Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/lib3ds-1.3.0/tools/3dsdump.c Examining data/lib3ds-1.3.0/examples/3dsplay.c Examining data/lib3ds-1.3.0/lib3ds/background.h Examining data/lib3ds-1.3.0/lib3ds/atmosphere.h Examining data/lib3ds-1.3.0/lib3ds/camera.h Examining data/lib3ds-1.3.0/lib3ds/file.h Examining data/lib3ds-1.3.0/lib3ds/node.c Examining data/lib3ds-1.3.0/lib3ds/quat.h Examining data/lib3ds-1.3.0/lib3ds/light.c Examining data/lib3ds-1.3.0/lib3ds/viewport.h Examining data/lib3ds-1.3.0/lib3ds/material.h Examining data/lib3ds-1.3.0/lib3ds/tracks.h Examining data/lib3ds-1.3.0/lib3ds/ease.c Examining data/lib3ds-1.3.0/lib3ds/shadow.h Examining data/lib3ds-1.3.0/lib3ds/ease.h Examining data/lib3ds-1.3.0/lib3ds/vector.h Examining data/lib3ds-1.3.0/lib3ds/mesh.c Examining data/lib3ds-1.3.0/lib3ds/mesh.h Examining data/lib3ds-1.3.0/lib3ds/matrix.c Examining data/lib3ds-1.3.0/lib3ds/file.c Examining data/lib3ds-1.3.0/lib3ds/chunk.c Examining data/lib3ds-1.3.0/lib3ds/io.c Examining data/lib3ds-1.3.0/lib3ds/tracks.c Examining data/lib3ds-1.3.0/lib3ds/shadow.c Examining data/lib3ds-1.3.0/lib3ds/tcb.c Examining data/lib3ds-1.3.0/lib3ds/types.h Examining data/lib3ds-1.3.0/lib3ds/node.h Examining data/lib3ds-1.3.0/lib3ds/background.c Examining data/lib3ds-1.3.0/lib3ds/chunktable.h Examining data/lib3ds-1.3.0/lib3ds/tcb.h Examining data/lib3ds-1.3.0/lib3ds/viewport.c Examining data/lib3ds-1.3.0/lib3ds/light.h Examining data/lib3ds-1.3.0/lib3ds/camera.c Examining data/lib3ds-1.3.0/lib3ds/matrix.h Examining data/lib3ds-1.3.0/lib3ds/material.c Examining data/lib3ds-1.3.0/lib3ds/quat.c Examining data/lib3ds-1.3.0/lib3ds/io.h Examining data/lib3ds-1.3.0/lib3ds/vector.c Examining data/lib3ds-1.3.0/lib3ds/atmosphere.c Examining data/lib3ds-1.3.0/lib3ds/chunk.h FINAL RESULTS: data/lib3ds-1.3.0/examples/3dsplay.c:275:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(node->name, mesh->name); data/lib3ds-1.3.0/examples/3dsplay.c:518:19: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(texname, datapath); data/lib3ds-1.3.0/examples/3dsplay.c:520:19: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(texname, tex->name); data/lib3ds-1.3.0/examples/3dsplay.c:1108:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filename, fn); data/lib3ds-1.3.0/examples/3dsplay.c:1111:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filename, ptr+1); data/lib3ds-1.3.0/examples/3dsplay.c:1112:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(datapath, fn); data/lib3ds-1.3.0/lib3ds/camera.c:59:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(camera->name, name); data/lib3ds-1.3.0/lib3ds/chunk.c:305:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(s, format, marker); data/lib3ds-1.3.0/lib3ds/file.c:1369:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, parent); data/lib3ds-1.3.0/lib3ds/file.c:1371:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(name, node->name); data/lib3ds-1.3.0/lib3ds/light.c:51:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(light->name, name); data/lib3ds-1.3.0/lib3ds/mesh.c:91:15: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mesh->faceL[index].material, name); data/lib3ds-1.3.0/lib3ds/mesh.c:102:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mesh->box_map.front, name); data/lib3ds-1.3.0/lib3ds/mesh.c:106:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mesh->box_map.back, name); data/lib3ds-1.3.0/lib3ds/mesh.c:110:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mesh->box_map.left, name); data/lib3ds-1.3.0/lib3ds/mesh.c:114:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mesh->box_map.right, name); data/lib3ds-1.3.0/lib3ds/mesh.c:118:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mesh->box_map.top, name); data/lib3ds-1.3.0/lib3ds/mesh.c:122:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mesh->box_map.bottom, name); data/lib3ds-1.3.0/lib3ds/mesh.c:162:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mesh->name, name); data/lib3ds-1.3.0/lib3ds/tracks.c:1347:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p,track->keyL->name); data/lib3ds-1.3.0/lib3ds/tracks.c:1365:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p,result); data/lib3ds-1.3.0/examples/3dsplay.c:73:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char datapath[256]; data/lib3ds-1.3.0/examples/3dsplay.c:74:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char