Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libemf-1.0.13/include/libEMF/emf.h
Examining data/libemf-1.0.13/include/libEMF/wine/basetsd.h
Examining data/libemf-1.0.13/include/libEMF/wine/guiddef.h
Examining data/libemf-1.0.13/include/libEMF/wine/poppack.h
Examining data/libemf-1.0.13/include/libEMF/wine/pshpack2.h
Examining data/libemf-1.0.13/include/libEMF/wine/pshpack4.h
Examining data/libemf-1.0.13/include/libEMF/wine/w16.h
Examining data/libemf-1.0.13/include/libEMF/wine/winbase.h
Examining data/libemf-1.0.13/include/libEMF/wine/windef.h
Examining data/libemf-1.0.13/include/libEMF/wine/winerror.h
Examining data/libemf-1.0.13/include/libEMF/wine/wingdi.h
Examining data/libemf-1.0.13/include/libEMF/wine/winnt.h
Examining data/libemf-1.0.13/include/libEMF/wine/winuser.h
Examining data/libemf-1.0.13/libemf/libemf.cpp
Examining data/libemf-1.0.13/libemf/libemf.h
Examining data/libemf-1.0.13/src/printemf.c
Examining data/libemf-1.0.13/tests/check1.c
Examining data/libemf-1.0.13/tests/check2.c
Examining data/libemf-1.0.13/tests/check3.c
Examining data/libemf-1.0.13/tests/check4.c
Examining data/libemf-1.0.13/tests/example1.c
Examining data/libemf-1.0.13/tests/example2.c
FINAL RESULTS:
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1381:20: [4] (access) SetThreadToken:
If this call fails, the program could fail to drop heightened privileges
(CWE-250). Make sure the return value is checked, and do not continue if a
failure is reported.
BOOL WINAPI SetThreadToken(PHANDLE,HANDLE);
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1626:20: [4] (buffer) lstrcatA:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
LPSTR WINAPI lstrcatA(LPSTR,LPCSTR);
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1627:20: [4] (buffer) lstrcatW:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
LPWSTR WINAPI lstrcatW(LPWSTR,LPCWSTR);
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1628:13: [4] (buffer) lstrcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
#define lstrcat WINELIB_NAME_AW(lstrcat)
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1628:37: [4] (buffer) lstrcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
#define lstrcat WINELIB_NAME_AW(lstrcat)
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1629:20: [4] (buffer) lstrcpyA:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
LPSTR WINAPI lstrcpyA(LPSTR,LPCSTR);
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1630:20: [4] (buffer) lstrcpyW:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
LPWSTR WINAPI lstrcpyW(LPWSTR,LPCWSTR);
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1631:13: [4] (buffer) lstrcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
#define lstrcpy WINELIB_NAME_AW(lstrcpy)
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1631:37: [4] (buffer) lstrcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
#define lstrcpy WINELIB_NAME_AW(lstrcpy)
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1632:20: [4] (buffer) lstrcpynA:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
LPSTR WINAPI lstrcpynA(LPSTR,LPCSTR,INT);
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1633:20: [4] (buffer) lstrcpynW:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
LPWSTR WINAPI lstrcpynW(LPWSTR,LPCWSTR,INT);
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1638:18: [4] (shell) WinExec:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
HINSTANCE WINAPI WinExec(LPCSTR,UINT);
data/libemf-1.0.13/libemf/libemf.h:1035:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT, tag, rectl.left, rectl.top, rectl.right, rectl.bottom );
data/libemf-1.0.13/libemf/libemf.h:1055:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT, tag,
data/libemf-1.0.13/libemf/libemf.h:1066:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT, tag, size.cx, size.cy );
data/libemf-1.0.13/libemf/libemf.h:1076:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT, tag, point.x, point.y );
data/libemf-1.0.13/libemf/libemf.h:1091:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT0, tag, cptl );
data/libemf-1.0.13/libemf/libemf.h:1094:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT1, points[0].x, points[0].y );
data/libemf-1.0.13/libemf/libemf.h:1098:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT2, tag, points[i].x, points[i].y );
data/libemf-1.0.13/libemf/libemf.h:1164:14: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
default: printf( FMT, style );
data/libemf-1.0.13/libemf/libemf.h:1184:14: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
default: printf( FMT, hatch );
