Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/jbigkit-2.1/libjbig/jbig.c
Examining data/jbigkit-2.1/libjbig/jbig.h
Examining data/jbigkit-2.1/libjbig/jbig85.c
Examining data/jbigkit-2.1/libjbig/jbig85.h
Examining data/jbigkit-2.1/libjbig/jbig_ar.c
Examining data/jbigkit-2.1/libjbig/jbig_ar.h
Examining data/jbigkit-2.1/libjbig/tstcodec.c
Examining data/jbigkit-2.1/libjbig/tstcodec85.c
Examining data/jbigkit-2.1/pbmtools/jbgtopbm.c
Examining data/jbigkit-2.1/pbmtools/jbgtopbm85.c
Examining data/jbigkit-2.1/pbmtools/pbmtojbg.c
Examining data/jbigkit-2.1/pbmtools/pbmtojbg85.c

FINAL RESULTS:

data/jbigkit-2.1/libjbig/tstcodec.c:165:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(FAILED ", correct would have been %ld\n", correct_length);
data/jbigkit-2.1/libjbig/tstcodec.c:185:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(FAILED " for plane %d\n", i);
data/jbigkit-2.1/libjbig/tstcodec.c:218:4:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	  printf(FAILED " for plane %d\n", i);
data/jbigkit-2.1/libjbig/tstcodec.c:384:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(FAILED);
data/jbigkit-2.1/libjbig/tstcodec.c:386:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(PASSED);
data/jbigkit-2.1/libjbig/tstcodec85.c:177:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(FAILED ", correct would have been %ld\n", correct_length);
data/jbigkit-2.1/libjbig/tstcodec85.c:201:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(FAILED);
data/jbigkit-2.1/libjbig/tstcodec85.c:232:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(FAILED);
data/jbigkit-2.1/libjbig/tstcodec85.c:323:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(FAILED);
data/jbigkit-2.1/libjbig/tstcodec85.c:325:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(PASSED);
data/jbigkit-2.1/libjbig/jbig.c:405:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char jbg_resred[4096] = {
data/jbigkit-2.1/libjbig/jbig.c:542:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char jbg_dptable[256 + 512 + 2048 + 4096] = {
data/jbigkit-2.1/libjbig/jbig.c:1610:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fn[50];
data/jbigkit-2.1/libjbig/jbig.c:1612:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(fn, "dbg_d=%02d.pbm", higher_layer - 1);
data/jbigkit-2.1/libjbig/jbig.c:1613:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(fn, "wb");
data/jbigkit-2.1/libjbig/jbig.c:1791:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buf[20];
data/jbigkit-2.1/libjbig/jbig.c:1797:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char dpbuf[1728];
data/jbigkit-2.1/libjbig/jbig.c:3118:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buf[BUFLEN];
data/jbigkit-2.1/libjbig/jbig.h:38:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char d[JBG_BUFSIZE];              /* one block of a buffer list */
data/jbigkit-2.1/libjbig/jbig.h:109:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char **lhp[2];    /* pointers to lower/higher resolution images */
data/jbigkit-2.1/libjbig/jbig.h:157:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char **lhp[2];
data/jbigkit-2.1/libjbig/jbig.h:166:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[20]; /* used to store BIH or marker segments fragm. */
data/jbigkit-2.1/libjbig/jbig85.c:152:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buf[6];
data/jbigkit-2.1/libjbig/jbig85.c:181:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buf[20];
data/jbigkit-2.1/libjbig/jbig85.c:498:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buf[6];
data/jbigkit-2.1/libjbig/jbig85.c:532:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buf[2];
data/jbigkit-2.1/libjbig/jbig85.h:112:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[20]; /* used to store BIH or marker segments fragm. */
data/jbigkit-2.1/libjbig/jbig_ar.c:56:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char nmpstab[113] = {
data/jbigkit-2.1/libjbig/jbig_ar.c:78:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char nlpstab[113] = {
data/jbigkit-2.1/libjbig/jbig_ar.h:16:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char st[4096];    /* probability status for contexts, MSB = MPS */
