Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gocr-0.52/include/version.h
Examining data/gocr-0.52/include/config.h
Examining data/gocr-0.52/src/ocr0_dbg.h
Examining data/gocr-0.52/src/amiga.h
Examining data/gocr-0.52/src/barcode.c
Examining data/gocr-0.52/src/barcode.h
Examining data/gocr-0.52/src/box.c
Examining data/gocr-0.52/src/database.c
Examining data/gocr-0.52/src/detect.c
Examining data/gocr-0.52/src/gocr.c
Examining data/gocr-0.52/src/gocr.h
Examining data/gocr-0.52/src/jconv.c
Examining data/gocr-0.52/src/job.c
Examining data/gocr-0.52/src/lines.c
Examining data/gocr-0.52/src/list.c
Examining data/gocr-0.52/src/list.h
Examining data/gocr-0.52/src/ocr0.c
Examining data/gocr-0.52/src/ocr0.h
Examining data/gocr-0.52/src/ocr0n.c
Examining data/gocr-0.52/src/ocr1.c
Examining data/gocr-0.52/src/ocr1.h
Examining data/gocr-0.52/src/otsu.c
Examining data/gocr-0.52/src/otsu.h
Examining data/gocr-0.52/src/output.c
Examining data/gocr-0.52/src/output.h
Examining data/gocr-0.52/src/pcx.c
Examining data/gocr-0.52/src/pcx.h
Examining data/gocr-0.52/src/pgm2asc.c
Examining data/gocr-0.52/src/pgm2asc.h
Examining data/gocr-0.52/src/pixel.c
Examining data/gocr-0.52/src/pnm.c
Examining data/gocr-0.52/src/pnm.h
Examining data/gocr-0.52/src/progress.c
Examining data/gocr-0.52/src/progress.h
Examining data/gocr-0.52/src/remove.c
Examining data/gocr-0.52/src/tga.c
Examining data/gocr-0.52/src/tga.h
Examining data/gocr-0.52/src/unicode.c
Examining data/gocr-0.52/src/unicode.h
Examining data/gocr-0.52/src/unicode_defs.h
FINAL RESULTS:
data/gocr-0.52/src/barcode.c:191:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(result,"<barcode type=\"128\" chars=\"%d\" code=\"%s\" "
data/gocr-0.52/src/barcode.c:283:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(result,"<barcode type=\"UPC\" chars=\"%d\" code=\"%d%s\" "
data/gocr-0.52/src/barcode.c:343:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(result, "<barcode type=\"UPC_addon\" chars=\"%d\" code=\"%s\" "
data/gocr-0.52/src/barcode.c:467:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(result,"<barcode type=\"39\" chars=\"%d\" code=\"%s\" "
data/gocr-0.52/src/barcode.c:588:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(result,"<barcode type=\"i25\" chars=\"%d\" code=\"%s\" crc=\"%c\""
data/gocr-0.52/src/barcode.c:709:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(result,"<barcode type=\"codabar\" chars=\"%d\" code=\"%s\""
data/gocr-0.52/src/barcode.c:1839:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
g_debug(fprintf(stderr,(((nbits/8)%interleave==0)?"\n# ":" "));)
data/gocr-0.52/src/barcode.c:2056:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(code,"<barcode type=\"qrcode%d\" chars=\"%d\""
data/gocr-0.52/src/gocr.c:73:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, /* string length less than 509 bytes for ISO C89 */
data/gocr-0.52/src/gocr.c:82:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, /* string length less than 509 bytes for ISO C89 */
data/gocr-0.52/src/gocr.c:85:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, /* string length less than 509 bytes for ISO C89 */
data/gocr-0.52/src/gocr.c:145:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(version_string "-" release_string "\n"); exit(0);}
data/gocr-0.52/src/gocr.c:231:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "# compiled: " __DATE__ );
data/gocr-0.52/src/gocr.c:250:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, " version " __VERSION__ );
data/gocr-0.52/src/pgm2asc.c:86:10: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wchar_t *wcscpy (wchar_t *dest, const wchar_t *src) {
data/gocr-0.52/src/pgm2asc.c:98:3: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(copy, WS);
data/gocr-0.52/src/pgm2asc.h:36:10: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wchar_t *wcscpy (wchar_t *dest, const wchar_t *src);
data/gocr-0.52/src/pnm.c:59:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define E0(x0) {EE();fprintf(stderr,x0 "\n"); }
data/gocr-0.52/src/pnm.c:60:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define F0(x0) {EE();fprintf(stderr,x0 "\n"); exit(1);}
data/gocr-0.52/src/pnm.c:61:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define F1(x0,x1) {EE();fprintf(stderr,x0 "\n",x1); exit(1);}
data/gocr-0.52/src/pnm.c:170:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s \"%s\"", pip, name); /* allow spaces in filename */
data/gocr-0.52/src/pnm.c:180:7: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen(buf, "rb"); /* ToDo: may fail, please report */
