Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libemf-1.0.13/include/libEMF/emf.h Examining data/libemf-1.0.13/include/libEMF/wine/basetsd.h Examining data/libemf-1.0.13/include/libEMF/wine/guiddef.h Examining data/libemf-1.0.13/include/libEMF/wine/poppack.h Examining data/libemf-1.0.13/include/libEMF/wine/pshpack2.h Examining data/libemf-1.0.13/include/libEMF/wine/pshpack4.h Examining data/libemf-1.0.13/include/libEMF/wine/w16.h Examining data/libemf-1.0.13/include/libEMF/wine/winbase.h Examining data/libemf-1.0.13/include/libEMF/wine/windef.h Examining data/libemf-1.0.13/include/libEMF/wine/winerror.h Examining data/libemf-1.0.13/include/libEMF/wine/wingdi.h Examining data/libemf-1.0.13/include/libEMF/wine/winnt.h Examining data/libemf-1.0.13/include/libEMF/wine/winuser.h Examining data/libemf-1.0.13/libemf/libemf.cpp Examining data/libemf-1.0.13/libemf/libemf.h Examining data/libemf-1.0.13/src/printemf.c Examining data/libemf-1.0.13/tests/check1.c Examining data/libemf-1.0.13/tests/check2.c Examining data/libemf-1.0.13/tests/check3.c Examining data/libemf-1.0.13/tests/check4.c Examining data/libemf-1.0.13/tests/example1.c Examining data/libemf-1.0.13/tests/example2.c FINAL RESULTS: data/libemf-1.0.13/include/libEMF/wine/winbase.h:1381:20: [4] (access) SetThreadToken: If this call fails, the program could fail to drop heightened privileges (CWE-250). Make sure the return value is checked, and do not continue if a failure is reported. BOOL WINAPI SetThreadToken(PHANDLE,HANDLE); data/libemf-1.0.13/include/libEMF/wine/winbase.h:1626:20: [4] (buffer) lstrcatA: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). LPSTR WINAPI lstrcatA(LPSTR,LPCSTR); data/libemf-1.0.13/include/libEMF/wine/winbase.h:1627:20: [4] (buffer) lstrcatW: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). LPWSTR WINAPI lstrcatW(LPWSTR,LPCWSTR); data/libemf-1.0.13/include/libEMF/wine/winbase.h:1628:13: [4] (buffer) lstrcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). #define lstrcat WINELIB_NAME_AW(lstrcat) data/libemf-1.0.13/include/libEMF/wine/winbase.h:1628:37: [4] (buffer) lstrcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). #define lstrcat WINELIB_NAME_AW(lstrcat) data/libemf-1.0.13/include/libEMF/wine/winbase.h:1629:20: [4] (buffer) lstrcpyA: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). LPSTR WINAPI lstrcpyA(LPSTR,LPCSTR); data/libemf-1.0.13/include/libEMF/wine/winbase.h:1630:20: [4] (buffer) lstrcpyW: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). LPWSTR WINAPI lstrcpyW(LPWSTR,LPCWSTR); data/libemf-1.0.13/include/libEMF/wine/winbase.h:1631:13: [4] (buffer) lstrcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. #define lstrcpy WINELIB_NAME_AW(lstrcpy) data/libemf-1.0.13/include/libEMF/wine/winbase.h:1631:37: [4] (buffer) lstrcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. #define lstrcpy WINELIB_NAME_AW(lstrcpy) data/libemf-1.0.13/include/libEMF/wine/winbase.h:1632:20: [4] (buffer) lstrcpynA: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). LPSTR WINAPI lstrcpynA(LPSTR,LPCSTR,INT); data/libemf-1.0.13/include/libEMF/wine/winbase.h:1633:20: [4] (buffer) lstrcpynW: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). LPWSTR WINAPI lstrcpynW(LPWSTR,LPCWSTR,INT); data/libemf-1.0.13/include/libEMF/wine/winbase.h:1638:18: [4] (shell) WinExec: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. HINSTANCE WINAPI WinExec(LPCSTR,UINT); data/libemf-1.0.13/libemf/libemf.h:1035:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT, tag, rectl.left, rectl.top, rectl.right, rectl.bottom ); data/libemf-1.0.13/libemf/libemf.h:1055:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT, tag, data/libemf-1.0.13/libemf/libemf.h:1066:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT, tag, size.cx, size.cy ); data/libemf-1.0.13/libemf/libemf.h:1076:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT, tag, point.x, point.y ); data/libemf-1.0.13/libemf/libemf.h:1091:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT0, tag, cptl ); data/libemf-1.0.13/libemf/libemf.h:1094:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT1, points[0].x, points[0].y ); data/libemf-1.0.13/libemf/libemf.h:1098:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT2, tag, points[i].x, points[i].y ); data/libemf-1.0.13/libemf/libemf.h:1164:14: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. default: printf( FMT, style ); data/libemf-1.0.13/libemf/libemf.h:1184:14: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. default: printf( FMT, hatch ); data/libemf-1.0.13/libemf/libemf.h:1614:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT0, iType ); data/libemf-1.0.13/libemf/libemf.h:1615:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT1, nSize ); data/libemf-1.0.13/libemf/libemf.h:1620:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT2, nBytes ); data/libemf-1.0.13/libemf/libemf.h:1621:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT3, nRecords ); data/libemf-1.0.13/libemf/libemf.h:1623:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT4, nDescription ); data/libemf-1.0.13/libemf/libemf.h:1624:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT5, offDescription ); data/libemf-1.0.13/libemf/libemf.h:1625:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT6, nPalEntries ); data/libemf-1.0.13/libemf/libemf.h:1634:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT7, cbPixelFormat ); data/libemf-1.0.13/libemf/libemf.h:1635:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT8, offPixelFormat ); data/libemf-1.0.13/libemf/libemf.h:1636:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT9, bOpenGL ); data/libemf-1.0.13/libemf/libemf.h:1990:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT0, xNum ); data/libemf-1.0.13/libemf/libemf.h:1991:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT1, xDenom ); data/libemf-1.0.13/libemf/libemf.h:1992:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT2, yNum ); data/libemf-1.0.13/libemf/libemf.h:1993:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT3, yDenom ); data/libemf-1.0.13/libemf/libemf.h:2130:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT0, xNum ); data/libemf-1.0.13/libemf/libemf.h:2131:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT1, xDenom ); data/libemf-1.0.13/libemf/libemf.h:2132:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT2, yNum ); data/libemf-1.0.13/libemf/libemf.h:2133:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT3, yDenom ); data/libemf-1.0.13/libemf/libemf.h:2207:16: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. default: printf( FMT, iMode ); data/libemf-1.0.13/libemf/libemf.h:2353:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT, iMode & unknown_bits ); data/libemf-1.0.13/libemf/libemf.h:2535:16: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. default: printf( FMT, iMode ); data/libemf-1.0.13/libemf/libemf.h:2602:16: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. default: printf( FMT, iMode ); data/libemf-1.0.13/libemf/libemf.h:2676:16: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. default: printf( FMT, iMode ); data/libemf-1.0.13/libemf/libemf.h:2735:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT, ihObject ); data/libemf-1.0.13/libemf/libemf.h:2793:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT, ihObject ); data/libemf-1.0.13/libemf/libemf.h:3773:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT0, nPolys ); data/libemf-1.0.13/libemf/libemf.h:3774:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT1, cptl ); data/libemf-1.0.13/libemf/libemf.h:3777:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT2, lcounts[0] ); data/libemf-1.0.13/libemf/libemf.h:3781:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT3, lcounts[i] ); data/libemf-1.0.13/libemf/libemf.h:3784:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT4, lpoints[0].x, lpoints[0].y ); data/libemf-1.0.13/libemf/libemf.h:3788:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT5, lpoints[i].x, lpoints[i].y ); data/libemf-1.0.13/libemf/libemf.h:3978:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT0, nPolys ); data/libemf-1.0.13/libemf/libemf.h:3979:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT1, cpts ); data/libemf-1.0.13/libemf/libemf.h:3982:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT2, lcounts[0] ); data/libemf-1.0.13/libemf/libemf.h:3986:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT3, lcounts[i] ); data/libemf-1.0.13/libemf/libemf.h:4827:16: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. default: printf( FMT0, iGraphicsMode ); data/libemf-1.0.13/libemf/libemf.h:4831:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT1, emrtext.ptlReference.x, emrtext.ptlReference.y ); data/libemf-1.0.13/libemf/libemf.h:4832:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT2, emrtext.nChars ); data/libemf-1.0.13/libemf/libemf.h:4833:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT3, emrtext.offString ); data/libemf-1.0.13/libemf/libemf.h:4871:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT4, emrtext.offDx ); data/libemf-1.0.13/libemf/libemf.h:5075:16: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. default: printf( FMT0, iGraphicsMode ); data/libemf-1.0.13/libemf/libemf.h:5079:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT1, emrtext.ptlReference.x, emrtext.ptlReference.y ); data/libemf-1.0.13/libemf/libemf.h:5080:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT2, emrtext.nChars ); data/libemf-1.0.13/libemf/libemf.h:5081:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT3, emrtext.offString ); data/libemf-1.0.13/libemf/libemf.h:5119:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT4, emrtext.offDx ); data/libemf-1.0.13/libemf/libemf.h:5296:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT0, ihPen ); data/libemf-1.0.13/libemf/libemf.h:5298:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT1, lopn.lopnWidth.x, lopn.lopnWidth.y ); data/libemf-1.0.13/libemf/libemf.h:5364:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT0, ihPen ); data/libemf-1.0.13/libemf/libemf.h:5365:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT1, offBmi ); data/libemf-1.0.13/libemf/libemf.h:5366:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT2, cbBmi ); data/libemf-1.0.13/libemf/libemf.h:5367:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT3, offBits ); data/libemf-1.0.13/libemf/libemf.h:5368:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT4, cbBits ); data/libemf-1.0.13/libemf/libemf.h:5370:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT5, elp.elpWidth ); data/libemf-1.0.13/libemf/libemf.h:5374:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT6, elp.elpNumEntries ); data/libemf-1.0.13/libemf/libemf.h:5426:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT, ihBrush ); data/libemf-1.0.13/libemf/libemf.h:5502:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT0, ihFont ); data/libemf-1.0.13/libemf/libemf.h:5503:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT1, elfw.elfLogFont.lfHeight ); data/libemf-1.0.13/libemf/libemf.h:5504:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT2, elfw.elfLogFont.lfWidth ); data/libemf-1.0.13/libemf/libemf.h:5505:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT3, elfw.elfLogFont.lfEscapement ); data/libemf-1.0.13/libemf/libemf.h:5506:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT4, elfw.elfLogFont.lfOrientation ); data/libemf-1.0.13/libemf/libemf.h:5552:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT5, elfw.elfVersion ); data/libemf-1.0.13/libemf/libemf.h:5553:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT6, elfw.elfStyleSize ); data/libemf-1.0.13/libemf/libemf.h:5554:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT7, elfw.elfMatch ); data/libemf-1.0.13/libemf/libemf.h:5556:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT8, elfw.elfCulture ); data/libemf-1.0.13/libemf/libemf.h:6060:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( FMT, iRelative ); data/libemf-1.0.13/src/printemf.c:30:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf( stderr, USAGE, argv[0] ); data/libemf-1.0.13/tests/example2.c:41:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf( stderr, USAGE, argv[0] ); data/libemf-1.0.13/include/libEMF/wine/winbase.h:1002:13: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. #define EnterCriticalSection(crit) RtlEnterCriticalSection(crit) data/libemf-1.0.13/include/libEMF/wine/winbase.h:1012:20: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. void WINAPI EnterCriticalSection(CRITICAL_SECTION *lpCrit); data/libemf-1.0.13/include/libEMF/wine/winbase.h:1017:18: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. void WINAPI InitializeCriticalSection(CRITICAL_SECTION *lpCrit); data/libemf-1.0.13/include/libEMF/wine/winbase.h:1044:20: [3] (misc) AddAccessAllowedAce: This doesn't set the inheritance bits in the access control entry (ACE) header (CWE-732). Make sure that you set inheritance by hand if you wish it to inherit. BOOL WINAPI AddAccessAllowedAce(PACL,DWORD,DWORD,PSID); data/libemf-1.0.13/include/libEMF/wine/winbase.h:1113:13: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. #define CreateProcess