data/jbigkit-2.1/libjbig/jbig_ar.h:32:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char st[4096];    /* probability status for contexts, MSB = MPS */
data/jbigkit-2.1/libjbig/tstcodec.c:53:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(testbuf + testbuf_len, start, len);
data/jbigkit-2.1/libjbig/tstcodec.c:55:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(testbuf + testbuf_len, start, TESTBUF_SIZE - testbuf_len);
data/jbigkit-2.1/libjbig/tstcodec.c:146:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(image[i], orig_image[i], plane_size);
data/jbigkit-2.1/libjbig/tstcodec.c:240:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char test[10];
data/jbigkit-2.1/libjbig/tstcodec.c:243:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char *ppp[4];
data/jbigkit-2.1/libjbig/tstcodec.c:253:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char t82sde[32] = {
data/jbigkit-2.1/libjbig/tstcodec.c:261:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char jbig_normal[15*4] = {
data/jbigkit-2.1/libjbig/tstcodec.c:271:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char jbig_upsidedown[15*4] = {
data/jbigkit-2.1/libjbig/tstcodec.c:281:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char jbig_inverse[15*4] = {
data/jbigkit-2.1/libjbig/tstcodec.c:353:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(argv[1], "wb");
data/jbigkit-2.1/libjbig/tstcodec.c:531:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(test, "5.%ld", ++i);
data/jbigkit-2.1/libjbig/tstcodec85.c:54:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(testbuf + testbuf_len, start, len);
data/jbigkit-2.1/libjbig/tstcodec85.c:56:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(testbuf + testbuf_len, start, TESTBUF_SIZE - testbuf_len);
data/jbigkit-2.1/libjbig/tstcodec85.c:83:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((unsigned char *) bitmap + len * y, start, len);
data/jbigkit-2.1/libjbig/tstcodec85.c:159:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(image, orig_image, plane_size);
data/jbigkit-2.1/libjbig/tstcodec85.c:264:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char t82sde[32] = {
data/jbigkit-2.1/libjbig/tstcodec85.c:292:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(argv[1], "wb");
data/jbigkit-2.1/pbmtools/jbgtopbm.c:319:13:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    xmax = atol(argv[i]);
data/jbigkit-2.1/pbmtools/jbgtopbm.c:324:13:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    ymax = atol(argv[i]);
data/jbigkit-2.1/pbmtools/jbgtopbm.c:329:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    plane = atoi(argv[i]);
data/jbigkit-2.1/pbmtools/jbgtopbm.c:345:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fin = fopen(fnin, "rb");
data/jbigkit-2.1/pbmtools/jbgtopbm.c:358:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fout = fopen(fnout, "wb");
data/jbigkit-2.1/pbmtools/jbgtopbm85.c:83:20:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            xmax = atol(argv[i]);
data/jbigkit-2.1/pbmtools/jbgtopbm85.c:88:20:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            ymax = atol(argv[i]);
data/jbigkit-2.1/pbmtools/jbgtopbm85.c:93:24:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            inbuflen = atol(argv[i]);
data/jbigkit-2.1/pbmtools/jbgtopbm85.c:117:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fin = fopen(fnin, "rb");
data/jbigkit-2.1/pbmtools/jbgtopbm85.c:126:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fout = fopen(fnout, "wb");
data/jbigkit-2.1/pbmtools/pbmtojbg.c:172:15:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    mwidth = atol(argv[i]);
data/jbigkit-2.1/pbmtools/pbmtojbg.c:177:16:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    mheight = atol(argv[i]);
data/jbigkit-2.1/pbmtools/pbmtojbg.c:182:11:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    y1 = atol(argv[i]);
data/jbigkit-2.1/pbmtools/pbmtojbg.c:187:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    order = atoi(argv[i]);
data/jbigkit-2.1/pbmtools/pbmtojbg.c:192:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    options = atoi(argv[i]);
