Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/gl2ps-1.4.2+dfsg1/gl2psTest.c Examining data/gl2ps-1.4.2+dfsg1/gl2psTestSimple.c Examining data/gl2ps-1.4.2+dfsg1/gl2ps.h Examining data/gl2ps-1.4.2+dfsg1/gl2ps.c FINAL RESULTS: data/gl2ps-1.4.2+dfsg1/gl2ps.c:274:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, args); data/gl2ps-1.4.2+dfsg1/gl2ps.c:424:11: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. ret = vsprintf(buf, fmt, args); data/gl2ps-1.4.2+dfsg1/gl2ps.c:426:11: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. ret = vsnprintf(bufptr, bufsize, fmt, args); data/gl2ps-1.4.2+dfsg1/gl2ps.c:437:13: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. ret = vsnprintf(bufptr, bufsize, fmt, args); data/gl2ps-1.4.2+dfsg1/gl2ps.c:450:11: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. ret = vfprintf(gl2ps->stream, fmt, args); data/gl2ps-1.4.2+dfsg1/gl2ps.c:930:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(prim->data.text->str, str); data/gl2ps-1.4.2+dfsg1/gl2ps.c:932:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(prim->data.text->fontname, fontname); data/gl2ps-1.4.2+dfsg1/gl2ps.c:955:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(text->str, t->str); data/gl2ps-1.4.2+dfsg1/gl2ps.c:957:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(text->fontname, t->fontname); data/gl2ps-1.4.2+dfsg1/gl2ps.c:3349:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if(i <= 0) strcpy(name, gl2ps->filename); data/gl2ps-1.4.2+dfsg1/gl2ps.c:5340:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (lcap, "%s", "butt"); data/gl2ps-1.4.2+dfsg1/gl2ps.c:5343:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (lcap, "%s", "round"); data/gl2ps-1.4.2+dfsg1/gl2ps.c:5346:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (lcap, "%s", "square"); data/gl2ps-1.4.2+dfsg1/gl2ps.c:5351:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (ljoin, "%s", "miter"); data/gl2ps-1.4.2+dfsg1/gl2ps.c:5354:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (ljoin, "%s", "round"); data/gl2ps-1.4.2+dfsg1/gl2ps.c:5357:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (ljoin, "%s", "bevel"); data/gl2ps-1.4.2+dfsg1/gl2ps.c:6129:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(gl2ps->title, title); data/gl2ps-1.4.2+dfsg1/gl2ps.c:6138:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(gl2ps->producer, producer); data/gl2ps-1.4.2+dfsg1/gl2ps.c:6147:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(gl2ps->filename, filename); data/gl2ps-1.4.2+dfsg1/gl2psTest.c:511:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(file, filename); data/gl2ps-1.4.2+dfsg1/gl2psTest.c:513:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(file, extension); data/gl2ps-1.4.2+dfsg1/gl2psTest.c:580:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ext, gl2psGetFileExtension(format)); data/gl2ps-1.4.2+dfsg1/gl2ps.c:412:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[1024]; data/gl2ps-1.4.2+dfsg1/gl2ps.c:443:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gl2ps->compress->start + oldsize, bufptr, ret); data/gl2ps-1.4.2+dfsg1/gl2ps.c:461:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[10] = {'\x1f', '\x8b', /* magic numbers: 0x1f, 0x8b */ data/gl2ps-1.4.2+dfsg1/gl2ps.c:481:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[8]; data/gl2ps-1.4.2+dfsg1/gl2ps.c:575:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&list->array[(list->n - 1) * list->size], data, list->size); data/gl2ps-1.4.2+dfsg1/gl2ps.c:639:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, &list->array[index * list->size], list->size); data/gl2ps-1.4.2+dfsg1/gl2ps.c:642:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void gl2psEncodeBase64Block(unsigned char in[3], unsigned char out[4], int len) data/gl2ps-1.4.2+dfsg1/gl2ps.c:642:66: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void gl2psEncodeBase64Block(unsigned char in[3], unsigned char out[4], int len) data/gl2ps-1.4.2+dfsg1/gl2ps.c:655:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *buffer, in[3], out[4]; data/gl2ps-1.4.2+dfsg1/gl2ps.c:660:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, list->array, n * sizeof(unsigned char)); data/gl2ps-1.4.2+dfsg1/gl2ps.c:786:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(image->pixels, im->pixels, size); data/gl2ps-1.4.2+dfsg1/gl2ps.c:915:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prim->verts[0].rgba, color, 4 * sizeof(float)); data/gl2ps-1.4.2+dfsg1/gl2ps.c:1095:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prim->verts, p->verts, p->numverts * sizeof(GL2PSvertex)); data/gl2ps-1.4.2+dfsg1/gl2ps.c:2249:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prim->verts, verts, numverts * sizeof(GL2PSvertex)); data/gl2ps-1.4.2+dfsg1/gl2ps.c:2494:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(((char*)(node->image->pixels))[i + v]), &(current[2]), sizeoffloat); data/gl2ps-1.4.2+dfsg1/gl2ps.c:2496:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(((char*)(node->image->pixels))[i + v]), &(current[2]), vtot - i); data/gl2ps-1.4.2+dfsg1/gl2ps.c:3029:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[16]; data/gl2ps-1.4.2+dfsg1/gl2ps.c:3336:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/gl2ps-1.4.2+dfsg1/gl2ps.c:3352:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(name, "untitled"); data/gl2ps-1.4.2+dfsg1/gl2ps.c:5082:52: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void