Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libheif-1.9.1/libheif/heif_decoder_aom.h
Examining data/libheif-1.9.1/libheif/heif_hevc.cc
Examining data/libheif-1.9.1/libheif/heif_decoder_dav1d.h
Examining data/libheif-1.9.1/libheif/heif_plugin_registry.cc
Examining data/libheif-1.9.1/libheif/box.h
Examining data/libheif-1.9.1/libheif/heif_decoder_libde265.h
Examining data/libheif-1.9.1/libheif/file_fuzzer.cc
Examining data/libheif-1.9.1/libheif/error.cc
Examining data/libheif-1.9.1/libheif/heif_encoder_aom.h
Examining data/libheif-1.9.1/libheif/heif_encoder_rav1e.h
Examining data/libheif-1.9.1/libheif/heif_version.h
Examining data/libheif-1.9.1/libheif/heif_file.h
Examining data/libheif-1.9.1/libheif/heif.cc
Examining data/libheif-1.9.1/libheif/heif_emscripten.h
Examining data/libheif-1.9.1/libheif/box.cc
Examining data/libheif-1.9.1/libheif/heif_api_structs.h
Examining data/libheif-1.9.1/libheif/heif_decoder_aom.cc
Examining data/libheif-1.9.1/libheif/heif_cxx.h
Examining data/libheif-1.9.1/libheif/color_conversion_fuzzer.cc
Examining data/libheif-1.9.1/libheif/heif_plugin.h
Examining data/libheif-1.9.1/libheif/heif.h
Examining data/libheif-1.9.1/libheif/heif_plugin.cc
Examining data/libheif-1.9.1/libheif/logging.h
Examining data/libheif-1.9.1/libheif/heif_limits.h
Examining data/libheif-1.9.1/libheif/heif_encoder_x265.h
Examining data/libheif-1.9.1/libheif/heif_image.cc
Examining data/libheif-1.9.1/libheif/heif_encoder_aom.cc
Examining data/libheif-1.9.1/libheif/heif_file.cc
Examining data/libheif-1.9.1/libheif/heif_avif.cc
Examining data/libheif-1.9.1/libheif/heif_plugin_registry.h
Examining data/libheif-1.9.1/libheif/bitstream.h
Examining data/libheif-1.9.1/libheif/heif_colorconversion.h
Examining data/libheif-1.9.1/libheif/heif_decoder_dav1d.cc
Examining data/libheif-1.9.1/libheif/heif_decoder_libde265.cc
Examining data/libheif-1.9.1/libheif/box_fuzzer.cc
Examining data/libheif-1.9.1/libheif/heif_hevc.h
Examining data/libheif-1.9.1/libheif/heif_colorconversion.cc
Examining data/libheif-1.9.1/libheif/heif_encoder_x265.cc
Examining data/libheif-1.9.1/libheif/heif_avif.h
Examining data/libheif-1.9.1/libheif/encoder_fuzzer.cc
Examining data/libheif-1.9.1/libheif/heif_image.h
Examining data/libheif-1.9.1/libheif/bitstream.cc
Examining data/libheif-1.9.1/libheif/nclx.h
Examining data/libheif-1.9.1/libheif/nclx.cc
Examining data/libheif-1.9.1/libheif/heif_encoder_rav1e.cc
Examining data/libheif-1.9.1/libheif/error.h
Examining data/libheif-1.9.1/libheif/heif_context.h
Examining data/libheif-1.9.1/libheif/heif_context.cc
Examining data/libheif-1.9.1/examples/encoder_png.h
Examining data/libheif-1.9.1/examples/encoder_jpeg.cc
Examining data/libheif-1.9.1/examples/heif_test.cc
Examining data/libheif-1.9.1/examples/encoder_jpeg.h
Examining data/libheif-1.9.1/examples/heif_info.cc
Examining data/libheif-1.9.1/examples/heif_enc.cc
Examining data/libheif-1.9.1/examples/encoder_y4m.cc
Examining data/libheif-1.9.1/examples/test_c_api.c
Examining data/libheif-1.9.1/examples/encoder_y4m.h
Examining data/libheif-1.9.1/examples/encoder.h
Examining data/libheif-1.9.1/examples/encoder.cc
Examining data/libheif-1.9.1/examples/heif_thumbnailer.cc
Examining data/libheif-1.9.1/examples/heif_convert.cc
Examining data/libheif-1.9.1/examples/encoder_png.cc
Examining data/libheif-1.9.1/tests/encode.cc
Examining data/libheif-1.9.1/tests/main.cc
Examining data/libheif-1.9.1/tests/catch.hpp
Examining data/libheif-1.9.1/tests/conversion.cc
Examining data/libheif-1.9.1/extra/getopt_long.c
Examining data/libheif-1.9.1/extra/getopt.h
Examining data/libheif-1.9.1/extra/getopt.c
Examining data/libheif-1.9.1/gdk-pixbuf/pixbufloader-heif.c
FINAL RESULTS:
data/libheif-1.9.1/libheif/heif_decoder_aom.cc:57:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(plugin_name, aom_codec_iface_name(aom_codec_av1_dx()));
data/libheif-1.9.1/libheif/heif_decoder_libde265.cc:60:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(plugin_name, libde265_version);
