Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/jbigkit-2.1/libjbig/jbig.c Examining data/jbigkit-2.1/libjbig/jbig.h Examining data/jbigkit-2.1/libjbig/jbig85.c Examining data/jbigkit-2.1/libjbig/jbig85.h Examining data/jbigkit-2.1/libjbig/jbig_ar.c Examining data/jbigkit-2.1/libjbig/jbig_ar.h Examining data/jbigkit-2.1/libjbig/tstcodec.c Examining data/jbigkit-2.1/libjbig/tstcodec85.c Examining data/jbigkit-2.1/pbmtools/jbgtopbm.c Examining data/jbigkit-2.1/pbmtools/jbgtopbm85.c Examining data/jbigkit-2.1/pbmtools/pbmtojbg.c Examining data/jbigkit-2.1/pbmtools/pbmtojbg85.c FINAL RESULTS: data/jbigkit-2.1/libjbig/tstcodec.c:165:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(FAILED ", correct would have been %ld\n", correct_length); data/jbigkit-2.1/libjbig/tstcodec.c:185:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(FAILED " for plane %d\n", i); data/jbigkit-2.1/libjbig/tstcodec.c:218:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(FAILED " for plane %d\n", i); data/jbigkit-2.1/libjbig/tstcodec.c:384:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(FAILED); data/jbigkit-2.1/libjbig/tstcodec.c:386:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(PASSED); data/jbigkit-2.1/libjbig/tstcodec85.c:177:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(FAILED ", correct would have been %ld\n", correct_length); data/jbigkit-2.1/libjbig/tstcodec85.c:201:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(FAILED); data/jbigkit-2.1/libjbig/tstcodec85.c:232:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(FAILED); data/jbigkit-2.1/libjbig/tstcodec85.c:323:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(FAILED); data/jbigkit-2.1/libjbig/tstcodec85.c:325:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(PASSED); data/jbigkit-2.1/libjbig/jbig.c:405:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char jbg_resred[4096] = { data/jbigkit-2.1/libjbig/jbig.c:542:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char jbg_dptable[256 + 512 + 2048 + 4096] = { data/jbigkit-2.1/libjbig/jbig.c:1610:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[50]; data/jbigkit-2.1/libjbig/jbig.c:1612:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fn, "dbg_d=%02d.pbm", higher_layer - 1); data/jbigkit-2.1/libjbig/jbig.c:1613:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(fn, "wb"); data/jbigkit-2.1/libjbig/jbig.c:1791:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[20]; data/jbigkit-2.1/libjbig/jbig.c:1797:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dpbuf[1728]; data/jbigkit-2.1/libjbig/jbig.c:3118:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[BUFLEN]; data/jbigkit-2.1/libjbig/jbig.h:38:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char d[JBG_BUFSIZE]; /* one block of a buffer list */ data/jbigkit-2.1/libjbig/jbig.h:109:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char **lhp[2]; /* pointers to lower/higher resolution images */ data/jbigkit-2.1/libjbig/jbig.h:157:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char **lhp[2]; data/jbigkit-2.1/libjbig/jbig.h:166:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[20]; /* used to store BIH or marker segments fragm. */ data/jbigkit-2.1/libjbig/jbig85.c:152:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[6]; data/jbigkit-2.1/libjbig/jbig85.c:181:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[20]; data/jbigkit-2.1/libjbig/jbig85.c:498:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[6]; data/jbigkit-2.1/libjbig/jbig85.c:532:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[2]; data/jbigkit-2.1/libjbig/jbig85.h:112:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[20]; /* used to store BIH or marker segments fragm. */ data/jbigkit-2.1/libjbig/jbig_ar.c:56:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char nmpstab[113] = { data/jbigkit-2.1/libjbig/jbig_ar.c:78:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char nlpstab[113] = { data/jbigkit-2.1/libjbig/jbig_ar.h:16:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char