.cpp
Examining data/fractalnow-0.8.2/gui/src/color_button.cpp
Examining data/fractalnow-0.8.2/gui/src/command_line.cpp
Examining data/fractalnow-0.8.2/gui/src/fractal_config_widget.cpp
Examining data/fractalnow-0.8.2/gui/src/shade_widget.cpp
Examining data/fractalnow-0.8.2/gui/src/mpfr_spin_box.cpp
Examining data/fractalnow-0.8.2/gui/src/gradient_editor.cpp
Examining data/fractalnow-0.8.2/gui/src/gradient_dialog.cpp
Examining data/fractalnow-0.8.2/gui/src/hoverpoints.cpp
Examining data/fractalnow-0.8.2/lib/include/macro_build_floats.h
Examining data/fractalnow-0.8.2/lib/include/fractalnow.h
Examining data/fractalnow-0.8.2/lib/include/fractal.h
Examining data/fractalnow-0.8.2/lib/include/fractal_rendering_parameters.h
Examining data/fractalnow-0.8.2/lib/include/file_io.h
Examining data/fractalnow-0.8.2/lib/include/fractal_cache.h
Examining data/fractalnow-0.8.2/lib/include/float_precision.h
Examining data/fractalnow-0.8.2/lib/include/image.h
Examining data/fractalnow-0.8.2/lib/include/misc.h
Examining data/fractalnow-0.8.2/lib/include/fractal_iteration_count.h
Examining data/fractalnow-0.8.2/lib/include/color.h
Examining data/fractalnow-0.8.2/lib/include/fractal_config.h
Examining data/fractalnow-0.8.2/lib/include/fractal_compute_engine.h
Examining data/fractalnow-0.8.2/lib/include/fractal_coloring.h
Examining data/fractalnow-0.8.2/lib/include/error.h
Examining data/fractalnow-0.8.2/lib/include/fractal_formula.h
Examining data/fractalnow-0.8.2/lib/include/task.h
Examining data/fractalnow-0.8.2/lib/include/fractal_transfer_function.h
Examining data/fractalnow-0.8.2/lib/include/complex_wrapper.h
Examining data/fractalnow-0.8.2/lib/include/c99_complex_wrapper.h
Examining data/fractalnow-0.8.2/lib/include/filter.h
Examining data/fractalnow-0.8.2/lib/include/builtin_complex.h
Examining data/fractalnow-0.8.2/lib/include/macro_build_fractals.h
Examining data/fractalnow-0.8.2/lib/include/gradient.h
Examining data/fractalnow-0.8.2/lib/include/ppm.h
Examining data/fractalnow-0.8.2/lib/include/thread.h
Examining data/fractalnow-0.8.2/lib/include/fractal_addend_function.h
Examining data/fractalnow-0.8.2/lib/include/uirectangle.h
Examining data/fractalnow-0.8.2/lib/src/fractalnow.c
Examining data/fractalnow-0.8.2/lib/src/fractal.c
Examining data/fractalnow-0.8.2/lib/src/filter.c
Examining data/fractalnow-0.8.2/lib/src/ppm.c
Examining data/fractalnow-0.8.2/lib/src/error.c
Examining data/fractalnow-0.8.2/lib/src/task.c
Examining data/fractalnow-0.8.2/lib/src/fractal_rendering_parameters.c
Examining data/fractalnow-0.8.2/lib/src/fractal_addend_function.c
Examining data/fractalnow-0.8.2/lib/src/misc.c
Examining data/fractalnow-0.8.2/lib/src/c99_complex_wrapper.c
Examining data/fractalnow-0.8.2/lib/src/file_io.c
Examining data/fractalnow-0.8.2/lib/src/fractal_compute_engine.c
Examining data/fractalnow-0.8.2/lib/src/thread.c
Examining data/fractalnow-0.8.2/lib/src/fractal_transfer_function.c
Examining data/fractalnow-0.8.2/lib/src/fractal_coloring.c
Examining data/fractalnow-0.8.2/lib/src/float_precision.c
Examining data/fractalnow-0.8.2/lib/src/uirectangle.c
Examining data/fractalnow-0.8.2/lib/src/fractal_config.c
Examining data/fractalnow-0.8.2/lib/src/complex_wrapper.c
Examining data/fractalnow-0.8.2/lib/src/color.c
Examining data/fractalnow-0.8.2/lib/src/image.c
Examining data/fractalnow-0.8.2/lib/src/gradient.c
Examining data/fractalnow-0.8.2/lib/src/builtin_complex.c
Examining data/fractalnow-0.8.2/lib/src/fractal_formula.c
Examining data/fractalnow-0.8.2/lib/src/fractal_iteration_count.c
Examining data/fractalnow-0.8.2/lib/src/fractal_cache.c
Examining data/fractalnow-0.8.2/command-line/include/anti_aliasing.h
Examining data/fractalnow-0.8.2/command-line/include/command_line.h
Examining data/fractalnow-0.8.2/command-line/include/help.h
Examining data/fractalnow-0.8.2/command-line/src/command_line.c
Examining data/fractalnow-0.8.2/command-line/src/anti_aliasing.c
Examining data/fractalnow-0.8.2/command-line/src/main.c
Examining data/fractalnow-0.8.2/command-line/src/help.c
FINAL RESULTS:
data/fractalnow-0.8.2/command-line/src/anti_aliasing.c:50:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(AAMStr, str);
data/fractalnow-0.8.2/command-line/src/command_line.c:116:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(optarg, "%"SCNd64, &tmp) < 1) {
data/fractalnow-0.8.2/command-line/src/command_line.c:129:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(optarg, "%"SCNd64, &tmp) < 1) {
