Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/lib3ds-1.3.0/tools/3dsdump.c
Examining data/lib3ds-1.3.0/examples/3dsplay.c
Examining data/lib3ds-1.3.0/lib3ds/background.h
Examining data/lib3ds-1.3.0/lib3ds/atmosphere.h
Examining data/lib3ds-1.3.0/lib3ds/camera.h
Examining data/lib3ds-1.3.0/lib3ds/file.h
Examining data/lib3ds-1.3.0/lib3ds/node.c
Examining data/lib3ds-1.3.0/lib3ds/quat.h
Examining data/lib3ds-1.3.0/lib3ds/light.c
Examining data/lib3ds-1.3.0/lib3ds/viewport.h
Examining data/lib3ds-1.3.0/lib3ds/material.h
Examining data/lib3ds-1.3.0/lib3ds/tracks.h
Examining data/lib3ds-1.3.0/lib3ds/ease.c
Examining data/lib3ds-1.3.0/lib3ds/shadow.h
Examining data/lib3ds-1.3.0/lib3ds/ease.h
Examining data/lib3ds-1.3.0/lib3ds/vector.h
Examining data/lib3ds-1.3.0/lib3ds/mesh.c
Examining data/lib3ds-1.3.0/lib3ds/mesh.h
Examining data/lib3ds-1.3.0/lib3ds/matrix.c
Examining data/lib3ds-1.3.0/lib3ds/file.c
Examining data/lib3ds-1.3.0/lib3ds/chunk.c
Examining data/lib3ds-1.3.0/lib3ds/io.c
Examining data/lib3ds-1.3.0/lib3ds/tracks.c
Examining data/lib3ds-1.3.0/lib3ds/shadow.c
Examining data/lib3ds-1.3.0/lib3ds/tcb.c
Examining data/lib3ds-1.3.0/lib3ds/types.h
Examining data/lib3ds-1.3.0/lib3ds/node.h
Examining data/lib3ds-1.3.0/lib3ds/background.c
Examining data/lib3ds-1.3.0/lib3ds/chunktable.h
Examining data/lib3ds-1.3.0/lib3ds/tcb.h
Examining data/lib3ds-1.3.0/lib3ds/viewport.c
Examining data/lib3ds-1.3.0/lib3ds/light.h
Examining data/lib3ds-1.3.0/lib3ds/camera.c
Examining data/lib3ds-1.3.0/lib3ds/matrix.h
Examining data/lib3ds-1.3.0/lib3ds/material.c
Examining data/lib3ds-1.3.0/lib3ds/quat.c
Examining data/lib3ds-1.3.0/lib3ds/io.h
Examining data/lib3ds-1.3.0/lib3ds/vector.c
Examining data/lib3ds-1.3.0/lib3ds/atmosphere.c
Examining data/lib3ds-1.3.0/lib3ds/chunk.h
FINAL RESULTS:
data/lib3ds-1.3.0/examples/3dsplay.c:275:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(node->name, mesh->name);
data/lib3ds-1.3.0/examples/3dsplay.c:518:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(texname, datapath);
data/lib3ds-1.3.0/examples/3dsplay.c:520:19: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(texname, tex->name);
data/lib3ds-1.3.0/examples/3dsplay.c:1108:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, fn);
data/lib3ds-1.3.0/examples/3dsplay.c:1111:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, ptr+1);
data/lib3ds-1.3.0/examples/3dsplay.c:1112:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(datapath, fn);
data/lib3ds-1.3.0/lib3ds/camera.c:59:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(camera->name, name);
data/lib3ds-1.3.0/lib3ds/chunk.c:305:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(s, format, marker);
data/lib3ds-1.3.0/lib3ds/file.c:1369:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, parent);
data/lib3ds-1.3.0/lib3ds/file.c:1371:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(name, node->name);
data/lib3ds-1.3.0/lib3ds/light.c:51:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(light->name, name);
data/lib3ds-1.3.0/lib3ds/mesh.c:91:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mesh->faceL[index].material, name);
data/lib3ds-1.3.0/lib3ds/mesh.c:102:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mesh->box_map.front, name);
data/lib3ds-1.3.0/lib3ds/mesh.c:106:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mesh->box_map.back, name);
data/lib3ds-1.3.0/lib3ds/mesh.c:110:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mesh->box_map.left, name);
data/lib3ds-1.3.0/lib3ds/mesh.c:114:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mesh->box_map.right, name);
data/lib3ds-1.3.0/lib3ds/mesh.c:118:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mesh->box_map.top, name);
data/lib3ds-1.3.0/lib3ds/mesh.c:122:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mesh->box_map.bottom, name);
data/lib3ds-1.3.0/lib3ds/mesh.c:162:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mesh->name, name);
data/lib3ds-1.3.0/lib3ds/tracks.c:1347:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p,track->keyL->name);
data/lib3ds-1.3.0/lib3ds/tracks.c:1365:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p,result);
data/lib3ds-1.3.0/examples/3dsplay.c:73:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char datapath[256];
data/lib3ds-1.3.0/examples/3dsplay.c:74:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[256];