data/gocr-0.52/src/pnm.c:181:16: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (!fp) fp = popen(buf, "r"); /* 2nd try, the gnu way */
data/gocr-0.52/src/pnm.c:183:14: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen(buf, "r");
data/gocr-0.52/src/pnm.c:313:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"%s \"%s\"",pip,name); /* ToDo: how to prevent OVL ? */
data/gocr-0.52/src/pnm.c:317:7: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
f1 = popen(buf, "rb"); /* ToDo: may fail, please report */
data/gocr-0.52/src/pnm.c:318:16: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (!f1) f1 = popen(buf, "r"); /* 2nd try, the gnu way */
data/gocr-0.52/src/pnm.c:320:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
f1=popen(buf,"r");
data/gocr-0.52/src/pnm.c:486:10: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
f1 = popen(buf, "w"); if(f1) f1t=1; else E0("popen pnmtopng");
data/gocr-0.52/src/pnm.c:493:10: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
f1 = popen(buf, "w"); if(f1) f1t=1; else E0("popen gzip -c");
data/gocr-0.52/src/barcode.c:57:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *code128[Num128+1]={ /* can be generated by an algorithm? */
data/gocr-0.52/src/barcode.c:217:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *codeUPC[NumUPC+1]={ /* 0..9, first n = SBSB, last n = BSBS */
data/gocr-0.52/src/barcode.c:635:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buf, char27[8]="......";
data/gocr-0.52/src/barcode.c:1311:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
nout = sprintf(code+cpos,"&#%d;",dm_byte);
data/gocr-0.52/src/barcode.c:1729:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char xx[5]=".o_@"; // 2018-09 was [4], no gcc but vc warning
data/gocr-0.52/src/barcode.c:1769:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char xx[5]=".x _";
data/gocr-0.52/src/barcode.c:1869:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char qr_ecc[256]; // buffer for generated ecc data
data/gocr-0.52/src/barcode.c:1968:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char crest[9+1]=" $%*+-./:";
data/gocr-0.52/src/box.c:67:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pixel_atp(b, 0, y), &pixel_atp(p, x0, y + y0 ), dx);
data/gocr-0.52/src/box.c:100:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, inibox, sizeof(struct box));
data/gocr-0.52/src/box.c:105:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->tas[i], inibox->tas[i], strlen(inibox->tas[i])+1);
data/gocr-0.52/src/box.c:232:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmpbox, bbigger, sizeof(struct box));
data/gocr-0.52/src/box.c:238:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpbox.frame_vector[i1],
data/gocr-0.52/src/box.c:254:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(box1->num_frame_vectors,
data/gocr-0.52/src/box.c:256:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(box1->frame_vol,
data/gocr-0.52/src/box.c:258:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(box1->frame_per,
data/gocr-0.52/src/box.c:260:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(box1->frame_vector,
data/gocr-0.52/src/database.c:38:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s1[Blen+1],
data/gocr-0.52/src/database.c:51:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f1 = fopen(s2, "r");
data/gocr-0.52/src/database.c:104:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s3,s1+i+1,j);
data/gocr-0.52/src/database.c:141:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s2[Blen+1] = "./db/", s3[Blen+1];
data/gocr-0.52/src/database.c:159:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s3,"db_%04x_%08lx.pbm", c_out, (unsigned long)time(NULL));
data/gocr-0.52/src/database.c:163:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f1 = fopen(s2, "a");
data/gocr-0.52/src/database.c:353:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[200]; /* Oct08 JS: add unsigned to avoid UTF problems */
data/gocr-0.52/src/gocr.c:193:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
job->cfg.dust_size = atoi(s1); break;
data/gocr-0.52/src/gocr.c:195:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
job->cfg.cs = atoi(s1); break;
data/gocr-0.52/src/gocr.c:197:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
job->cfg.spc = atoi(s1); break;
data/gocr-0.52/src/gocr.c:199:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
job->cfg.verbose |= atoi(s1); break;
data/gocr-0.52/src/gocr.c:201:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
job->cfg.mode |= atoi(s1); break;
data/gocr-0.52/src/gocr.c:203:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
job->cfg.only_numbers = atoi(s1); break;
