Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libdmtx-0.7.5/dmtx.c Examining data/libdmtx-0.7.5/dmtx.h Examining data/libdmtx-0.7.5/dmtxbytelist.c Examining data/libdmtx-0.7.5/dmtxdecode.c Examining data/libdmtx-0.7.5/dmtxdecodescheme.c Examining data/libdmtx-0.7.5/dmtxencode.c Examining data/libdmtx-0.7.5/dmtxencodeascii.c Examining data/libdmtx-0.7.5/dmtxencodebase256.c Examining data/libdmtx-0.7.5/dmtxencodec40textx12.c Examining data/libdmtx-0.7.5/dmtxencodeedifact.c Examining data/libdmtx-0.7.5/dmtxencodeoptimize.c Examining data/libdmtx-0.7.5/dmtxencodescheme.c Examining data/libdmtx-0.7.5/dmtxencodestream.c Examining data/libdmtx-0.7.5/dmtximage.c Examining data/libdmtx-0.7.5/dmtxmatrix3.c Examining data/libdmtx-0.7.5/dmtxmessage.c Examining data/libdmtx-0.7.5/dmtxplacemod.c Examining data/libdmtx-0.7.5/dmtxreedsol.c Examining data/libdmtx-0.7.5/dmtxregion.c Examining data/libdmtx-0.7.5/dmtxscangrid.c Examining data/libdmtx-0.7.5/dmtxstatic.h Examining data/libdmtx-0.7.5/dmtxsymbol.c Examining data/libdmtx-0.7.5/dmtxtime.c Examining data/libdmtx-0.7.5/dmtxvector2.c Examining data/libdmtx-0.7.5/test/multi_test/_kiss_fft_guts.h Examining data/libdmtx-0.7.5/test/multi_test/dmtx.c Examining data/libdmtx-0.7.5/test/multi_test/dmtxaccel.c Examining data/libdmtx-0.7.5/test/multi_test/dmtxdecode2.c Examining data/libdmtx-0.7.5/test/multi_test/dmtxhough.c Examining data/libdmtx-0.7.5/test/multi_test/dmtxregion2.c Examining data/libdmtx-0.7.5/test/multi_test/dmtxsobel.c Examining data/libdmtx-0.7.5/test/multi_test/dmtxvaluegrid.c Examining data/libdmtx-0.7.5/test/multi_test/kiss_fft.c Examining data/libdmtx-0.7.5/test/multi_test/kiss_fft.h Examining data/libdmtx-0.7.5/test/multi_test/kiss_fftr.c Examining data/libdmtx-0.7.5/test/multi_test/kiss_fftr.h Examining data/libdmtx-0.7.5/test/multi_test/multi_test.c Examining data/libdmtx-0.7.5/test/multi_test/multi_test.h Examining data/libdmtx-0.7.5/test/multi_test/visualize.c Examining data/libdmtx-0.7.5/test/rotate_test/callback.c Examining data/libdmtx-0.7.5/test/rotate_test/callback.h Examining data/libdmtx-0.7.5/test/rotate_test/display.c Examining data/libdmtx-0.7.5/test/rotate_test/display.h Examining data/libdmtx-0.7.5/test/rotate_test/dmtx.c Examining data/libdmtx-0.7.5/test/rotate_test/image.c Examining data/libdmtx-0.7.5/test/rotate_test/image.h Examining data/libdmtx-0.7.5/test/rotate_test/rotate_test.c Examining data/libdmtx-0.7.5/test/rotate_test/rotate_test.h Examining data/libdmtx-0.7.5/test/simple_test/simple_test.c Examining data/libdmtx-0.7.5/test/unit_test/unit_test.c FINAL RESULTS: data/libdmtx-0.7.5/test/rotate_test/image.c:36:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(filepath, gFilename[gFileIdx]); data/libdmtx-0.7.5/dmtx.h:503:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char encodedWords[1558]; data/libdmtx-0.7.5/dmtx.h:520:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char value[3]; data/libdmtx-0.7.5/dmtx.h:528:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char value[4]; data/libdmtx-0.7.5/dmtxbytelist.c:91:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->b, src->b, sizeof(unsigned char) * length); data/libdmtx-0.7.5/dmtxdecode.c:467:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oMsg->output + offset, rMsg->output, rMsg->outputIdx); data/libdmtx-0.7.5/dmtxdecode.c:469:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oMsg->output + offset, gMsg->output, gMsg->outputIdx); data/libdmtx-0.7.5/dmtxdecode.c:471:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oMsg->output + offset, bMsg->output, bMsg->outputIdx); data/libdmtx-0.7.5/dmtxdecodescheme.c:415:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char unpacked[4]; data/libdmtx-0.7.5/dmtxencode.c:199:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(enc->message->code, output.b, output.length); data/libdmtx-0.7.5/dmtxencodeoptimize.c:44:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[32]; data/libdmtx-0.7.5/dmtxmatrix3.c:26:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m0, m1, sizeof(DmtxMatrix3)); data/libdmtx-0.7.5/dmtxregion.c:34:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(regCopy, reg, sizeof(DmtxRegion)); data/libdmtx-0.7.5/dmtxregion.c:1294:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char houghTest[DMTX_HOUGH_RES]; data/libdmtx-0.7.5/dmtxregion.c:1414:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char houghTest[DMTX_HOUGH_RES]; data/libdmtx-0.7.5/dmtxregion.c:1853:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(imagePath, "wb"); data/libdmtx-0.7.5/test/multi_test/dmtxregion2.c:813:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char colorStrip[26] = { 0 }; data/libdmtx-0.7.5/test/multi_test/kiss_fft.c:390:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fout,tmpbuf,sizeof(kiss_fft_cpx)*st->nfft); data/libdmtx-0.7.5/test/multi_test/multi_test.c:359:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(writePixel, readTL, localBpp); data/libdmtx-0.7.5/test/multi_test/visualize.c:201:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rgb[3]; data/libdmtx-0.7.5/test/multi_test/visualize.c:205:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pixbuf[12288]; /* 64 * 64 * 3 */ data/libdmtx-0.7.5/test/multi_test/visualize.c:273:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pixbuf[24576]; /* 128 * 64 * 3 */ data/libdmtx-0.7.5/test/multi_test/visualize.c:590:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pixbuf[49152]; /* 128 * 128 * 3 */ data/libdmtx-0.7.5/test/rotate_test/image.c:33:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filepath[128]; data/libdmtx-0.7.5/test/rotate_test/image.c:35:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(filepath, "images/"); data/libdmtx-0.7.5/test/rotate_test/image.c:88:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename, "rb"); data/libdmtx-0.7.5/test/rotate_test/image.c:164:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pxl + (row * (*width) * 3), row_pointers[(*height) - row - 1], (*width) * 3); data/libdmtx-0.7.5/test/rotate_test/rotate_test.c:63:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char outputString[1024]; data/libdmtx-0.7.5/test/simple_test/simple_test.c:59:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pxl, enc->image->pxl, width * height * bytesPerPixel); data/libdmtx-0.7.5/test/simple_test/simple_test.c:49:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dmtxEncodeDataMatrix(enc, strlen((const char *)str), str); ANALYSIS SUMMARY: Hits = 30 Lines analyzed = 16387 in approximately 0.51 seconds (32212 lines/second) Physical Source Lines of Code (SLOC) = 10495 Hits@level = [0] 52 [1] 1 [2] 28 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 82 [1+] 30 [2+] 29 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 7.81324 [1+] 2.8585 [2+] 2.76322 [3+] 0.0952835 [4+] 0.0952835 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.