Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/gocr-0.52/include/version.h Examining data/gocr-0.52/include/config.h Examining data/gocr-0.52/src/ocr0_dbg.h Examining data/gocr-0.52/src/amiga.h Examining data/gocr-0.52/src/barcode.c Examining data/gocr-0.52/src/barcode.h Examining data/gocr-0.52/src/box.c Examining data/gocr-0.52/src/database.c Examining data/gocr-0.52/src/detect.c Examining data/gocr-0.52/src/gocr.c Examining data/gocr-0.52/src/gocr.h Examining data/gocr-0.52/src/jconv.c Examining data/gocr-0.52/src/job.c Examining data/gocr-0.52/src/lines.c Examining data/gocr-0.52/src/list.c Examining data/gocr-0.52/src/list.h Examining data/gocr-0.52/src/ocr0.c Examining data/gocr-0.52/src/ocr0.h Examining data/gocr-0.52/src/ocr0n.c Examining data/gocr-0.52/src/ocr1.c Examining data/gocr-0.52/src/ocr1.h Examining data/gocr-0.52/src/otsu.c Examining data/gocr-0.52/src/otsu.h Examining data/gocr-0.52/src/output.c Examining data/gocr-0.52/src/output.h Examining data/gocr-0.52/src/pcx.c Examining data/gocr-0.52/src/pcx.h Examining data/gocr-0.52/src/pgm2asc.c Examining data/gocr-0.52/src/pgm2asc.h Examining data/gocr-0.52/src/pixel.c Examining data/gocr-0.52/src/pnm.c Examining data/gocr-0.52/src/pnm.h Examining data/gocr-0.52/src/progress.c Examining data/gocr-0.52/src/progress.h Examining data/gocr-0.52/src/remove.c Examining data/gocr-0.52/src/tga.c Examining data/gocr-0.52/src/tga.h Examining data/gocr-0.52/src/unicode.c Examining data/gocr-0.52/src/unicode.h Examining data/gocr-0.52/src/unicode_defs.h FINAL RESULTS: data/gocr-0.52/src/barcode.c:191:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(result,"<barcode type=\"128\" chars=\"%d\" code=\"%s\" " data/gocr-0.52/src/barcode.c:283:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(result,"<barcode type=\"UPC\" chars=\"%d\" code=\"%d%s\" " data/gocr-0.52/src/barcode.c:343:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(result, "<barcode type=\"UPC_addon\" chars=\"%d\" code=\"%s\" " data/gocr-0.52/src/barcode.c:467:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(result,"<barcode type=\"39\" chars=\"%d\" code=\"%s\" " data/gocr-0.52/src/barcode.c:588:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(result,"<barcode type=\"i25\" chars=\"%d\" code=\"%s\" crc=\"%c\"" data/gocr-0.52/src/barcode.c:709:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(result,"<barcode type=\"codabar\" chars=\"%d\" code=\"%s\"" data/gocr-0.52/src/barcode.c:1839:23: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. g_debug(fprintf(stderr,(((nbits/8)%interleave==0)?"\n# ":" "));) data/gocr-0.52/src/barcode.c:2056:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(code,"<barcode type=\"qrcode%d\" chars=\"%d\"" data/gocr-0.52/src/gocr.c:73:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, /* string length less than 509 bytes for ISO C89 */ data/gocr-0.52/src/gocr.c:82:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, /* string length less than 509 bytes for ISO C89 */ data/gocr-0.52/src/gocr.c:85:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, /* string length less than 509 bytes for ISO C89 */ data/gocr-0.52/src/gocr.c:145:8: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(version_string "-" release_string "\n"); exit(0);} data/gocr-0.52/src/gocr.c:231:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, "# compiled: " __DATE__ ); data/gocr-0.52/src/gocr.c:250:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, " version " __VERSION__ ); data/gocr-0.52/src/pgm2asc.c:86:10: [4] (buffer) wcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. wchar_t *wcscpy (wchar_t *dest, const wchar_t *src) { data/gocr-0.52/src/pgm2asc.c:98:3: [4] (buffer) wcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. wcscpy(copy, WS); data/gocr-0.52/src/pgm2asc.h:36:10: [4] (buffer) wcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. wchar_t *wcscpy (wchar_t *dest, const wchar_t *src); data/gocr-0.52/src/pnm.c:59:28: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define E0(x0) {EE();fprintf(stderr,x0 "\n"); } data/gocr-0.52/src/pnm.c:60:28: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define F0(x0) {EE();fprintf(stderr,x0 "\n"); exit(1);} data/gocr-0.52/src/pnm.c:61:28: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define F1(x0,x1) {EE();fprintf(stderr,x0 "\n",x1); exit(1);} data/gocr-0.52/src/pnm.c:170:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s \"%s\"", pip, name); /* allow spaces in filename */ data/gocr-0.52/src/pnm.c:180:7: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fp = popen(buf, "rb"); /* ToDo: may fail, please report */ data/gocr-0.52/src/pnm.c:181:16: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (!fp) fp = popen(buf, "r"); /* 2nd try, the gnu way */ data/gocr-0.52/src/pnm.c:183:14: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fp = popen(buf, "r"); data/gocr-0.52/src/pnm.c:313:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf,"%s \"%s\"",pip,name); /* ToDo: how to prevent OVL ? */ data/gocr-0.52/src/pnm.c:317:7: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. f1 = popen(buf, "rb"); /* ToDo: may fail, please report */ data/gocr-0.52/src/pnm.c:318:16: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (!f1) f1 = popen(buf, "r"); /* 2nd try, the gnu way */ data/gocr-0.52/src/pnm.c:320:12: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. f1=popen(buf,"r"); data/gocr-0.52/src/pnm.c:486:10: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. f1 = popen(buf, "w"); if(f1) f1t=1; else E0("popen pnmtopng"); data/gocr-0.52/src/pnm.c:493:10: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. f1 = popen(buf, "w"); if(f1) f1t=1; else E0("popen gzip -c"); data/gocr-0.52/src/barcode.c:57:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *code128[Num128+1]={ /* can be generated by an algorithm? */ data/gocr-0.52/src/barcode.c:217:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *codeUPC[NumUPC+1]={ /* 0..9, first n = SBSB, last n = BSBS */ data/gocr-0.52/src/barcode.c:635:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *buf, char27[8]="......"; data/gocr-0.52/src/barcode.c:1311:25: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. nout = sprintf(code+cpos,"&#%d;",dm_byte); data/gocr-0.52/src/barcode.c:1729:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char xx[5]=".o_@"; // 2018-09 was [4], no gcc but vc warning data/gocr-0.52/src/barcode.c:1769:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char xx[5]=".x _"; data/gocr-0.52/src/barcode.c:1869:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char qr_ecc[256]; // buffer for generated ecc data data/gocr-0.52/src/barcode.c:1968:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char crest[9+1]=" $%*+-./:"; data/gocr-0.52/src/box.c:67:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pixel_atp(b, 0, y), &pixel_atp(p, x0, y + y0 ), dx); data/gocr-0.52/src/box.c:100:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, inibox, sizeof(struct box)); data/gocr-0.52/src/box.c:105:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf->tas[i], inibox->tas[i], strlen(inibox->tas[i])+1); data/gocr-0.52/src/box.c:232:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmpbox, bbigger, sizeof(struct box)); data/gocr-0.52/src/box.c:238:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmpbox.frame_vector[i1], data/gocr-0.52/src/box.c:254:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(box1->num_frame_vectors, data/gocr-0.52/src/box.c:256:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(box1->frame_vol, data/gocr-0.52/src/box.c:258:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(box1->frame_per, data/gocr-0.52/src/box.c:260:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(box1->frame_vector, data/gocr-0.52/src/database.c:38:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s1[Blen+1], data/gocr-0.52/src/database.c:51:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f1 = fopen(s2, "r"); data/gocr-0.52/src/database.c:104:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s3,s1+i+1,j); data/gocr-0.52/src/database.c:141:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s2[Blen+1] = "./db/", s3[Blen+1]; data/gocr-0.52/src/database.c:159:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s3,"db_%04x_%08lx.pbm", c_out, (unsigned long)time(NULL)); data/gocr-0.52/src/database.c:163:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f1 = fopen(s2, "a"); data/gocr-0.52/src/database.c:353:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[200]; /* Oct08 JS: add unsigned to avoid UTF problems */ data/gocr-0.52/src/gocr.c:193:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). job->cfg.dust_size = atoi(s1); break; data/gocr-0.52/src/gocr.c:195:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). job->cfg.cs = atoi(s1); break; data/gocr-0.52/src/gocr.c:197:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). job->cfg.spc = atoi(s1); break; data/gocr-0.52/src/gocr.c:199:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). job->cfg.verbose |= atoi(s1); break; data/gocr-0.52/src/gocr.c:201:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). job->cfg.mode |= atoi(s1); break; data/gocr-0.52/src/gocr.c:203:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). job->cfg.only_numbers = atoi(s1); break; data/gocr-0.52/src/gocr.c:207:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). job->cfg.certainty = atoi(s1); break; data/gocr-0.52/src/gocr.h:100:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t tac[NumAlt]; /* alternative chars, only used by setac(),getac() */ data/gocr-0.52/src/gocr.h:102:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tas[NumAlt]; /* alternative UTF8-strings or XML codes if tac[]=0 */ data/gocr-0.52/src/jconv.c:63:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ox = atoi(argv[i++]); data/gocr-0.52/src/jconv.c:64:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). oy = atoi(argv[i++]); data/gocr-0.52/src/jconv.c:65:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dx = atoi(argv[i++]); data/gocr-0.52/src/jconv.c:66:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dy = atoi(argv[i++]); data/gocr-0.52/src/lines.c:77:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp,s1,alen+1); // copy including end sign '\0' data/gocr-0.52/src/lines.c:193:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s1[255]; /* ToDo: avoid potential buffer overflow !!! */ data/gocr-0.52/src/lines.c:195:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s1,"<page x=\"%d\" y=\"%d\" dx=\"%d\" dy=\"%d\">\n", data/gocr-0.52/src/lines.c:198:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s1,"<block x=\"%d\" y=\"%d\" dx=\"%d\" dy=\"%d\">\n", data/gocr-0.52/src/lines.c:217:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s1[255]; /* ToDo: avoid potential buffer overflow !!! */ data/gocr-0.52/src/lines.c:219:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s1,"<line x=\"%d\" y=\"%d\" dx=\"%d\" dy=\"%d\" value=\"%d\">\n", data/gocr-0.52/src/lines.c:250:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s1[255]; /* ToDo: avoid potential buffer overflow !!! */ data/gocr-0.52/src/lines.c:252:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s1," <space x=\"%d\" y=\"%d\" dx=\"%d\" dy=\"%d\" />\n", data/gocr-0.52/src/lines.c:273:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s1[255]; /* ToDo: avoid potential buffer overflow !!! */ data/gocr-0.52/src/lines.c:275:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s1," <space x=\"%d\" y=\"%d\" dx=\"%d\" dy=\"%d\" />\n", data/gocr-0.52/src/lines.c:285:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s1[255]; /* ToDo: avoid potential buffer overflow !!! */ data/gocr-0.52/src/lines.c:287:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s1," <box x=\"%d\" y=\"%d\" dx=\"%d\" dy=\"%d\" value=\"", data/gocr-0.52/src/lines.c:317:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int i1; char s1[256]; data/gocr-0.52/src/lines.c:318:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s1,"\" numac=\"%d\" weights=\"",box2->num_ac); data/gocr-0.52/src/lines.c:321:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s1,"%d",box2->wac[i1]); data/gocr-0.52/src/pcx.c:43:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *pic,h[128],bb,b1,b2,b3; data/gocr-0.52/src/pcx.c:46:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f1=fopen(name,"rb"); if(!f1) ERR("open"); data/gocr-0.52/src/pcx.c:102:38: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /*FIXME jb static*/static unsigned char *pic, h[54+4*256]; data/gocr-0.52/src/pcx.c:141:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f1=fopen(name,"wb"); if(!f1) fprintf(stderr," error opening file\n"); data/gocr-0.52/src/pgm2asc.c:368:20: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (b->tas[i]) memcpy(b->tas[i],as,strlen(as)+1); data/gocr-0.52/src/pgm2asc.c:1923:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *(join_reason)[5]={"no", "\"A\"Uij%%", "!?;%%", "=:;", "'',,"}; data/gocr-0.52/src/pgm2asc.c:2383:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t ci[8], // split max. 8 chars data/gocr-0.52/src/pgm2asc.c:2438:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char buf[8]=""; setac(&boxb,ci[i],a2[i]=99); data/gocr-0.52/src/pgm2asc.c:2475:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]=""; // end == \0 data/gocr-0.52/src/pixel.c:75:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char filt3[Nfilt3][9]={ data/gocr-0.52/src/pixel.c:147:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char c33[9]; data/gocr-0.52/src/pixel.c:225:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char num_table[NUM_TABLE_SIZE]; data/gocr-0.52/src/pixel.c:317:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tree[TREE_ARRAY_SIZE]; data/gocr-0.52/src/pnm.c:164:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(name, "rb"); data/gocr-0.52/src/pnm.c:299:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/gocr-0.52/src/pnm.c:311:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f1=fopen(name,"rb"); if (!f1) F1("opening file %s",name); data/gocr-0.52/src/pnm.c:444:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f1=fopen(nam,"wb");if(!f1)F0("open"); // open-error data/gocr-0.52/src/pnm.c:458:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void addrgb(unsigned char rgb[3], int sr, int sg, int sb) { data/gocr-0.52/src/pnm.c:475:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. FILE *f1=NULL; int x,y,f1t=0; unsigned char rgb[3], gray, bits; data/gocr-0.52/src/pnm.c:476:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/gocr-0.52/src/pnm.c:478:32: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (strstr(nam,".ppm")) { f1=fopen(nam,"wb"); } data/gocr-0.52/src/pnm.c:499:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f1=fopen(buf,"wb"); data/gocr-0.52/src/pnm.c:542:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f1=fopen(nam,"wb");if(!f1)F0("open"); // open-error data/gocr-0.52/src/progress.c:14:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fd=atoi(fname); data/gocr-0.52/src/progress.c:20:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else { fp=fopen(fname,"w");if(!fp)fp=fopen(fname,"a"); } data/gocr-0.52/src/progress.c:20:42: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else { fp=fopen(fname,"w");if(!fp)fp=fopen(fname,"a"); } data/gocr-0.52/src/tga.c:47:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *pic,h[18]; data/gocr-0.52/src/tga.c:49:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f1=fopen(name,"rb"); if(!f1) fprintf(stderr," error opening file\n"); data/gocr-0.52/src/unicode.c:414:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /*FIXME jb static*/ static char bbuf[8*32]; /* space for 8 buffers, rotating */ data/gocr-0.52/src/unicode.c:495:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"\\code(%04x)",(unsigned)c); data/gocr-0.52/src/unicode.c:952:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"\\symbol{%u}",(unsigned)c); data/gocr-0.52/src/unicode.c:1202:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"&#%u;",(unsigned)c); data/gocr-0.52/src/unicode.c:1237:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"&#x%03x;",(unsigned)c); data/gocr-0.52/src/unicode.c:1244:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"&#%u;",(unsigned)c); data/gocr-0.52/src/unicode.c:1262:25: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if ((unsigned)c>255) sprintf(buf,"(0x%04x)",(unsigned)c); data/gocr-0.52/src/unicode.c:1263:25: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf(buf,"(0x%02x)",(unsigned)c); data/gocr-0.52/src/barcode.c:1058:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. if(code) strncpy(code,"<barcode type=\"unknown\" />",128); data/gocr-0.52/src/barcode.c:1244:10: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(code,"<barcode type=\"datamatrix ecc200\" rawcode=\"\" />",128); data/gocr-0.52/src/barcode.c:1330:12: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(code+cpos,"\" />",6); // terminate xml string data/gocr-0.52/src/barcode.c:1335:22: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. if (code) strncpy(code,"<barcode type=\"unknown datamatrix\" />",128); data/gocr-0.52/src/barcode.c:2068:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(code,"<barcode type=\"unknown qrcode\" />",128); data/gocr-0.52/src/box.c:104:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf->tas[i]=(char *)malloc(strlen(inibox->tas[i])+1); data/gocr-0.52/src/box.c:105:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(buf->tas[i], inibox->tas[i], strlen(inibox->tas[i])+1); data/gocr-0.52/src/database.c:45:26: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if( job->cfg.db_path ) strncpy(s2, job->cfg.db_path, Blen-1); data/gocr-0.52/src/database.c:46:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i2=strlen(s2); data/gocr-0.52/src/database.c:50:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(s2+i2,"db.lst",Blen-i2);s2[Blen]=0; data/gocr-0.52/src/database.c:61:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = strlen(s1); data/gocr-0.52/src/database.c:146:26: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if( job->cfg.db_path ) strncpy(s2,job->cfg.db_path,Blen-1); data/gocr-0.52/src/database.c:147:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i2=strlen(s2); data/gocr-0.52/src/database.c:162:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(s2+i2,"db.lst",Blen-i2);s2[Blen]=0; data/gocr-0.52/src/database.c:168:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(s2+i2,s3,strlen(s3)); s2[i2+strlen(s3)]=0; data/gocr-0.52/src/database.c:168:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(s2+i2,s3,strlen(s3)); s2[i2+strlen(s3)]=0; data/gocr-0.52/src/database.c:168:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(s2+i2,s3,strlen(s3)); s2[i2+strlen(s3)]=0; data/gocr-0.52/src/database.c:418:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dd=strlen((char *)buf); data/gocr-0.52/src/lines.c:67:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( *len>0 ) slen= strlen(buffer); // used buffer data/gocr-0.52/src/lines.c:68:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). alen = strlen(s1); data/gocr-0.52/src/lines.c:305:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j+=strlen(box2->tas[0]); data/gocr-0.52/src/lines.c:345:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j+=strlen(box2->tas[0]); data/gocr-0.52/src/pcx.c:36:24: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). unsigned char c=0; c=fgetc(f1); if(feof(f1) || ferror(f1))err=1; return c; data/gocr-0.52/src/pgm2asc.c:89:8: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t wcslen (const wchar_t *s){ data/gocr-0.52/src/pgm2asc.c:96:30: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). copy = (wchar_t *) malloc((wcslen(WS)+1)*sizeof(wchar_t)); data/gocr-0.52/src/pgm2asc.c:367:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). b->tas[i]=(char *)malloc(strlen(as)+1); /* ... string */ data/gocr-0.52/src/pgm2asc.c:368:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (b->tas[i]) memcpy(b->tas[i],as,strlen(as)+1); data/gocr-0.52/src/pgm2asc.c:2649:13: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(buf,decode(ci[ii],job->cfg.out_format),20); data/gocr-0.52/src/pgm2asc.h:37:8: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t wcslen (const wchar_t *s); data/gocr-0.52/src/pnm.c:118:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(rr)==strlen(xlist[i])) /* handle *.eps.pbm correct */ data/gocr-0.52/src/pnm.c:118:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(rr)==strlen(xlist[i])) /* handle *.eps.pbm correct */ data/gocr-0.52/src/pnm.c:129:7: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c=fgetc(f1); data/gocr-0.52/src/pnm.c:169:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *buf = (char *)malloc((strlen(pip)+strlen(name)+4)); data/gocr-0.52/src/pnm.c:169:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *buf = (char *)malloc((strlen(pip)+strlen(name)+4)); data/gocr-0.52/src/pnm.c:328:8: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c1=fgetc(f1); if (feof(f1)) { E0("unexpected EOF"); return -1; } data/gocr-0.52/src/pnm.c:330:6: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c2=fgetc(f1); if (feof(f1)) { E0("unexpected EOF"); return -1; } data/gocr-0.52/src/pnm.c:426:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c1=0; c1=fgetc(f1); /* needed to trigger feof() */ data/gocr-0.52/src/pnm.c:482:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buf,"pnmtopng > ",12); /* no spaces within filenames allowed! */ data/gocr-0.52/src/pnm.c:483:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf+11,nam,111); buf[123]=0; data/gocr-0.52/src/pnm.c:484:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buf+strlen(buf),".png",5); data/gocr-0.52/src/pnm.c:484:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(buf+strlen(buf),".png",5); data/gocr-0.52/src/pnm.c:489:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buf,"gzip -c > ",11); data/gocr-0.52/src/pnm.c:490:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf+10,nam,109); buf[120]=0; data/gocr-0.52/src/pnm.c:491:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buf+strlen(buf),".ppm.gz",8); data/gocr-0.52/src/pnm.c:491:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(buf+strlen(buf),".ppm.gz",8); data/gocr-0.52/src/pnm.c:497:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf,nam,113); buf[114]=0; data/gocr-0.52/src/pnm.c:498:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buf+strlen(buf),".ppm",5); data/gocr-0.52/src/pnm.c:498:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(buf+strlen(buf),".ppm",5); data/gocr-0.52/src/tga.c:34:5: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c=fgetc(f1); assert(!feof(f1)); assert(!ferror(f1)); ANALYSIS SUMMARY: Hits = 167 Lines analyzed = 24449 in approximately 1.12 seconds (21742 lines/second) Physical Source Lines of Code (SLOC) = 18218 Hits@level = [0] 733 [1] 49 [2] 88 [3] 0 [4] 30 [5] 0 Hits@level+ = [0+] 900 [1+] 167 [2+] 118 [3+] 30 [4+] 30 [5+] 0 Hits/KSLOC@level+ = [0+] 49.4017 [1+] 9.16676 [2+] 6.47711 [3+] 1.64672 [4+] 1.64672 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.