data/fractalnow-0.8.2/command-line/src/command_line.c:171:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(optarg, "%"SCNd64, &tmp) < 1) {
data/fractalnow-0.8.2/command-line/src/command_line.c:182:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(optarg, "%"SCNd64, &tmp) < 1) {
data/fractalnow-0.8.2/lib/include/error.h:108:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(output, __VA_ARGS__); \
data/fractalnow-0.8.2/lib/src/file_io.c:33:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
return fscanf(file, "%s", dst);
data/fractalnow-0.8.2/lib/src/file_io.c:41:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if ((res = fscanf(file,"%"SCNd64,&read)) < 1) {
data/fractalnow-0.8.2/lib/src/file_io.c:89:14: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if ((res = fscanf(file,"%"SCNx32,&color32)) < 1) {
data/fractalnow-0.8.2/lib/src/file_io.c:95:14: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if ((res = fscanf(file,"%"SCNx64,&color64)) < 1) {
data/fractalnow-0.8.2/lib/src/float_precision.c:60:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(FPStr, str);
data/fractalnow-0.8.2/lib/src/fractal.c:339:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(formatStr, format);
data/fractalnow-0.8.2/lib/src/fractal.c:437:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(formatStr, format);
data/fractalnow-0.8.2/lib/src/fractal_addend_function.c:49:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(AFStr, str);
data/fractalnow-0.8.2/lib/src/fractal_coloring.c:47:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(CMStr, str);
data/fractalnow-0.8.2/lib/src/fractal_coloring.c:88:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(IMStr, str);
data/fractalnow-0.8.2/lib/src/fractal_config.c:101:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(formatStr, format);
data/fractalnow-0.8.2/lib/src/fractal_config.c:219:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(formatStr, format);
data/fractalnow-0.8.2/lib/src/fractal_formula.c:62:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(FFStr, str);
data/fractalnow-0.8.2/lib/src/fractal_iteration_count.c:50:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ICStr, str);
data/fractalnow-0.8.2/lib/src/fractal_rendering_parameters.c:204:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(formatStr, format);
data/fractalnow-0.8.2/lib/src/fractal_rendering_parameters.c:358:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(formatStr, format);
data/fractalnow-0.8.2/lib/src/fractal_transfer_function.c:103:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(TFStr, str);
data/fractalnow-0.8.2/lib/src/gradient.c:239:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(formatStr, format);
data/fractalnow-0.8.2/lib/src/gradient.c:368:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(formatStr, format);
data/fractalnow-0.8.2/lib/src/task.c:105:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(res->message, message);
data/fractalnow-0.8.2/command-line/src/command_line.c:69:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((o = getopt(argc, argv, "hqvda:c:f:g:i:j:l:L:o:p:r:s:t:x:y:")) != -1) {
data/fractalnow-0.8.2/gui/src/command_line.cpp:67:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((o = getopt(argc, argv, "hvda:f:i:j:l:L:m:nM:r:x:y:t:c:g:r:p:q")) != -1) {
data/fractalnow-0.8.2/command-line/src/anti_aliasing.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AAMStr[256];
data/fractalnow-0.8.2/command-line/src/command_line.c:33:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((file = fopen(fileName,"r")) != NULL) {
data/fractalnow-0.8.2/gui/src/color_button.cpp:55:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
colorDialog->open(this, SLOT(setCurrentColor(QColor)));
data/fractalnow-0.8.2/gui/src/command_line.cpp:34:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((file = fopen(fileName,"r")) != NULL) {
data/fractalnow-0.8.2/gui/src/mpfr_spin_box.cpp:232:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE *tmp = tmpfile();
data/fractalnow-0.8.2/gui/src/mpfr_spin_box.cpp:250:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE *tmp = tmpfile();
data/fractalnow-0.8.2/lib/src/filter.c:80:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, filter->data, filter->sx*filter->sy*sizeof(double));