data/lib3ds-1.3.0/examples/3dsplay.c:514:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char texname[1024];
data/lib3ds-1.3.0/examples/3dsplay.c:688:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(l->color, ln->data.light.col, sizeof(Lib3dsRgb));
data/lib3ds-1.3.0/examples/3dsplay.c:689:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(l->position, ln->data.light.pos, sizeof(Lib3dsVector));
data/lib3ds-1.3.0/examples/3dsplay.c:693:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(l->spot, sn->data.spot.pos, sizeof(Lib3dsVector));
data/lib3ds-1.3.0/lib3ds/background.h:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/lib3ds-1.3.0/lib3ds/camera.h:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/lib3ds-1.3.0/lib3ds/chunk.c:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lib3ds_chunk_level[128]="";
data/lib3ds-1.3.0/lib3ds/chunk.c:46:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(lib3ds_chunk_level, " ");
data/lib3ds-1.3.0/lib3ds/chunk.c:301:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/lib3ds-1.3.0/lib3ds/file.c:122:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rb");
data/lib3ds-1.3.0/lib3ds/file.c:179:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "wb");
data/lib3ds-1.3.0/lib3ds/file.c:225:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(file->name, "LIB3DS");
data/lib3ds-1.3.0/lib3ds/file.c:322:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/lib3ds-1.3.0/lib3ds/file.c:1365:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[255];
data/lib3ds-1.3.0/lib3ds/file.h:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[12+1];
data/lib3ds-1.3.0/lib3ds/light.h:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/lib3ds-1.3.0/lib3ds/light.h:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char projector[64];
data/lib3ds-1.3.0/lib3ds/material.h:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/lib3ds-1.3.0/lib3ds/material.h:117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64]; /*! Material name */
data/lib3ds-1.3.0/lib3ds/matrix.c:85:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, sizeof(Lib3dsMatrix));
data/lib3ds-1.3.0/lib3ds/matrix.c:198:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, m, sizeof(Lib3dsMatrix));
data/lib3ds-1.3.0/lib3ds/matrix.c:521:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a1,m[1],4*sizeof(Lib3dsFloat));
data/lib3ds-1.3.0/lib3ds/matrix.c:522:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a2,m[2],4*sizeof(Lib3dsFloat));
data/lib3ds-1.3.0/lib3ds/matrix.c:547:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a0,m[0],4*sizeof(Lib3dsFloat));
data/lib3ds-1.3.0/lib3ds/matrix.c:548:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a2,m[2],4*sizeof(Lib3dsFloat));
data/lib3ds-1.3.0/lib3ds/matrix.c:573:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a0,m[0],4*sizeof(Lib3dsFloat));
data/lib3ds-1.3.0/lib3ds/matrix.c:574:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a1,m[1],4*sizeof(Lib3dsFloat));
data/lib3ds-1.3.0/lib3ds/mesh.c:79:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/lib3ds-1.3.0/lib3ds/mesh.c:97:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/lib3ds-1.3.0/lib3ds/mesh.h:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char material[64]; /*! Material name */
data/lib3ds-1.3.0/lib3ds/mesh.h:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char front[64];
data/lib3ds-1.3.0/lib3ds/mesh.h:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char back[64];
data/lib3ds-1.3.0/lib3ds/mesh.h:83:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char left[64];
data/lib3ds-1.3.0/lib3ds/mesh.h:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char right[64];
data/lib3ds-1.3.0/lib3ds/mesh.h:85:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char top[64];
data/lib3ds-1.3.0/lib3ds/mesh.h:86:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bottom[64];
data/lib3ds-1.3.0/lib3ds/mesh.h:121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64]; /*< Mesh name. Don't use more than 8 characters */
data/lib3ds-1.3.0/lib3ds/node.c:456:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[128];
data/lib3ds-1.3.0/lib3ds/node.h:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char instance[64];
data/lib3ds-1.3.0/lib3ds/node.h:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char morph[64];