filename[256]; data/lib3ds-1.3.0/examples/3dsplay.c:514:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char texname[1024]; data/lib3ds-1.3.0/examples/3dsplay.c:688:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(l->color, ln->data.light.col, sizeof(Lib3dsRgb)); data/lib3ds-1.3.0/examples/3dsplay.c:689:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(l->position, ln->data.light.pos, sizeof(Lib3dsVector)); data/lib3ds-1.3.0/examples/3dsplay.c:693:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(l->spot, sn->data.spot.pos, sizeof(Lib3dsVector)); data/lib3ds-1.3.0/lib3ds/background.h:40:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/lib3ds-1.3.0/lib3ds/camera.h:40:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/lib3ds-1.3.0/lib3ds/chunk.c:40:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char lib3ds_chunk_level[128]=""; data/lib3ds-1.3.0/lib3ds/chunk.c:46:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(lib3ds_chunk_level, " "); data/lib3ds-1.3.0/lib3ds/chunk.c:301:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[1024]; data/lib3ds-1.3.0/lib3ds/file.c:122:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "rb"); data/lib3ds-1.3.0/lib3ds/file.c:179:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "wb"); data/lib3ds-1.3.0/lib3ds/file.c:225:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(file->name, "LIB3DS"); data/lib3ds-1.3.0/lib3ds/file.c:322:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/lib3ds-1.3.0/lib3ds/file.c:1365:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[255]; data/lib3ds-1.3.0/lib3ds/file.h:50:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[12+1]; data/lib3ds-1.3.0/lib3ds/light.h:40:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/lib3ds-1.3.0/lib3ds/light.h:61:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char projector[64]; data/lib3ds-1.3.0/lib3ds/material.h:55:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/lib3ds-1.3.0/lib3ds/material.h:117:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; /*! Material name */ data/lib3ds-1.3.0/lib3ds/matrix.c:85:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, src, sizeof(Lib3dsMatrix)); data/lib3ds-1.3.0/lib3ds/matrix.c:198:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, m, sizeof(Lib3dsMatrix)); data/lib3ds-1.3.0/lib3ds/matrix.c:521:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a1,m[1],4*sizeof(Lib3dsFloat)); data/lib3ds-1.3.0/lib3ds/matrix.c:522:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a2,m[2],4*sizeof(Lib3dsFloat)); data/lib3ds-1.3.0/lib3ds/matrix.c:547:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a0,m[0],4*sizeof(Lib3dsFloat)); data/lib3ds-1.3.0/lib3ds/matrix.c:548:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a2,m[2],4*sizeof(Lib3dsFloat)); data/lib3ds-1.3.0/lib3ds/matrix.c:573:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a0,m[0],4*sizeof(Lib3dsFloat)); data/lib3ds-1.3.0/lib3ds/matrix.c:574:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a1,m[1],4*sizeof(Lib3dsFloat)); data/lib3ds-1.3.0/lib3ds/mesh.c:79:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/lib3ds-1.3.0/lib3ds/mesh.c:97:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/lib3ds-1.3.0/lib3ds/mesh.h:49:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char material[64]; /*! Material name */ data/lib3ds-1.3.0/lib3ds/mesh.h:81:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char front[64]; data/lib3ds-1.3.0/lib3ds/mesh.h:82:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char back[64]; data/lib3ds-1.3.0/lib3ds/mesh.h:83:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char left[64]; data/lib3ds-1.3.0/lib3ds/mesh.h:84:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char right[64]; data/lib3ds-1.3.0/lib3ds/mesh.h:85:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char top[64]; data/lib3ds-1.3.0/lib3ds/mesh.h:86:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bottom[64]; data/lib3ds-1.3.0/lib3ds/mesh.h:121:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; /*< Mesh name. Don't use more than 8 characters */ data/lib3ds-1.3.0/lib3ds/node.c:456:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char l[128]; data/lib3ds-1.3.0/lib3ds/node.h:49:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char instance[64]; data/lib3ds-1.3.0/lib3ds/node.h:59:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char