data/gocr-0.52/src/gocr.c:207:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
job->cfg.certainty = atoi(s1); break;
data/gocr-0.52/src/gocr.h:100:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t tac[NumAlt]; /* alternative chars, only used by setac(),getac() */
data/gocr-0.52/src/gocr.h:102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tas[NumAlt]; /* alternative UTF8-strings or XML codes if tac[]=0 */
data/gocr-0.52/src/jconv.c:63:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ox = atoi(argv[i++]);
data/gocr-0.52/src/jconv.c:64:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oy = atoi(argv[i++]);
data/gocr-0.52/src/jconv.c:65:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dx = atoi(argv[i++]);
data/gocr-0.52/src/jconv.c:66:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dy = atoi(argv[i++]);
data/gocr-0.52/src/lines.c:77:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp,s1,alen+1); // copy including end sign '\0'
data/gocr-0.52/src/lines.c:193:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s1[255]; /* ToDo: avoid potential buffer overflow !!! */
data/gocr-0.52/src/lines.c:195:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s1,"<page x=\"%d\" y=\"%d\" dx=\"%d\" dy=\"%d\">\n",
data/gocr-0.52/src/lines.c:198:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s1,"<block x=\"%d\" y=\"%d\" dx=\"%d\" dy=\"%d\">\n",
data/gocr-0.52/src/lines.c:217:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s1[255]; /* ToDo: avoid potential buffer overflow !!! */
data/gocr-0.52/src/lines.c:219:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s1,"<line x=\"%d\" y=\"%d\" dx=\"%d\" dy=\"%d\" value=\"%d\">\n",
data/gocr-0.52/src/lines.c:250:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s1[255]; /* ToDo: avoid potential buffer overflow !!! */
data/gocr-0.52/src/lines.c:252:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s1," <space x=\"%d\" y=\"%d\" dx=\"%d\" dy=\"%d\" />\n",
data/gocr-0.52/src/lines.c:273:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s1[255]; /* ToDo: avoid potential buffer overflow !!! */
data/gocr-0.52/src/lines.c:275:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s1," <space x=\"%d\" y=\"%d\" dx=\"%d\" dy=\"%d\" />\n",
data/gocr-0.52/src/lines.c:285:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s1[255]; /* ToDo: avoid potential buffer overflow !!! */
data/gocr-0.52/src/lines.c:287:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s1," <box x=\"%d\" y=\"%d\" dx=\"%d\" dy=\"%d\" value=\"",
data/gocr-0.52/src/lines.c:317:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int i1; char s1[256];
data/gocr-0.52/src/lines.c:318:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s1,"\" numac=\"%d\" weights=\"",box2->num_ac);
data/gocr-0.52/src/lines.c:321:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s1,"%d",box2->wac[i1]);
data/gocr-0.52/src/pcx.c:43:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *pic,h[128],bb,b1,b2,b3;
data/gocr-0.52/src/pcx.c:46:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f1=fopen(name,"rb"); if(!f1) ERR("open");
data/gocr-0.52/src/pcx.c:102:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
/*FIXME jb static*/static unsigned char *pic, h[54+4*256];
data/gocr-0.52/src/pcx.c:141:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f1=fopen(name,"wb"); if(!f1) fprintf(stderr," error opening file\n");
data/gocr-0.52/src/pgm2asc.c:368:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (b->tas[i]) memcpy(b->tas[i],as,strlen(as)+1);
data/gocr-0.52/src/pgm2asc.c:1923:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *(join_reason)[5]={"no", "\"A\"Uij%%", "!?;%%", "=:;", "'',,"};
data/gocr-0.52/src/pgm2asc.c:2383:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t ci[8], // split max. 8 chars
data/gocr-0.52/src/pgm2asc.c:2438:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[8]=""; setac(&boxb,ci[i],a2[i]=99);
data/gocr-0.52/src/pgm2asc.c:2475:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64]=""; // end == \0
data/gocr-0.52/src/pixel.c:75:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char filt3[Nfilt3][9]={
data/gocr-0.52/src/pixel.c:147:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char c33[9];
data/gocr-0.52/src/pixel.c:225:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char num_table[NUM_TABLE_SIZE];
data/gocr-0.52/src/pixel.c:317:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tree[TREE_ARRAY_SIZE];
data/gocr-0.52/src/pnm.c:164:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(name, "rb");
