Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libgdchart-gd2-0.11.5/array_alloc.c
Examining data/libgdchart-gd2-0.11.5/array_alloc.h
Examining data/libgdchart-gd2-0.11.5/ft_samp.c
Examining data/libgdchart-gd2-0.11.5/gdc.c
Examining data/libgdchart-gd2-0.11.5/gdc.h
Examining data/libgdchart-gd2-0.11.5/gdc_pie.c
Examining data/libgdchart-gd2-0.11.5/gdc_pie_samp.c
Examining data/libgdchart-gd2-0.11.5/gdc_samp1.c
Examining data/libgdchart-gd2-0.11.5/gdc_samp2.c
Examining data/libgdchart-gd2-0.11.5/gdchart.c
Examining data/libgdchart-gd2-0.11.5/gdchart.h
Examining data/libgdchart-gd2-0.11.5/gdcpie.h
Examining data/libgdchart-gd2-0.11.5/price_conv.c
FINAL RESULTS:
data/libgdchart-gd2-0.11.5/gdc_pie.c:248:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( pct_lbl[i], GDCPIE_percent_fmt, this_pct * 100.0 );
data/libgdchart-gd2-0.11.5/gdchart.c:829:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( foo, do_ylbl_fractions? "%.0f": GDC_ylabel_fmt, tmp_highest );
data/libgdchart-gd2-0.11.5/gdchart.c:855:24: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
int lbl_len_low = sprintf( svlongest, GDC_ylabel2_fmt? GDC_ylabel2_fmt: "%.0f", vlowest );
data/libgdchart-gd2-0.11.5/gdchart.c:856:24: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
int lbl_len_high = sprintf( svlongest, GDC_ylabel2_fmt? GDC_ylabel2_fmt: "%.0f", vhighest );
data/libgdchart-gd2-0.11.5/gdchart.c:1181:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( vylbl,
data/libgdchart-gd2-0.11.5/price_conv.c:40:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( rtn, fltfmt, price );
data/libgdchart-gd2-0.11.5/ft_samp.c:73:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand( (unsigned int)time((time_t)NULL) );
data/libgdchart-gd2-0.11.5/gdc_pie_samp.c:32:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen( "pie.png", "wb" );
data/libgdchart-gd2-0.11.5/gdc_samp1.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t[6] = { "Chicago", "New York", "L.A.", "Atlanta", "Paris, MD\n(USA) ", "London" };
data/libgdchart-gd2-0.11.5/gdc_samp2.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t[12] = { "May", "Jun", "Jul", "Aug", "Sep", "Oct",
data/libgdchart-gd2-0.11.5/gdc_samp2.c:45:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *outpng1 = fopen( "g2.png", "wb" ); /* rem: test open() fail */
data/libgdchart-gd2-0.11.5/gdchart.c:344:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data+i*num_points, va_arg(ap, float*), num_points*sizeof(float) );
data/libgdchart-gd2-0.11.5/gdchart.c:825:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foo[32];
data/libgdchart-gd2-0.11.5/gdchart.c:854:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char svlongest[32];
data/libgdchart-gd2-0.11.5/gdchart.c:942:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *in = fopen(GDC_BGImage, "rb");
data/libgdchart-gd2-0.11.5/gdchart.c:1097:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nmrtr[3+1], dmntr[3+1], whole[8];
data/libgdchart-gd2-0.11.5/gdchart.c:1104:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( nmrtr, "%d", n );
data/libgdchart-gd2-0.11.5/gdchart.c:1105:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( dmntr, "%d", d );
data/libgdchart-gd2-0.11.5/gdchart.c:1106:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( whole, "%d", w );
data/libgdchart-gd2-0.11.5/gdchart.c:1179:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vylbl[16];
data/libgdchart-gd2-0.11.5/gdchart.h:58:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char note[MAX_NOTE_LEN+1]; /* NLs ok here */
data/libgdchart-gd2-0.11.5/price_conv.c:31:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rtn[64];
data/libgdchart-gd2-0.11.5/price_conv.c:56:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( rtn, "%f", price );
data/libgdchart-gd2-0.11.5/price_conv.c:80:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( rtn, "%d %d/%d", whole,
data/libgdchart-gd2-0.11.5/price_conv.c:88:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( rtn, "%d", whole );
data/libgdchart-gd2-0.11.5/gdc.c:284:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
IMGWIDTH/2 - GDC_fontc[GDC_MEDBOLD].w*strlen(err_str)/2,
data/libgdchart-gd2-0.11.5/gdc_samp2.c:48:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy( anno.note, "Did Not\nTrade", MAX_NOTE_LEN ); /* don't exceed MAX_NOTE_LEN */
data/libgdchart-gd2-0.11.5/gdchart.c:423:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(GDC_ylabel_fmt) == strcspn(GDC_ylabel_fmt,"%geEfF") );
data/libgdchart-gd2-0.11.5/gdchart.c:830:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lbl_len = ylbl_interval<1.0? strlen( price_to_str(tmp_highest,
data/libgdchart-gd2-0.11.5/gdchart.c:835:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( foo );
data/libgdchart-gd2-0.11.5/gdchart.c:1133:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PX(0)-2-strlen(whole)*GDC_fontc[GDC_yaxisfont_size].w
data/libgdchart-gd2-0.11.5/gdchart.c:1135:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(nmrtr)*GDC_fontc[GDC_yaxisfont_size-1].w +
data/libgdchart-gd2-0.11.5/gdchart.c:1137:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(nmrtr)*GDC_fontc[GDC_yaxisfont_size-1].w) :
data/libgdchart-gd2-0.11.5/gdchart.c:1147:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PX(0)-2-strlen(nmrtr)*GDC_fontc[GDC_yaxisfont_size-1].w
data/libgdchart-gd2-0.11.5/gdchart.c:1149:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
-strlen(nmrtr)*GDC_fontc[GDC_yaxisfont_size-1].w + 1,
data/libgdchart-gd2-0.11.5/gdchart.c:1156:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
-strlen(nmrtr)*GDC_fontc[GDC_yaxisfont_size-1].w,
data/libgdchart-gd2-0.11.5/gdchart.c:1162:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PX(0)-2-strlen(nmrtr)*GDC_fontc[GDC_yaxisfont_size-1].w - 2,
data/libgdchart-gd2-0.11.5/gdchart.c:1171:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PX(0)-2-strlen(ylbl_str)*GDC_fontc[GDC_yaxisfont_size].w,
data/libgdchart-gd2-0.11.5/gdchart.c:1190:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( vylbl, "0" );
ANALYSIS SUMMARY:
Hits = 39
Lines analyzed = 4303 in approximately 0.24 seconds (18256 lines/second)
Physical Source Lines of Code (SLOC) = 3342
Hits@level = [0] 2 [1] 14 [2] 18 [3] 1 [4] 6 [5] 0
Hits@level+ = [0+] 41 [1+] 39 [2+] 25 [3+] 7 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 12.2681 [1+] 11.6697 [2+] 7.48055 [3+] 2.09455 [4+] 1.79533 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.