Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ipe-tools-7.2.20/figtoipe/figtoipe.cpp
Examining data/ipe-tools-7.2.20/ipe5toxml/ipe5toxml.c
Examining data/ipe-tools-7.2.20/ipepython/ipepython.cpp
Examining data/ipe-tools-7.2.20/pdftoipe/parseargs.cc
Examining data/ipe-tools-7.2.20/pdftoipe/parseargs.h
Examining data/ipe-tools-7.2.20/pdftoipe/pdftoipe.cpp
Examining data/ipe-tools-7.2.20/pdftoipe/xmloutputdev.cpp
Examining data/ipe-tools-7.2.20/pdftoipe/xmloutputdev.h
FINAL RESULTS:
data/ipe-tools-7.2.20/figtoipe/figtoipe.cpp:986:26: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE* anytopnm = popen( cmd.c_str(), "r" );
data/ipe-tools-7.2.20/ipe5toxml/ipe5toxml.c:361:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ns, rd.str);
data/ipe-tools-7.2.20/ipe5toxml/ipe5toxml.c:363:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ns, linebuf);
data/ipe-tools-7.2.20/pdftoipe/xmloutputdev.cpp:631:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, args);
data/ipe-tools-7.2.20/figtoipe/figtoipe.cpp:244:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[BUFSIZE];
data/ipe-tools-7.2.20/figtoipe/figtoipe.cpp:330:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ipe-tools-7.2.20/figtoipe/figtoipe.cpp:441:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char image_filename[1024];
data/ipe-tools-7.2.20/figtoipe/figtoipe.cpp:1062:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zbuf[zbuf_size];
data/ipe-tools-7.2.20/figtoipe/figtoipe.cpp:1327:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fig = fopen(figname, "r");
data/ipe-tools-7.2.20/figtoipe/figtoipe.cpp:1349:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *xml = fopen(xmlname, "w");
data/ipe-tools-7.2.20/ipe5toxml/ipe5toxml.c:181:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char linebuf[MAX_LINE_LENGTH];
data/ipe-tools-7.2.20/ipe5toxml/ipe5toxml.c:372:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, *strbits, buf[3];
data/ipe-tools-7.2.20/ipe5toxml/ipe5toxml.c:1066:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char preamble[MAX_LINE_LENGTH];
data/ipe-tools-7.2.20/ipe5toxml/ipe5toxml.c:1067:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pspreamble[MAX_LINE_LENGTH];
data/ipe-tools-7.2.20/ipe5toxml/ipe5toxml.c:1075:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fh = fopen(ipename, "rb"))) {
data/ipe-tools-7.2.20/ipe5toxml/ipe5toxml.c:1153:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fh = fopen(xmlname, "wb"))) {
data/ipe-tools-7.2.20/ipepython/ipepython.cpp:664:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "return ");
data/ipe-tools-7.2.20/pdftoipe/parseargs.cc:129:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*(int *)arg->val = atoi(argv[i+1]);
data/ipe-tools-7.2.20/pdftoipe/pdftoipe.cpp:31:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ownerPassword[33] = "";
data/ipe-tools-7.2.20/pdftoipe/pdftoipe.cpp:32:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char userPassword[33] = "";
data/ipe-tools-7.2.20/pdftoipe/xmloutputdev.cpp:34:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f = fopen(fileName.c_str(), "wb"))) {
data/ipe-tools-7.2.20/pdftoipe/xmloutputdev.cpp:628:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/ipe-tools-7.2.20/figtoipe/figtoipe.cpp:329:28: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (objType == -1 && fgetc(iFig)=='#' ) {
data/ipe-tools-7.2.20/figtoipe/figtoipe.cpp:443:11: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if( fscanf(iFig, "%d %1020s", &orientation, image_filename) != 2 ) {
data/ipe-tools-7.2.20/figtoipe/figtoipe.cpp:515:3: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(iFig);
data/ipe-tools-7.2.20/figtoipe/figtoipe.cpp:518:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ch = fgetc(iFig);
data/ipe-tools-7.2.20/figtoipe/figtoipe.cpp:807:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
jpeg_in.read( reinterpret_cast<char*>(&c), 1 );