morph[64]; data/lib3ds-1.3.0/lib3ds/node.h:142:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/lib3ds-1.3.0/lib3ds/tracks.h:139:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/lib3ds-1.3.0/lib3ds/viewport.h:64:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char camera[11]; data/lib3ds-1.3.0/lib3ds/viewport.h:113:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char camera[64]; data/lib3ds-1.3.0/examples/3dsplay.c:519:19: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(texname, "/"); data/lib3ds-1.3.0/examples/3dsplay.c:1107:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(datapath, "."); data/lib3ds-1.3.0/lib3ds/background.c:203:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(background->bitmap.name)) { /*---- LIB3DS_BIT_MAP ----*/ data/lib3ds-1.3.0/lib3ds/background.c:206:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c.size=6+1+(Lib3dsDword)strlen(background->bitmap.name); data/lib3ds-1.3.0/lib3ds/camera.c:53:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ASSERT(strlen(name)<64); data/lib3ds-1.3.0/lib3ds/chunk.c:53:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lib3ds_chunk_level[strlen(lib3ds_chunk_level)-2]=0; data/lib3ds-1.3.0/lib3ds/file.c:1027:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c.size=6 + 2 + (Lib3dsDword)strlen(file->name)+1 +4; data/lib3ds-1.3.0/lib3ds/file.c:1370:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(name, "."); data/lib3ds-1.3.0/lib3ds/io.c:522:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lib3ds_io_write(io, s, strlen(s)+1); data/lib3ds-1.3.0/lib3ds/light.c:45:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ASSERT(strlen(name)<64); data/lib3ds-1.3.0/lib3ds/material.c:307:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(texture->name)==0) { data/lib3ds-1.3.0/lib3ds/material.c:732:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(map->name)==0) { data/lib3ds-1.3.0/lib3ds/material.c:745:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c.size=6+(Lib3dsDword)strlen(map->name)+1; data/lib3ds-1.3.0/lib3ds/material.c:879:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c.size=6+(Lib3dsDword)strlen(material->name)+1; data/lib3ds-1.3.0/lib3ds/mesh.c:58:7: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mesh->faceL[i].material, ""); data/lib3ds-1.3.0/lib3ds/mesh.c:156:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ASSERT(strlen(name)<64); data/lib3ds-1.3.0/lib3ds/mesh.c:871:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!matf[i] && strlen(mesh->faceL[i].material)) { data/lib3ds-1.3.0/lib3ds/mesh.c:880:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c.size=6+ (Lib3dsDword)strlen(mesh->faceL[i].material)+1 +2+2*num; data/lib3ds-1.3.0/lib3ds/mesh.c:913:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(mesh->box_map.front) || data/lib3ds-1.3.0/lib3ds/mesh.c:914:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(mesh->box_map.back) || data/lib3ds-1.3.0/lib3ds/mesh.c:915:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(mesh->box_map.left) || data/lib3ds-1.3.0/lib3ds/mesh.c:916:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(mesh->box_map.right) || data/lib3ds-1.3.0/lib3ds/mesh.c:917:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(mesh->box_map.top) || data/lib3ds-1.3.0/lib3ds/mesh.c:918:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(mesh->box_map.bottom)) { data/lib3ds-1.3.0/lib3ds/node.c:791:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c.size=6+ 1+(Lib3dsDword)strlen(node->name) +2+2+2; data/lib3ds-1.3.0/lib3ds/node.c:826:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(node->data.object.instance)) { data/lib3ds-1.3.0/lib3ds/node.c:830:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c.size=6+1+(Lib3dsDword)strlen(name); data/lib3ds-1.3.0/lib3ds/tracks.c:1343:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(p,""); data/lib3ds-1.3.0/lib3ds/tracks.c:1368:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(p,""); ANALYSIS SUMMARY: Hits = 96 Lines analyzed = 15101 in approximately 0.42 seconds (36186 lines/second) Physical Source Lines of Code (SLOC) = 10676 Hits@level = [0] 168 [1] 29 [2] 46 [3] 0 [4] 21 [5] 0 Hits@level+ = [0+] 264 [1+] 96 [2+] 67 [3+] 21 [4+] 21 [5+] 0 Hits/KSLOC@level+ = [0+] 24.7284 [1+] 8.99213 [2+] 6.27576 [3+] 1.96703 [4+] 1.96703 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.