WINELIB_NAME_AW(CreateProcess) data/libemf-1.0.13/include/libEMF/wine/winbase.h:1113:43: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. #define CreateProcess WINELIB_NAME_AW(CreateProcess) data/libemf-1.0.13/include/libEMF/wine/winbase.h:1520:13: [3] (tmpfile) GetTempFileName: Temporary file race condition in certain cases (e.g., if run as SYSTEM in many versions of Windows) (CWE-377). #define GetTempFileName WINELIB_NAME_AW(GetTempFileName) data/libemf-1.0.13/include/libEMF/wine/winbase.h:1520:45: [3] (tmpfile) GetTempFileName: Temporary file race condition in certain cases (e.g., if run as SYSTEM in many versions of Windows) (CWE-377). #define GetTempFileName WINELIB_NAME_AW(GetTempFileName) data/libemf-1.0.13/include/libEMF/wine/winbase.h:1567:13: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. #define LoadLibrary WINELIB_NAME_AW(LoadLibrary) data/libemf-1.0.13/include/libEMF/wine/winbase.h:1567:41: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. #define LoadLibrary WINELIB_NAME_AW(LoadLibrary) data/libemf-1.0.13/include/libEMF/wine/winbase.h:1570:13: [3] (misc) LoadLibraryEx: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. #define LoadLibraryEx WINELIB_NAME_AW(LoadLibraryEx) data/libemf-1.0.13/include/libEMF/wine/winbase.h:1570:43: [3] (misc) LoadLibraryEx: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. #define LoadLibraryEx WINELIB_NAME_AW(LoadLibraryEx) data/libemf-1.0.13/include/libEMF/wine/guiddef.h:8:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char Data4[ 8 ]; data/libemf-1.0.13/include/libEMF/wine/winbase.h:1658:13: [2] (buffer) CopyMemory: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define CopyMemory RtlCopyMemory data/libemf-1.0.13/include/libEMF/wine/wingdi.h:2954:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buffer[1]; data/libemf-1.0.13/include/libEMF/wine/winnt.h:4227:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Sourcename[8]; data/libemf-1.0.13/include/libEMF/wine/winnt.h:4650:52: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define RtlCopyMemory(Destination, Source, Length) memcpy((Destination),(Source),(Length)) data/libemf-1.0.13/libemf/libemf.cpp:732:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = ::fopen( filename, "w" ); data/libemf-1.0.13/libemf/libemf.cpp:780:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = ::fopen( filename_a.c_str(), "w" ); data/libemf-1.0.13/libemf/libemf.cpp:1009:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = ::fopen( filename_a.c_str(), "r" ); data/libemf-1.0.13/libemf/libemf.cpp:2746:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( metaheader, dc->header, size ); data/libemf-1.0.13/libemf/libemf.h:208:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char padding_[4]; //!< Pad with '\0's. data/libemf-1.0.13/include/libEMF/wine/winbase.h:1634:13: [1] (buffer) lstrcpyn: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). #define lstrcpyn WINELIB_NAME_AW(lstrcpyn) data/libemf-1.0.13/include/libEMF/wine/winbase.h:1634:38: [1] (buffer) lstrcpyn: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). #define lstrcpyn WINELIB_NAME_AW(lstrcpyn) data/libemf-1.0.13/libemf/libemf.cpp:739:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int description1_count = ::strlen( description ); data/libemf-1.0.13/libemf/libemf.cpp:740:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int description2_count = ::strlen( description + (description1_count + 1) ); data/libemf-1.0.13/libemf/libemf.cpp:811:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int description1_count = ::strlen( description ); data/libemf-1.0.13/libemf/libemf.cpp:812:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int description2_count = ::strlen( description + (description1_count + 1) ); data/libemf-1.0.13/libemf/libemf.cpp:981:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int filename_count = ::strlen( filename ); data/libemf-1.0.13/libemf/libemf.cpp:2208:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). LPWSTR name_w = new WCHAR[ strlen( name ) + 1 ]; ANALYSIS SUMMARY: Hits = 118 Lines analyzed = 27361 in approximately 0.66 seconds (41373 lines/second) Physical Source Lines of Code (SLOC) = 20218 Hits@level = [0] 271 [1] 8 [2] 10 [3] 12 [4] 88 [5] 0 Hits@level+ = [0+] 389 [1+] 118 [2+] 110 [3+] 100 [4+] 88 [5+] 0 Hits/KSLOC@level+ = [0+] 19.2403 [1+] 5.83638 [2+] 5.4407 [3+] 4.94609 [4+] 4.35256 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.