data/gocr-0.52/src/pnm.c:299:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/gocr-0.52/src/pnm.c:311:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f1=fopen(name,"rb"); if (!f1) F1("opening file %s",name);
data/gocr-0.52/src/pnm.c:444:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f1=fopen(nam,"wb");if(!f1)F0("open"); // open-error
data/gocr-0.52/src/pnm.c:458:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void addrgb(unsigned char rgb[3], int sr, int sg, int sb) {
data/gocr-0.52/src/pnm.c:475:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
FILE *f1=NULL; int x,y,f1t=0; unsigned char rgb[3], gray, bits;
data/gocr-0.52/src/pnm.c:476:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/gocr-0.52/src/pnm.c:478:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (strstr(nam,".ppm")) { f1=fopen(nam,"wb"); }
data/gocr-0.52/src/pnm.c:499:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f1=fopen(buf,"wb");
data/gocr-0.52/src/pnm.c:542:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f1=fopen(nam,"wb");if(!f1)F0("open"); // open-error
data/gocr-0.52/src/progress.c:14:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fd=atoi(fname);
data/gocr-0.52/src/progress.c:20:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else { fp=fopen(fname,"w");if(!fp)fp=fopen(fname,"a"); }
data/gocr-0.52/src/progress.c:20:42: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else { fp=fopen(fname,"w");if(!fp)fp=fopen(fname,"a"); }
data/gocr-0.52/src/tga.c:47:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *pic,h[18];
data/gocr-0.52/src/tga.c:49:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f1=fopen(name,"rb"); if(!f1) fprintf(stderr," error opening file\n");
data/gocr-0.52/src/unicode.c:414:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
/*FIXME jb static*/ static char bbuf[8*32]; /* space for 8 buffers, rotating */
data/gocr-0.52/src/unicode.c:495:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"\\code(%04x)",(unsigned)c);
data/gocr-0.52/src/unicode.c:952:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"\\symbol{%u}",(unsigned)c);
data/gocr-0.52/src/unicode.c:1202:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"&#%u;",(unsigned)c);
data/gocr-0.52/src/unicode.c:1237:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"&#x%03x;",(unsigned)c);
data/gocr-0.52/src/unicode.c:1244:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"&#%u;",(unsigned)c);
data/gocr-0.52/src/unicode.c:1262:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if ((unsigned)c>255) sprintf(buf,"(0x%04x)",(unsigned)c);
data/gocr-0.52/src/unicode.c:1263:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(buf,"(0x%02x)",(unsigned)c);
data/gocr-0.52/src/barcode.c:1058:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
if(code) strncpy(code,"<barcode type=\"unknown\" />",128);
data/gocr-0.52/src/barcode.c:1244:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(code,"<barcode type=\"datamatrix ecc200\" rawcode=\"\" />",128);
data/gocr-0.52/src/barcode.c:1330:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(code+cpos,"\" />",6); // terminate xml string
data/gocr-0.52/src/barcode.c:1335:22: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
if (code) strncpy(code,"<barcode type=\"unknown datamatrix\" />",128);
data/gocr-0.52/src/barcode.c:2068:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(code,"<barcode type=\"unknown qrcode\" />",128);
data/gocr-0.52/src/box.c:104:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf->tas[i]=(char *)malloc(strlen(inibox->tas[i])+1);
data/gocr-0.52/src/box.c:105:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf->tas[i], inibox->tas[i], strlen(inibox->tas[i])+1);
data/gocr-0.52/src/database.c:45:26: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if( job->cfg.db_path ) strncpy(s2, job->cfg.db_path, Blen-1);
data/gocr-0.52/src/database.c:46:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i2=strlen(s2);
data/gocr-0.52/src/database.c:50:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(s2+i2,"db.lst",Blen-i2);s2[Blen]=0;
data/gocr-0.52/src/database.c:61:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(s1);
data/gocr-0.52/src/database.c:146:26: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if( job->cfg.db_path ) strncpy(s2,job->cfg.db_path,Blen-1);
data/gocr-0.52/src/database.c:147:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i2=strlen(s2);
data/gocr-0.52/src/database.c:162:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(s2+i2,"db.lst",Blen-i2);s2[Blen]=0;
data/gocr-0.52/src/database.c:168:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s2+i2,s3,strlen(s3)); s2[i2+strlen(s3)]=0;