gl2psSVGGetColorString(GL2PSrgba rgba, char str[32]) data/gl2ps-1.4.2+dfsg1/gl2ps.c:5090:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "#%2.2x%2.2x%2.2x", rc, gc, bc); data/gl2ps-1.4.2+dfsg1/gl2ps.c:5096:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char col[32]; data/gl2ps-1.4.2+dfsg1/gl2ps.c:5151:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char col[32]; data/gl2ps-1.4.2+dfsg1/gl2ps.c:5286:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char col[32]; data/gl2ps-1.4.2+dfsg1/gl2ps.c:5287:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lcap[7], ljoin[7]; data/gl2ps-1.4.2+dfsg1/gl2ps.c:5468:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char col[32]; data/gl2ps-1.4.2+dfsg1/gl2ps.c:5974:41: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. GL2PSDLL_API GLint gl2psBeginPage(const char *title, const char *producer, data/gl2ps-1.4.2+dfsg1/gl2ps.c:5974:60: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. GL2PSDLL_API GLint gl2psBeginPage(const char *title, const char *producer, data/gl2ps-1.4.2+dfsg1/gl2ps.c:6109:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gl2ps->colormap, colormap, gl2ps->colorsize * sizeof(GL2PSrgba)); data/gl2ps-1.4.2+dfsg1/gl2ps.c:6375:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prim->data.image->pixels, pixels, size * sizeof(GLfloat)); data/gl2ps-1.4.2+dfsg1/gl2ps.c:6382:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prim->data.image->pixels, pixels, size * sizeof(GLfloat)); data/gl2ps-1.4.2+dfsg1/gl2ps.h:203:41: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. GL2PSDLL_API GLint gl2psBeginPage(const char *title, const char *producer, data/gl2ps-1.4.2+dfsg1/gl2ps.h:203:60: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. GL2PSDLL_API GLint gl2psBeginPage(const char *title, const char *producer, data/gl2ps-1.4.2+dfsg1/gl2psTest.c:507:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[256]; data/gl2ps-1.4.2+dfsg1/gl2psTest.c:520:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(file, "wb"); data/gl2ps-1.4.2+dfsg1/gl2psTest.c:548:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ext[32]; data/gl2ps-1.4.2+dfsg1/gl2psTest.c:604:51: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if(format == GL2PS_PS || format == GL2PS_EPS) strcat(ext, ".gz"); data/gl2ps-1.4.2+dfsg1/gl2psTestSimple.c:171:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen("out.eps", "wb"); data/gl2ps-1.4.2+dfsg1/gl2ps.c:929:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prim->data.text->str = (char*)gl2psMalloc((strlen(str)+1)*sizeof(char)); data/gl2ps-1.4.2+dfsg1/gl2ps.c:931:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prim->data.text->fontname = (char*)gl2psMalloc((strlen(fontname)+1)*sizeof(char)); data/gl2ps-1.4.2+dfsg1/gl2ps.c:954:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text->str = (char*)gl2psMalloc((strlen(t->str)+1)*sizeof(char)); data/gl2ps-1.4.2+dfsg1/gl2ps.c:956:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text->fontname = (char*)gl2psMalloc((strlen(t->fontname)+1)*sizeof(char)); data/gl2ps-1.4.2+dfsg1/gl2ps.c:3341:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(gl2ps->filename && strlen(gl2ps->filename) < 256){ data/gl2ps-1.4.2+dfsg1/gl2ps.c:3342:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i = (int)strlen(gl2ps->filename) - 1; i >= 0; i--){ data/gl2ps-1.4.2+dfsg1/gl2ps.c:3344:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, gl2ps->filename, i); data/gl2ps-1.4.2+dfsg1/gl2ps.c:4665:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ? (int)strlen("/TrSh sh\n") + (int)log10((double)childobj)+1 data/gl2ps-1.4.2+dfsg1/gl2ps.c:4666:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). : (int)strlen("/TrSh0 sh\n"); data/gl2ps-1.4.2+dfsg1/gl2ps.c:6128:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gl2ps->title = (char*)gl2psMalloc((strlen(title)+1)*sizeof(char)); data/gl2ps-1.4.2+dfsg1/gl2ps.c:6137:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gl2ps->producer = (char*)gl2psMalloc((strlen(producer)+1)*sizeof(char)); data/gl2ps-1.4.2+dfsg1/gl2ps.c:6146:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gl2ps->filename = (char*)gl2psMalloc((strlen(filename)+1)*sizeof(char)); data/gl2ps-1.4.2+dfsg1/gl2psTest.c:256:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(string); i++) data/gl2ps-1.4.2+dfsg1/gl2psTest.c:512:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(file, "."); data/gl2ps-1.4.2+dfsg1/gl2psTest.c:605:34: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. else if(format == GL2PS_SVG) strcat(ext, "z"); data/gl2ps-1.4.2+dfsg1/gl2psTestSimple.c:154:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(help); i++) ANALYSIS SUMMARY: Hits = 76 Lines analyzed = 7718 in approximately 0.23 seconds (33325 lines/second) Physical Source Lines of Code (SLOC) = 6269 Hits@level = [0] 120 [1] 16 [2] 38 [3] 0 [4] 22 [5] 0 Hits@level+ = [0+] 196 [1+] 76 [2+] 60 [3+] 22 [4+] 22 [5+] 0 Hits/KSLOC@level+ = [0+] 31.265 [1+] 12.1231 [2+] 9.5709 [3+] 3.50933 [4+] 3.50933 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.