data/libemf-1.0.13/libemf/libemf.h:1614:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT0, iType );
data/libemf-1.0.13/libemf/libemf.h:1615:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT1, nSize );
data/libemf-1.0.13/libemf/libemf.h:1620:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT2, nBytes );
data/libemf-1.0.13/libemf/libemf.h:1621:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT3, nRecords );
data/libemf-1.0.13/libemf/libemf.h:1623:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT4, nDescription );
data/libemf-1.0.13/libemf/libemf.h:1624:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT5, offDescription );
data/libemf-1.0.13/libemf/libemf.h:1625:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT6, nPalEntries );
data/libemf-1.0.13/libemf/libemf.h:1634:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT7, cbPixelFormat );
data/libemf-1.0.13/libemf/libemf.h:1635:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT8, offPixelFormat );
data/libemf-1.0.13/libemf/libemf.h:1636:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT9, bOpenGL );
data/libemf-1.0.13/libemf/libemf.h:1990:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT0, xNum );
data/libemf-1.0.13/libemf/libemf.h:1991:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT1, xDenom );
data/libemf-1.0.13/libemf/libemf.h:1992:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT2, yNum );
data/libemf-1.0.13/libemf/libemf.h:1993:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT3, yDenom );
data/libemf-1.0.13/libemf/libemf.h:2130:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT0, xNum );
data/libemf-1.0.13/libemf/libemf.h:2131:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT1, xDenom );
data/libemf-1.0.13/libemf/libemf.h:2132:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT2, yNum );
data/libemf-1.0.13/libemf/libemf.h:2133:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT3, yDenom );
data/libemf-1.0.13/libemf/libemf.h:2207:16: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
default: printf( FMT, iMode );
data/libemf-1.0.13/libemf/libemf.h:2353:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT, iMode & unknown_bits );
data/libemf-1.0.13/libemf/libemf.h:2535:16: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
default: printf( FMT, iMode );
data/libemf-1.0.13/libemf/libemf.h:2602:16: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
default: printf( FMT, iMode );
data/libemf-1.0.13/libemf/libemf.h:2676:16: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
default: printf( FMT, iMode );
data/libemf-1.0.13/libemf/libemf.h:2735:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT, ihObject );
data/libemf-1.0.13/libemf/libemf.h:2793:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT, ihObject );
data/libemf-1.0.13/libemf/libemf.h:3773:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT0, nPolys );
data/libemf-1.0.13/libemf/libemf.h:3774:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT1, cptl );
data/libemf-1.0.13/libemf/libemf.h:3777:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT2, lcounts[0] );
data/libemf-1.0.13/libemf/libemf.h:3781:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT3, lcounts[i] );
data/libemf-1.0.13/libemf/libemf.h:3784:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT4, lpoints[0].x, lpoints[0].y );
data/libemf-1.0.13/libemf/libemf.h:3788:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT5, lpoints[i].x, lpoints[i].y );
data/libemf-1.0.13/libemf/libemf.h:3978:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT0, nPolys );
data/libemf-1.0.13/libemf/libemf.h:3979:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT1, cpts );
data/libemf-1.0.13/libemf/libemf.h:3982:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT2, lcounts[0] );
data/libemf-1.0.13/libemf/libemf.h:3986:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT3, lcounts[i] );
data/libemf-1.0.13/libemf/libemf.h:4827:16: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
default: printf( FMT0, iGraphicsMode );
data/libemf-1.0.13/libemf/libemf.h:4831:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT1, emrtext.ptlReference.x, emrtext.ptlReference.y );
data/libemf-1.0.13/libemf/libemf.h:4832:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT2, emrtext.nChars );
data/libemf-1.0.13/libemf/libemf.h:4833:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT3, emrtext.offString );
data/libemf-1.0.13/libemf/libemf.h:4871:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT4, emrtext.offDx );
