stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/largetifftools-1.3.10/src/tifffastcrop.c
Examining data/largetifftools-1.3.10/src/tiffmakemosaic.c
Examining data/largetifftools-1.3.10/src/tiffsplittiles.c

FINAL RESULTS:

data/largetifftools-1.3.10/src/tifffastcrop.c:84:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	n= vsnprintf(NULL, 0, format, ap);
data/largetifftools-1.3.10/src/tifffastcrop.c:92:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(p, n+1, format, ap);
data/largetifftools-1.3.10/src/tifffastcrop.c:1259:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	if (sscanf(cp, UINT32_FORMAT "," UINT32_FORMAT ","
data/largetifftools-1.3.10/src/tifffastcrop.c:1272:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(stderr, fmt, ap);
data/largetifftools-1.3.10/src/tifffastcrop.c:1283:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(stderr, fmt, ap);
data/largetifftools-1.3.10/src/tiffmakemosaic.c:78:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	n= vsnprintf(NULL, 0, format, ap);
data/largetifftools-1.3.10/src/tiffmakemosaic.c:86:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(p, n+1, format, ap);
data/largetifftools-1.3.10/src/tiffmakemosaic.c:638:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(stderr, ", width %g times the divisor "
data/largetifftools-1.3.10/src/tiffmakemosaic.c:643:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(stderr, ", length %g times the divisor "
data/largetifftools-1.3.10/src/tiffmakemosaic.c:1226:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(stderr, fmt, ap);
data/largetifftools-1.3.10/src/tiffmakemosaic.c:1238:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(stderr, fmt, ap);
data/largetifftools-1.3.10/src/tiffsplittiles.c:42:6:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  n= vsnprintf(NULL, 0, format, ap);
data/largetifftools-1.3.10/src/tiffsplittiles.c:51:3:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  vsnprintf(p, n+1, format, ap);
data/largetifftools-1.3.10/src/tiffsplittiles.c:147:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vfprintf(stderr, fmt, ap);
data/largetifftools-1.3.10/src/tiffsplittiles.c:158:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vfprintf(stderr, fmt, ap);
data/largetifftools-1.3.10/src/tifffastcrop.c:235:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(out, in, widthtocopyinpixels * (bitsperpixel/8));
data/largetifftools-1.3.10/src/tifffastcrop.c:350:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(out_wholeoutbytes, in, wholebytesperline);
data/largetifftools-1.3.10/src/tifffastcrop.c:859:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    (void *) fopen(outfilename, "wb") :
data/largetifftools-1.3.10/src/tifffastcrop.c:1155:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				defpredictor = atoi(cp);
data/largetifftools-1.3.10/src/tifffastcrop.c:1157:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				defpreset = atoi(++cp);
data/largetifftools-1.3.10/src/tifffastcrop.c:1234:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			defpredictor = atoi(cp+1);
data/largetifftools-1.3.10/src/tiffmakemosaic.c:923:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			    (void *) fopen(outfilename, "wb") :
data/largetifftools-1.3.10/src/tiffmakemosaic.c:1091:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				defpredictor = atoi(cp);
data/largetifftools-1.3.10/src/tiffmakemosaic.c:1093:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				defpreset = atoi(++cp);
data/largetifftools-1.3.10/src/tiffmakemosaic.c:1172:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			defpredictor = atoi(cp+1);
data/largetifftools-1.3.10/src/tifffastcrop.c:128:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int l= strlen(path)-1;
data/largetifftools-1.3.10/src/tifffastcrop.c:134:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		l= strlen(path);
data/largetifftools-1.3.10/src/tifffastcrop.c:141:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(prefix, path, l);
data/largetifftools-1.3.10/src/tifffastcrop.c:150:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int l= strlen(path)-1;
data/largetifftools-1.3.10/src/tifffastcrop.c:156:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		l= strlen(path);
data/largetifftools-1.3.10/src/tiffmakemosaic.c:122:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int l= strlen(path)-1;
data/largetifftools-1.3.10/src/tiffmakemosaic.c:128:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		l= strlen(path);
data/largetifftools-1.3.10/src/tiffmakemosaic.c:135:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(prefix, path, l);
data/largetifftools-1.3.10/src/tiffmakemosaic.c:1319:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            (arglength= strlen(argv[arg+1])) == 0) {
data/largetifftools-1.3.10/src/tiffsplittiles.c:66:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l= strlen(path)-1;
data/largetifftools-1.3.10/src/tiffsplittiles.c:72:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  l= strlen(path);
data/largetifftools-1.3.10/src/tiffsplittiles.c:80:1:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
strncpy(prefix, path, l);

ANALYSIS SUMMARY:

Hits = 37
Lines analyzed = 3163 in approximately 0.14 seconds (21879 lines/second)
Physical Source Lines of Code (SLOC) = 2605
Hits@level = [0] 130 [1]  12 [2]  10 [3]   0 [4]  15 [5]   0
Hits@level+ = [0+] 167 [1+]  37 [2+]  25 [3+]  15 [4+]  15 [5+]   0
Hits/KSLOC@level+ = [0+] 64.1075 [1+] 14.2035 [2+] 9.59693 [3+] 5.75816 [4+] 5.75816 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.