data/ipe-tools-7.2.20/figtoipe/figtoipe.cpp:970:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
jpeg_in.read( const_cast<char*>(image_data.data()), jpeg_size );
data/ipe-tools-7.2.20/figtoipe/figtoipe.cpp:1023:23: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void)fgetc( anytopnm );
data/ipe-tools-7.2.20/figtoipe/figtoipe.cpp:1028:45: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int component = fgetc( anytopnm );
data/ipe-tools-7.2.20/figtoipe/figtoipe.cpp:1032:50: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int component2 = fgetc( anytopnm );
data/ipe-tools-7.2.20/ipe5toxml/ipe5toxml.c:214:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = fgetc(fh)) != EOF &&
data/ipe-tools-7.2.20/ipe5toxml/ipe5toxml.c:229:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((*p = fgetc(fh)), *p != EOF && (p < (linebuf + sizeof(linebuf) -1)) && !isspace(*p))
data/ipe-tools-7.2.20/ipe5toxml/ipe5toxml.c:341:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fh);
data/ipe-tools-7.2.20/ipe5toxml/ipe5toxml.c:348:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = fgetc(fh)) != EOF && ch != '\n')
data/ipe-tools-7.2.20/ipe5toxml/ipe5toxml.c:355:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf[strlen(linebuf) - 1] = '\0';
data/ipe-tools-7.2.20/ipe5toxml/ipe5toxml.c:360:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ns = NEWARRAY(char, (strlen(rd.str) + strlen(linebuf) + 2));
data/ipe-tools-7.2.20/ipe5toxml/ipe5toxml.c:360:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ns = NEWARRAY(char, (strlen(rd.str) + strlen(linebuf) + 2));
data/ipe-tools-7.2.20/ipe5toxml/ipe5toxml.c:362:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ns, "\n");
data/ipe-tools-7.2.20/ipe5toxml/ipe5toxml.c:380:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(fh)) == EOF) {
data/ipe-tools-7.2.20/ipe5toxml/ipe5toxml.c:421:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(fh)) == EOF) {
data/ipe-tools-7.2.20/ipe5toxml/ipe5toxml.c:1091:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = fgetc(fh)) != '\n' && ch != EOF)
data/ipe-tools-7.2.20/ipe5toxml/ipe5toxml.c:1094:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fh);
data/ipe-tools-7.2.20/ipe5toxml/ipe5toxml.c:1114:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = fgetc(fh)) != '\n' && ch != EOF)
data/ipe-tools-7.2.20/ipe5toxml/ipe5toxml.c:1117:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fh);
data/ipe-tools-7.2.20/ipepython/ipepython.cpp:663:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = (char *) malloc(strlen("return ")+len+1);
data/ipe-tools-7.2.20/ipepython/ipepython.cpp:665:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf, s, len);
data/ipe-tools-7.2.20/ipepython/ipepython.cpp:667:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen("return ")+len;
data/ipe-tools-7.2.20/pdftoipe/parseargs.cc:67:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((w1 = strlen(arg->arg)) > w)
data/ipe-tools-7.2.20/pdftoipe/parseargs.cc:78:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w1 = 9 + w - strlen(arg->arg);
data/ipe-tools-7.2.20/pdftoipe/parseargs.cc:147:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)arg->val, argv[i+1], arg->size - 1);
data/ipe-tools-7.2.20/pdftoipe/xmloutputdev.cpp:622:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(s, 1, strlen(s), outputStream);
data/ipe-tools-7.2.20/pdftoipe/xmloutputdev.cpp:633:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(buf, 1, strlen(buf), outputStream);
ANALYSIS SUMMARY:
Hits = 53
Lines analyzed = 4645 in approximately 0.18 seconds (25508 lines/second)
Physical Source Lines of Code (SLOC) = 3730
Hits@level = [0] 270 [1] 31 [2] 18 [3] 0 [4] 4 [5] 0
Hits@level+ = [0+] 323 [1+] 53 [2+] 22 [3+] 4 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 86.5952 [1+] 14.2091 [2+] 5.89812 [3+] 1.07239 [4+] 1.07239 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.