data/libemf-1.0.13/libemf/libemf.h:5075:16: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
default: printf( FMT0, iGraphicsMode );
data/libemf-1.0.13/libemf/libemf.h:5079:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT1, emrtext.ptlReference.x, emrtext.ptlReference.y );
data/libemf-1.0.13/libemf/libemf.h:5080:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT2, emrtext.nChars );
data/libemf-1.0.13/libemf/libemf.h:5081:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT3, emrtext.offString );
data/libemf-1.0.13/libemf/libemf.h:5119:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT4, emrtext.offDx );
data/libemf-1.0.13/libemf/libemf.h:5296:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT0, ihPen );
data/libemf-1.0.13/libemf/libemf.h:5298:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT1, lopn.lopnWidth.x, lopn.lopnWidth.y );
data/libemf-1.0.13/libemf/libemf.h:5364:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT0, ihPen );
data/libemf-1.0.13/libemf/libemf.h:5365:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT1, offBmi );
data/libemf-1.0.13/libemf/libemf.h:5366:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT2, cbBmi );
data/libemf-1.0.13/libemf/libemf.h:5367:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT3, offBits );
data/libemf-1.0.13/libemf/libemf.h:5368:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT4, cbBits );
data/libemf-1.0.13/libemf/libemf.h:5370:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT5, elp.elpWidth );
data/libemf-1.0.13/libemf/libemf.h:5374:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT6, elp.elpNumEntries );
data/libemf-1.0.13/libemf/libemf.h:5426:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT, ihBrush );
data/libemf-1.0.13/libemf/libemf.h:5502:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT0, ihFont );
data/libemf-1.0.13/libemf/libemf.h:5503:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT1, elfw.elfLogFont.lfHeight );
data/libemf-1.0.13/libemf/libemf.h:5504:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT2, elfw.elfLogFont.lfWidth );
data/libemf-1.0.13/libemf/libemf.h:5505:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT3, elfw.elfLogFont.lfEscapement );
data/libemf-1.0.13/libemf/libemf.h:5506:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT4, elfw.elfLogFont.lfOrientation );
data/libemf-1.0.13/libemf/libemf.h:5552:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT5, elfw.elfVersion );
data/libemf-1.0.13/libemf/libemf.h:5553:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT6, elfw.elfStyleSize );
data/libemf-1.0.13/libemf/libemf.h:5554:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT7, elfw.elfMatch );
data/libemf-1.0.13/libemf/libemf.h:5556:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT8, elfw.elfCulture );
data/libemf-1.0.13/libemf/libemf.h:6060:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FMT, iRelative );
data/libemf-1.0.13/src/printemf.c:30:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( stderr, USAGE, argv[0] );
data/libemf-1.0.13/tests/example2.c:41:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( stderr, USAGE, argv[0] );
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1002:13: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
#define EnterCriticalSection(crit) RtlEnterCriticalSection(crit)
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1012:20: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
void WINAPI EnterCriticalSection(CRITICAL_SECTION *lpCrit);
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1017:18: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
void WINAPI InitializeCriticalSection(CRITICAL_SECTION *lpCrit);
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1044:20: [3] (misc) AddAccessAllowedAce:
This doesn't set the inheritance bits in the access control entry (ACE)
header (CWE-732). Make sure that you set inheritance by hand if you wish it
to inherit.
BOOL WINAPI AddAccessAllowedAce(PACL,DWORD,DWORD,PSID);
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1113:13: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
#define CreateProcess WINELIB_NAME_AW(CreateProcess)
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1113:43: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
#define CreateProcess WINELIB_NAME_AW(CreateProcess)
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1520:13: [3] (tmpfile) GetTempFileName:
Temporary file race condition in certain cases (e.g., if run as SYSTEM in
many versions of Windows) (CWE-377).