data/fractalnow-0.8.2/lib/src/float_precision.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FPStr[256];
data/fractalnow-0.8.2/lib/src/fractal.c:198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[6][256];
data/fractalnow-0.8.2/lib/src/fractal.c:338:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatStr[5];
data/fractalnow-0.8.2/lib/src/fractal.c:358:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file=fopen(fileName,"r");
data/fractalnow-0.8.2/lib/src/fractal.c:363:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatStr[256];
data/fractalnow-0.8.2/lib/src/fractal.c:406:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file=fopen(fileName,"r");
data/fractalnow-0.8.2/lib/src/fractal.c:411:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatStr[256];
data/fractalnow-0.8.2/lib/src/fractal.c:436:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatStr[5];
data/fractalnow-0.8.2/lib/src/fractal.c:571:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file=fopen(fileName,"w");
data/fractalnow-0.8.2/lib/src/fractal_addend_function.c:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AFStr[256];
data/fractalnow-0.8.2/lib/src/fractal_coloring.c:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CMStr[256];
data/fractalnow-0.8.2/lib/src/fractal_coloring.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char IMStr[256];
data/fractalnow-0.8.2/lib/src/fractal_config.c:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatStr[5];
data/fractalnow-0.8.2/lib/src/fractal_config.c:120:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file=fopen(fileName,"r");
data/fractalnow-0.8.2/lib/src/fractal_config.c:125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatStr[256];
data/fractalnow-0.8.2/lib/src/fractal_config.c:170:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file=fopen(fileName,"r");
data/fractalnow-0.8.2/lib/src/fractal_config.c:175:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatStr[256];
data/fractalnow-0.8.2/lib/src/fractal_config.c:218:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatStr[5];
data/fractalnow-0.8.2/lib/src/fractal_config.c:260:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file=fopen(fileName,"w");
data/fractalnow-0.8.2/lib/src/fractal_formula.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FFStr[256];
data/fractalnow-0.8.2/lib/src/fractal_iteration_count.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ICStr[256];
data/fractalnow-0.8.2/lib/src/fractal_rendering_parameters.c:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/fractalnow-0.8.2/lib/src/fractal_rendering_parameters.c:203:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatStr[5];
data/fractalnow-0.8.2/lib/src/fractal_rendering_parameters.c:223:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file=fopen(fileName,"r");
data/fractalnow-0.8.2/lib/src/fractal_rendering_parameters.c:228:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatStr[256];
data/fractalnow-0.8.2/lib/src/fractal_rendering_parameters.c:273:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file=fopen(fileName,"r");
data/fractalnow-0.8.2/lib/src/fractal_rendering_parameters.c:278:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatStr[256];
data/fractalnow-0.8.2/lib/src/fractal_rendering_parameters.c:357:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatStr[5];
data/fractalnow-0.8.2/lib/src/fractal_rendering_parameters.c:399:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file=fopen(fileName,"w");
data/fractalnow-0.8.2/lib/src/fractal_transfer_function.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TFStr[256];
data/fractalnow-0.8.2/lib/src/gradient.c:78:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gradient->positionStop, positionStop, nbStops*sizeof(double));
data/fractalnow-0.8.2/lib/src/gradient.c:80:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gradient->colorStop, colorStop, nbStops*sizeof(Color));
data/fractalnow-0.8.2/lib/src/gradient.c:122:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res.data, gradient->data, gradient->size*sizeof(Color));
data/fractalnow-0.8.2/lib/src/gradient.c:125:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res.positionStop, gradient->positionStop, gradient->nbStops*sizeof(double));
data/fractalnow-0.8.2/lib/src/gradient.c:127:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res.colorStop, gradient->colorStop, gradient->nbStops*sizeof(Color));