st[4096]; /* probability status for contexts, MSB = MPS */ data/jbigkit-2.1/libjbig/jbig_ar.h:32:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char st[4096]; /* probability status for contexts, MSB = MPS */ data/jbigkit-2.1/libjbig/tstcodec.c:53:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(testbuf + testbuf_len, start, len); data/jbigkit-2.1/libjbig/tstcodec.c:55:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(testbuf + testbuf_len, start, TESTBUF_SIZE - testbuf_len); data/jbigkit-2.1/libjbig/tstcodec.c:146:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(image[i], orig_image[i], plane_size); data/jbigkit-2.1/libjbig/tstcodec.c:240:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test[10]; data/jbigkit-2.1/libjbig/tstcodec.c:243:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *ppp[4]; data/jbigkit-2.1/libjbig/tstcodec.c:253:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char t82sde[32] = { data/jbigkit-2.1/libjbig/tstcodec.c:261:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char jbig_normal[15*4] = { data/jbigkit-2.1/libjbig/tstcodec.c:271:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char jbig_upsidedown[15*4] = { data/jbigkit-2.1/libjbig/tstcodec.c:281:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char jbig_inverse[15*4] = { data/jbigkit-2.1/libjbig/tstcodec.c:353:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(argv[1], "wb"); data/jbigkit-2.1/libjbig/tstcodec.c:531:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(test, "5.%ld", ++i); data/jbigkit-2.1/libjbig/tstcodec85.c:54:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(testbuf + testbuf_len, start, len); data/jbigkit-2.1/libjbig/tstcodec85.c:56:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(testbuf + testbuf_len, start, TESTBUF_SIZE - testbuf_len); data/jbigkit-2.1/libjbig/tstcodec85.c:83:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((unsigned char *) bitmap + len * y, start, len); data/jbigkit-2.1/libjbig/tstcodec85.c:159:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(image, orig_image, plane_size); data/jbigkit-2.1/libjbig/tstcodec85.c:264:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char t82sde[32] = { data/jbigkit-2.1/libjbig/tstcodec85.c:292:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(argv[1], "wb"); data/jbigkit-2.1/pbmtools/jbgtopbm.c:319:13: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xmax = atol(argv[i]); data/jbigkit-2.1/pbmtools/jbgtopbm.c:324:13: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ymax = atol(argv[i]); data/jbigkit-2.1/pbmtools/jbgtopbm.c:329:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). plane = atoi(argv[i]); data/jbigkit-2.1/pbmtools/jbgtopbm.c:345:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(fnin, "rb"); data/jbigkit-2.1/pbmtools/jbgtopbm.c:358:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen(fnout, "wb"); data/jbigkit-2.1/pbmtools/jbgtopbm85.c:83:20: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xmax = atol(argv[i]); data/jbigkit-2.1/pbmtools/jbgtopbm85.c:88:20: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ymax = atol(argv[i]); data/jbigkit-2.1/pbmtools/jbgtopbm85.c:93:24: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). inbuflen = atol(argv[i]); data/jbigkit-2.1/pbmtools/jbgtopbm85.c:117:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(fnin, "rb"); data/jbigkit-2.1/pbmtools/jbgtopbm85.c:126:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen(fnout, "wb"); data/jbigkit-2.1/pbmtools/pbmtojbg.c:172:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mwidth = atol(argv[i]); data/jbigkit-2.1/pbmtools/pbmtojbg.c:177:16: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mheight = atol(argv[i]); data/jbigkit-2.1/pbmtools/pbmtojbg.c:182:11: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). y1 = atol(argv[i]); data/jbigkit-2.1/pbmtools/pbmtojbg.c:187:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). order = atoi(argv[i]); data/jbigkit-2.1/pbmtools/pbmtojbg.c:192:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). options = atoi(argv[i]); data/jbigkit-2.1/pbmtools/pbmtojbg.c:197:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dl = atoi(argv[i]); data/jbigkit-2.1/pbmtools/pbmtojbg.c:202:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dh = atoi(argv[i]); data/jbigkit-2.1/pbmtools/pbmtojbg.c:210:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). d = atoi(argv[i]); data/jbigkit-2.1/pbmtools/pbmtojbg.c:215:11: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). l0 = atol(argv[i]); data/jbigkit-2.1/pbmtools/pbmtojbg.c:220:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). encode_planes = atoi(argv[i]); data/jbigkit-2.1/pbmtools/pbmtojbg.c:225:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mx = atoi(argv[i]); data/jbigkit-2.1/pbmtools/pbmtojbg.c:245:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(fnin, "rb"); data/jbigkit-2.1/pbmtools/pbmtojbg.c:254:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen(fnout, "wb"); data/jbigkit-2.1/pbmtools/pbmtojbg85.c:131:11: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). yi = atol(argv[++i]); data/jbigkit-2.1/pbmtools/pbmtojbg85.c:132:11: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). yr = atol(argv[++i]); data/jbigkit-2.1/pbmtools/pbmtojbg85.c:137:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). options = atoi(argv[i]); data/jbigkit-2.1/pbmtools/pbmtojbg85.c:142:11: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). l0 = atol(argv[i]); data/jbigkit-2.1/pbmtools/pbmtojbg85.c:147:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mx = atoi(argv[i]); data/jbigkit-2.1/pbmtools/pbmtojbg85.c:168:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(fnin, "rb"); data/jbigkit-2.1/pbmtools/pbmtojbg85.c:202:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen(fnout, "wb"); data/jbigkit-2.1/pbmtools/pbmtojbg.c:84:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc(f)) != EOF && !isdigit(c)) data/jbigkit-2.1/pbmtools/pbmtojbg.c:86:19: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc(f)) != EOF && !(c == 13 || c == 10)) ; data/jbigkit-2.1/pbmtools/pbmtojbg.c:264:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc(fin)) != EOF && (isspace(c) || c == '#')) data/jbigkit-2.1/pbmtools/pbmtojbg.c:266:19: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc(fin)) != EOF && !(c == 13 || c == 10)) ; data/jbigkit-2.1/pbmtools/pbmtojbg.c:271:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). type = getc(fin); data/jbigkit-2.1/pbmtools/pbmtojbg.c:283:3: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fgetc(fin); /* skip line feed */ data/jbigkit-2.1/pbmtools/pbmtojbg.c:389:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s.comment_len = strlen(comment); data/jbigkit-2.1/pbmtools/pbmtojbg85.c:68:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc(f)) != EOF && !isdigit(c)) data/jbigkit-2.1/pbmtools/pbmtojbg85.c:70:19: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc(f)) != EOF && !(c == 13 || c == 10)) ; data/jbigkit-2.1/pbmtools/pbmtojbg85.c:178:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc(fin)) != EOF && (isspace(c) || c == '#')) data/jbigkit-2.1/pbmtools/pbmtojbg85.c:180:19: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc(fin)) != EOF && !(c == 13 || c == 10)) ; data/jbigkit-2.1/pbmtools/pbmtojbg85.c:181:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). type = getc(fin); data/jbigkit-2.1/pbmtools/pbmtojbg85.c:188:3: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fgetc(fin); /* skip line feed */ data/jbigkit-2.1/pbmtools/pbmtojbg85.c:218:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s.comment_len = strlen(comment); ANALYSIS SUMMARY: Hits = 92 Lines analyzed = 7667 in approximately 0.37 seconds (20749 lines/second) Physical Source Lines of Code (SLOC) = 5660 Hits@level = [0] 224 [1] 14 [2] 68 [3] 0 [4] 10 [5] 0 Hits@level+ = [0+] 316 [1+] 92 [2+] 78 [3+] 10 [4+] 10 [5+] 0 Hits/KSLOC@level+ = [0+] 55.8304 [1+] 16.2544 [2+] 13.7809 [3+] 1.76678 [4+] 1.76678 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.