#define GetTempFileName WINELIB_NAME_AW(GetTempFileName)
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1520:45: [3] (tmpfile) GetTempFileName:
Temporary file race condition in certain cases (e.g., if run as SYSTEM in
many versions of Windows) (CWE-377).
#define GetTempFileName WINELIB_NAME_AW(GetTempFileName)
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1567:13: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
#define LoadLibrary WINELIB_NAME_AW(LoadLibrary)
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1567:41: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
#define LoadLibrary WINELIB_NAME_AW(LoadLibrary)
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1570:13: [3] (misc) LoadLibraryEx:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
#define LoadLibraryEx WINELIB_NAME_AW(LoadLibraryEx)
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1570:43: [3] (misc) LoadLibraryEx:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
#define LoadLibraryEx WINELIB_NAME_AW(LoadLibraryEx)
data/libemf-1.0.13/include/libEMF/wine/guiddef.h:8:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Data4[ 8 ];
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1658:13: [2] (buffer) CopyMemory:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define CopyMemory RtlCopyMemory
data/libemf-1.0.13/include/libEMF/wine/wingdi.h:2954:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Buffer[1];
data/libemf-1.0.13/include/libEMF/wine/winnt.h:4227:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Sourcename[8];
data/libemf-1.0.13/include/libEMF/wine/winnt.h:4650:52: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define RtlCopyMemory(Destination, Source, Length) memcpy((Destination),(Source),(Length))
data/libemf-1.0.13/libemf/libemf.cpp:732:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = ::fopen( filename, "w" );
data/libemf-1.0.13/libemf/libemf.cpp:780:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = ::fopen( filename_a.c_str(), "w" );
data/libemf-1.0.13/libemf/libemf.cpp:1009:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = ::fopen( filename_a.c_str(), "r" );
data/libemf-1.0.13/libemf/libemf.cpp:2746:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( metaheader, dc->header, size );
data/libemf-1.0.13/libemf/libemf.h:208:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char padding_[4]; //!< Pad with '\0's.
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1634:13: [1] (buffer) lstrcpyn:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define lstrcpyn WINELIB_NAME_AW(lstrcpyn)
data/libemf-1.0.13/include/libEMF/wine/winbase.h:1634:38: [1] (buffer) lstrcpyn:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define lstrcpyn WINELIB_NAME_AW(lstrcpyn)
data/libemf-1.0.13/libemf/libemf.cpp:739:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int description1_count = ::strlen( description );
data/libemf-1.0.13/libemf/libemf.cpp:740:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int description2_count = ::strlen( description + (description1_count + 1) );
data/libemf-1.0.13/libemf/libemf.cpp:811:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int description1_count = ::strlen( description );
data/libemf-1.0.13/libemf/libemf.cpp:812:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int description2_count = ::strlen( description + (description1_count + 1) );
data/libemf-1.0.13/libemf/libemf.cpp:981:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int filename_count = ::strlen( filename );
data/libemf-1.0.13/libemf/libemf.cpp:2208:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LPWSTR name_w = new WCHAR[ strlen( name ) + 1 ];
ANALYSIS SUMMARY:
Hits = 118
Lines analyzed = 27361 in approximately 0.66 seconds (41373 lines/second)
Physical Source Lines of Code (SLOC) = 20218
Hits@level = [0] 271 [1] 8 [2] 10 [3] 12 [4] 88 [5] 0
Hits@level+ = [0+] 389 [1+] 118 [2+] 110 [3+] 100 [4+] 88 [5+] 0
Hits/KSLOC@level+ = [0+] 19.2403 [1+] 5.83638 [2+] 5.4407 [3+] 4.94609 [4+] 4.35256 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.