data/fractalnow-0.8.2/lib/src/gradient.c:238:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatStr[5];
data/fractalnow-0.8.2/lib/src/gradient.c:258:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file=fopen(fileName,"r");
data/fractalnow-0.8.2/lib/src/gradient.c:263:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatStr[256];
data/fractalnow-0.8.2/lib/src/gradient.c:307:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file=fopen(fileName,"r");
data/fractalnow-0.8.2/lib/src/gradient.c:312:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatStr[256];
data/fractalnow-0.8.2/lib/src/gradient.c:367:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatStr[5];
data/fractalnow-0.8.2/lib/src/gradient.c:408:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file=fopen(fileName,"w");
data/fractalnow-0.8.2/lib/src/image.c:69:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res.data, image->data, image->width*image->height*4*image->bytesPerComponent);
data/fractalnow-0.8.2/lib/src/ppm.c:30:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(fileName,"wb");
data/fractalnow-0.8.2/lib/src/ppm.c:58:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(fileName,"wb");
data/fractalnow-0.8.2/lib/src/task.c:120:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res->initialArgs, args, nbThreadsNeeded * s_elem);
data/fractalnow-0.8.2/lib/src/task.c:149:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res->subTasks, subTasks, nbSubTasks*sizeof(Task *));
data/fractalnow-0.8.2/command-line/src/anti_aliasing.c:44:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str);
data/fractalnow-0.8.2/lib/src/file_io.c:39:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int64_t read;
data/fractalnow-0.8.2/lib/src/file_io.c:41:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((res = fscanf(file,"%"SCNd64,&read)) < 1) {
data/fractalnow-0.8.2/lib/src/file_io.c:44:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read < 0) {
data/fractalnow-0.8.2/lib/src/file_io.c:48:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*dst = (uint32_t)read;
data/fractalnow-0.8.2/lib/src/float_precision.c:53:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str);
data/fractalnow-0.8.2/lib/src/fractal.c:333:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(format) != 4) {
data/fractalnow-0.8.2/lib/src/fractal.c:431:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(format) != 4) {
data/fractalnow-0.8.2/lib/src/fractal_addend_function.c:43:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str);
data/fractalnow-0.8.2/lib/src/fractal_coloring.c:41:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str);
data/fractalnow-0.8.2/lib/src/fractal_coloring.c:82:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str);
data/fractalnow-0.8.2/lib/src/fractal_config.c:95:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(format) != 4) {
data/fractalnow-0.8.2/lib/src/fractal_config.c:213:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(format) != 4) {
data/fractalnow-0.8.2/lib/src/fractal_formula.c:55:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str);
data/fractalnow-0.8.2/lib/src/fractal_iteration_count.c:44:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str);
data/fractalnow-0.8.2/lib/src/fractal_rendering_parameters.c:198:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(format) != 4) {
data/fractalnow-0.8.2/lib/src/fractal_rendering_parameters.c:352:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(format) != 4) {
data/fractalnow-0.8.2/lib/src/fractal_transfer_function.c:96:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str);
data/fractalnow-0.8.2/lib/src/gradient.c:233:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(format) != 4) {
data/fractalnow-0.8.2/lib/src/gradient.c:362:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(format) != 4) {
data/fractalnow-0.8.2/lib/src/task.c:104:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res->message = (char *)safeMalloc("message", (strlen(message)+1)*sizeof(char));
ANALYSIS SUMMARY:
Hits = 103
Lines analyzed = 20050 in approximately 0.62 seconds (32145 lines/second)
Physical Source Lines of Code (SLOC) = 12629
Hits@level = [0] 26 [1] 21 [2] 54 [3] 2 [4] 26 [5] 0
Hits@level+ = [0+] 129 [1+] 103 [2+] 82 [3+] 28 [4+] 26 [5+] 0
Hits/KSLOC@level+ = [0+] 10.2146 [1+] 8.15583 [2+] 6.49299 [3+] 2.21712 [4+] 2.05875 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.