data/gocr-0.52/src/database.c:168:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(s2+i2,s3,strlen(s3)); s2[i2+strlen(s3)]=0;
data/gocr-0.52/src/database.c:168:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(s2+i2,s3,strlen(s3)); s2[i2+strlen(s3)]=0;
data/gocr-0.52/src/database.c:418:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dd=strlen((char *)buf);
data/gocr-0.52/src/lines.c:67:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( *len>0 ) slen= strlen(buffer); // used buffer
data/gocr-0.52/src/lines.c:68:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alen = strlen(s1);
data/gocr-0.52/src/lines.c:305:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j+=strlen(box2->tas[0]);
data/gocr-0.52/src/lines.c:345:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j+=strlen(box2->tas[0]);
data/gocr-0.52/src/pcx.c:36:24: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned char c=0; c=fgetc(f1); if(feof(f1) || ferror(f1))err=1; return c;
data/gocr-0.52/src/pgm2asc.c:89:8: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t wcslen (const wchar_t *s){
data/gocr-0.52/src/pgm2asc.c:96:30: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copy = (wchar_t *) malloc((wcslen(WS)+1)*sizeof(wchar_t));
data/gocr-0.52/src/pgm2asc.c:367:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b->tas[i]=(char *)malloc(strlen(as)+1); /* ... string */
data/gocr-0.52/src/pgm2asc.c:368:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (b->tas[i]) memcpy(b->tas[i],as,strlen(as)+1);
data/gocr-0.52/src/pgm2asc.c:2649:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf,decode(ci[ii],job->cfg.out_format),20);
data/gocr-0.52/src/pgm2asc.h:37:8: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t wcslen (const wchar_t *s);
data/gocr-0.52/src/pnm.c:118:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(rr)==strlen(xlist[i])) /* handle *.eps.pbm correct */
data/gocr-0.52/src/pnm.c:118:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(rr)==strlen(xlist[i])) /* handle *.eps.pbm correct */
data/gocr-0.52/src/pnm.c:129:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c=fgetc(f1);
data/gocr-0.52/src/pnm.c:169:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *buf = (char *)malloc((strlen(pip)+strlen(name)+4));
data/gocr-0.52/src/pnm.c:169:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *buf = (char *)malloc((strlen(pip)+strlen(name)+4));
data/gocr-0.52/src/pnm.c:328:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c1=fgetc(f1); if (feof(f1)) { E0("unexpected EOF"); return -1; }
data/gocr-0.52/src/pnm.c:330:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c2=fgetc(f1); if (feof(f1)) { E0("unexpected EOF"); return -1; }
data/gocr-0.52/src/pnm.c:426:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c1=0; c1=fgetc(f1); /* needed to trigger feof() */
data/gocr-0.52/src/pnm.c:482:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf,"pnmtopng > ",12); /* no spaces within filenames allowed! */
data/gocr-0.52/src/pnm.c:483:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf+11,nam,111); buf[123]=0;
data/gocr-0.52/src/pnm.c:484:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf+strlen(buf),".png",5);
data/gocr-0.52/src/pnm.c:484:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(buf+strlen(buf),".png",5);
data/gocr-0.52/src/pnm.c:489:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf,"gzip -c > ",11);
data/gocr-0.52/src/pnm.c:490:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf+10,nam,109); buf[120]=0;
data/gocr-0.52/src/pnm.c:491:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf+strlen(buf),".ppm.gz",8);
data/gocr-0.52/src/pnm.c:491:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(buf+strlen(buf),".ppm.gz",8);
data/gocr-0.52/src/pnm.c:497:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf,nam,113); buf[114]=0;
data/gocr-0.52/src/pnm.c:498:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf+strlen(buf),".ppm",5);
data/gocr-0.52/src/pnm.c:498:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(buf+strlen(buf),".ppm",5);
data/gocr-0.52/src/tga.c:34:5: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c=fgetc(f1); assert(!feof(f1)); assert(!ferror(f1));
ANALYSIS SUMMARY:
Hits = 167
Lines analyzed = 24449 in approximately 1.12 seconds (21742 lines/second)
Physical Source Lines of Code (SLOC) = 18218
Hits@level = [0] 733 [1] 49 [2] 88 [3] 0 [4] 30 [5] 0
Hits@level+ = [0+] 900 [1+] 167 [2+] 118 [3+] 30 [4+] 30 [5+] 0
Hits/KSLOC@level+ = [0+] 49.4017 [1+] 9.16676 [2+] 6.47711 [3+] 1.64672 [4+] 1.64672 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.