data/lib3ds-1.3.0/lib3ds/node.h:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/lib3ds-1.3.0/lib3ds/tracks.h:139:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/lib3ds-1.3.0/lib3ds/viewport.h:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char camera[11];
data/lib3ds-1.3.0/lib3ds/viewport.h:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char camera[64];
data/lib3ds-1.3.0/examples/3dsplay.c:519:19: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(texname, "/");
data/lib3ds-1.3.0/examples/3dsplay.c:1107:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(datapath, ".");
data/lib3ds-1.3.0/lib3ds/background.c:203:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(background->bitmap.name)) { /*---- LIB3DS_BIT_MAP ----*/
data/lib3ds-1.3.0/lib3ds/background.c:206:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c.size=6+1+(Lib3dsDword)strlen(background->bitmap.name);
data/lib3ds-1.3.0/lib3ds/camera.c:53:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(strlen(name)<64);
data/lib3ds-1.3.0/lib3ds/chunk.c:53:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lib3ds_chunk_level[strlen(lib3ds_chunk_level)-2]=0;
data/lib3ds-1.3.0/lib3ds/file.c:1027:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c.size=6 + 2 + (Lib3dsDword)strlen(file->name)+1 +4;
data/lib3ds-1.3.0/lib3ds/file.c:1370:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(name, ".");
data/lib3ds-1.3.0/lib3ds/io.c:522:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lib3ds_io_write(io, s, strlen(s)+1);
data/lib3ds-1.3.0/lib3ds/light.c:45:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(strlen(name)<64);
data/lib3ds-1.3.0/lib3ds/material.c:307:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(texture->name)==0) {
data/lib3ds-1.3.0/lib3ds/material.c:732:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(map->name)==0) {
data/lib3ds-1.3.0/lib3ds/material.c:745:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c.size=6+(Lib3dsDword)strlen(map->name)+1;
data/lib3ds-1.3.0/lib3ds/material.c:879:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c.size=6+(Lib3dsDword)strlen(material->name)+1;
data/lib3ds-1.3.0/lib3ds/mesh.c:58:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(mesh->faceL[i].material, "");
data/lib3ds-1.3.0/lib3ds/mesh.c:156:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(strlen(name)<64);
data/lib3ds-1.3.0/lib3ds/mesh.c:871:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!matf[i] && strlen(mesh->faceL[i].material)) {
data/lib3ds-1.3.0/lib3ds/mesh.c:880:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c.size=6+ (Lib3dsDword)strlen(mesh->faceL[i].material)+1 +2+2*num;
data/lib3ds-1.3.0/lib3ds/mesh.c:913:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mesh->box_map.front) ||
data/lib3ds-1.3.0/lib3ds/mesh.c:914:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(mesh->box_map.back) ||
data/lib3ds-1.3.0/lib3ds/mesh.c:915:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(mesh->box_map.left) ||
data/lib3ds-1.3.0/lib3ds/mesh.c:916:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(mesh->box_map.right) ||
data/lib3ds-1.3.0/lib3ds/mesh.c:917:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(mesh->box_map.top) ||
data/lib3ds-1.3.0/lib3ds/mesh.c:918:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(mesh->box_map.bottom)) {
data/lib3ds-1.3.0/lib3ds/node.c:791:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c.size=6+ 1+(Lib3dsDword)strlen(node->name) +2+2+2;
data/lib3ds-1.3.0/lib3ds/node.c:826:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(node->data.object.instance)) {
data/lib3ds-1.3.0/lib3ds/node.c:830:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c.size=6+1+(Lib3dsDword)strlen(name);
data/lib3ds-1.3.0/lib3ds/tracks.c:1343:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(p,"");
data/lib3ds-1.3.0/lib3ds/tracks.c:1368:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(p,"");
ANALYSIS SUMMARY:
Hits = 96
Lines analyzed = 15101 in approximately 0.42 seconds (36186 lines/second)
Physical Source Lines of Code (SLOC) = 10676
Hits@level = [0] 168 [1] 29 [2] 46 [3] 0 [4] 21 [5] 0
Hits@level+ = [0+] 264 [1+] 96 [2+] 67 [3+] 21 [4+] 21 [5+] 0
Hits/KSLOC@level+ = [0+] 24.7284 [1+] 8.99213 [2+] 6.27576 [3+] 1.96703 [4+] 1.96703 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.