Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/iec16022-0.2.4/image.h Examining data/iec16022-0.2.4/reedsol.h Examining data/iec16022-0.2.4/iec16022.c Examining data/iec16022-0.2.4/reedsol.c Examining data/iec16022-0.2.4/image.c Examining data/iec16022-0.2.4/iec16022ecc200.h Examining data/iec16022-0.2.4/iec16022ecc200.c FINAL RESULTS: data/iec16022-0.2.4/image.c:365:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf + n, comment); data/iec16022-0.2.4/iec16022.c:146:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(infile, "rb"); data/iec16022-0.2.4/iec16022.c:164:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). W = atoi(size); data/iec16022-0.2.4/iec16022.c:166:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). H = atoi(x + 1); data/iec16022-0.2.4/iec16022.c:171:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ecc = atoi(eccstr); data/iec16022-0.2.4/iec16022.c:346:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[74], c; data/iec16022-0.2.4/iec16022.c:357:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, barcode, 74); data/iec16022-0.2.4/iec16022.c:360:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). t.tm_year = atoi(temp + 54) + 100; data/iec16022-0.2.4/iec16022.c:364:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). now += 86400 * (atoi(temp + 51) - 1); data/iec16022-0.2.4/iec16022.c:367:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). v = atoi(temp + 36); data/iec16022-0.2.4/iec16022ecc200.c:218:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[256], ecc[256]; data/iec16022-0.2.4/iec16022ecc200.c:256:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out[6], p = 0; data/iec16022-0.2.4/iec16022ecc200.c:358:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[4], p = 0; data/iec16022-0.2.4/iec16022ecc200.c:480:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char switchcost[E_MAX][E_MAX] = { data/iec16022-0.2.4/iec16022ecc200.c:849:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char binary[3000]; // encoded raw data and ecc to place in barcode data/iec16022-0.2.4/image.c:238:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char block[256]; // block so far, with count at start data/iec16022-0.2.4/image.c:331:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1500]; data/iec16022-0.2.4/image.c:333:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "GIF87a"); data/iec16022-0.2.4/image.c:615:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char alpha[256]; data/iec16022-0.2.4/image.c:635:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char h[5]; data/iec16022-0.2.4/reedsol.c:158:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[9] = { 142, 164, 186 }; data/iec16022-0.2.4/reedsol.c:159:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[5]; data/iec16022-0.2.4/iec16022.c:160:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). barcodelen = strlen(barcode); data/iec16022-0.2.4/iec16022ecc200.c:240:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(encoding) < sl) { data/iec16022-0.2.4/image.c:361:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (comment && strlen(comment) < 256) { // comment data/iec16022-0.2.4/image.c:364:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf[n++] = strlen(comment); data/iec16022-0.2.4/image.c:606:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int v = htonl(strlen(c) + strlen(comment) + 1), crc; data/iec16022-0.2.4/image.c:606:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int v = htonl(strlen(c) + strlen(comment) + 1), crc; data/iec16022-0.2.4/image.c:609:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). crc = writecrc(fh, c, strlen(c) + 1, crc); data/iec16022-0.2.4/image.c:610:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). crc = writecrc(fh, comment, strlen(comment), crc); ANALYSIS SUMMARY: Hits = 30 Lines analyzed = 2400 in approximately 0.12 seconds (19842 lines/second) Physical Source Lines of Code (SLOC) = 1982 Hits@level = [0] 54 [1] 8 [2] 21 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 84 [1+] 30 [2+] 22 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 42.3814 [1+] 15.1362 [2+] 11.0999 [3+] 0.504541 [4+] 0.504541 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.