data/jbigkit-2.1/pbmtools/pbmtojbg.c:197:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    dl = atoi(argv[i]);
data/jbigkit-2.1/pbmtools/pbmtojbg.c:202:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    dh = atoi(argv[i]);
data/jbigkit-2.1/pbmtools/pbmtojbg.c:210:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    d = atoi(argv[i]);
data/jbigkit-2.1/pbmtools/pbmtojbg.c:215:11:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    l0 = atol(argv[i]);
data/jbigkit-2.1/pbmtools/pbmtojbg.c:220:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    encode_planes = atoi(argv[i]);
data/jbigkit-2.1/pbmtools/pbmtojbg.c:225:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    mx = atoi(argv[i]);
data/jbigkit-2.1/pbmtools/pbmtojbg.c:245:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fin = fopen(fnin, "rb");
data/jbigkit-2.1/pbmtools/pbmtojbg.c:254:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fout = fopen(fnout, "wb");
data/jbigkit-2.1/pbmtools/pbmtojbg85.c:131:11:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    yi = atol(argv[++i]);
data/jbigkit-2.1/pbmtools/pbmtojbg85.c:132:11:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    yr = atol(argv[++i]);
data/jbigkit-2.1/pbmtools/pbmtojbg85.c:137:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    options = atoi(argv[i]);
data/jbigkit-2.1/pbmtools/pbmtojbg85.c:142:11:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    l0 = atol(argv[i]);
data/jbigkit-2.1/pbmtools/pbmtojbg85.c:147:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    mx = atoi(argv[i]);
data/jbigkit-2.1/pbmtools/pbmtojbg85.c:168:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fin = fopen(fnin, "rb");
data/jbigkit-2.1/pbmtools/pbmtojbg85.c:202:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fout = fopen(fnout, "wb");
data/jbigkit-2.1/pbmtools/pbmtojbg.c:84:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((c = getc(f)) != EOF && !isdigit(c))
data/jbigkit-2.1/pbmtools/pbmtojbg.c:86:19:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      while ((c = getc(f)) != EOF && !(c == 13 || c == 10)) ;
data/jbigkit-2.1/pbmtools/pbmtojbg.c:264:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((c = getc(fin)) != EOF && (isspace(c) || c == '#'))
data/jbigkit-2.1/pbmtools/pbmtojbg.c:266:19:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      while ((c = getc(fin)) != EOF && !(c == 13 || c == 10)) ;
data/jbigkit-2.1/pbmtools/pbmtojbg.c:271:10:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  type = getc(fin);
data/jbigkit-2.1/pbmtools/pbmtojbg.c:283:3:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  fgetc(fin);    /* skip line feed */
data/jbigkit-2.1/pbmtools/pbmtojbg.c:389:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    s.comment_len = strlen(comment);
data/jbigkit-2.1/pbmtools/pbmtojbg85.c:68:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((c = getc(f)) != EOF && !isdigit(c))
data/jbigkit-2.1/pbmtools/pbmtojbg85.c:70:19:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      while ((c = getc(f)) != EOF && !(c == 13 || c == 10)) ;
data/jbigkit-2.1/pbmtools/pbmtojbg85.c:178:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((c = getc(fin)) != EOF && (isspace(c) || c == '#'))
data/jbigkit-2.1/pbmtools/pbmtojbg85.c:180:19:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      while ((c = getc(fin)) != EOF && !(c == 13 || c == 10)) ;
data/jbigkit-2.1/pbmtools/pbmtojbg85.c:181:10:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  type = getc(fin);
data/jbigkit-2.1/pbmtools/pbmtojbg85.c:188:3:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  fgetc(fin);    /* skip line feed */
data/jbigkit-2.1/pbmtools/pbmtojbg85.c:218:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    s.comment_len = strlen(comment);

ANALYSIS SUMMARY:

Hits = 92
Lines analyzed = 7667 in approximately 0.37 seconds (20749 lines/second)
Physical Source Lines of Code (SLOC) = 5660
Hits@level = [0] 224 [1]  14 [2]  68 [3]   0 [4]  10 [5]   0
Hits@level+ = [0+] 316 [1+]  92 [2+]  78 [3+]  10 [4+]  10 [5+]   0
Hits/KSLOC@level+ = [0+] 55.8304 [1+] 16.2544 [2+] 13.7809 [3+] 1.76678 [4+] 1.76678 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.