data/libheif-1.9.1/libheif/heif_encoder_aom.cc:95:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(plugin_name, aom_codec_iface_name(aom_codec_av1_cx()));
data/libheif-1.9.1/libheif/heif_encoder_x265.cc:192:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(plugin_name, x265_version_str);
data/libheif-1.9.1/examples/heif_convert.cc:100:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "q:")) != -1) {
data/libheif-1.9.1/examples/heif_enc.cc:948:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "hq:Lo:vPp:t:b:AEe:", long_options, &option_index);
data/libheif-1.9.1/examples/heif_info.cc:107:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "dh", long_options, &option_index);
data/libheif-1.9.1/examples/heif_test.cc:93:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "d:m:h", long_options, &option_index);
data/libheif-1.9.1/examples/heif_thumbnailer.cc:64:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "s:hp")) != -1) {
data/libheif-1.9.1/extra/getopt.c:49:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
__weak_alias(getopt,_getopt);
data/libheif-1.9.1/extra/getopt.c:89:1: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt(int nargc, char * nargv[], const char *ostr)
data/libheif-1.9.1/extra/getopt.h:58:5: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt(int, char**, char*);
data/libheif-1.9.1/extra/getopt.h:59:5: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt_long(int, char**, char*, struct option*, int*);
data/libheif-1.9.1/extra/getopt_long.c:156:1: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt_long(int nargc, char ** nargv, char * options, struct option * long_options, int * index)
data/libheif-1.9.1/tests/catch.hpp:4451:1: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random(T a, T b) {
data/libheif-1.9.1/tests/catch.hpp:4460:1: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random(T a, T b) {
data/libheif-1.9.1/tests/catch.hpp:11638:18: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand( config.rngSeed() );
data/libheif-1.9.1/examples/encoder_jpeg.cc:136:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen(filename.c_str(), "wb");
data/libheif-1.9.1/examples/encoder_png.cc:56:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen(filename.c_str(), "wb");
data/libheif-1.9.1/examples/encoder_y4m.cc:48:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen(filename.c_str(), "wb");
data/libheif-1.9.1/examples/heif_convert.cc:103:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
quality = atoi(optarg);
data/libheif-1.9.1/examples/heif_enc.cc:176:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker_present[MAX_SEQ_NO + 1]; /* 1 if marker found */
data/libheif-1.9.1/examples/heif_enc.cc:269:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((infile = fopen(filename, "rb")) == NULL) {
data/libheif-1.9.1/examples/heif_enc.cc:319:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(py + (cinfo.output_scanline - 1) * y_stride, *buffer, cinfo.output_width);
data/libheif-1.9.1/examples/heif_enc.cc:431:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fh = fopen(filename, "rb");
data/libheif-1.9.1/examples/heif_enc.cc:502:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(profile_data, png_profile_data, profile_length);
data/libheif-1.9.1/examples/heif_enc.cc:634:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&py[y * y_stride], p, width);
data/libheif-1.9.1/examples/heif_enc.cc:653:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + y * stride, row_pointers[y], width * 4);
data/libheif-1.9.1/examples/heif_enc.cc:656:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + y * stride, row_pointers[y], width * 3);
data/libheif-1.9.1/examples/heif_enc.cc:761:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
w = atoi(value.c_str());
data/libheif-1.9.1/examples/heif_enc.cc:764:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
h = atoi(value.c_str());
data/libheif-1.9.1/examples/heif_enc.cc:870:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[value_size];
data/libheif-1.9.1/examples/heif_enc.cc:957:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
quality = atoi(optarg);
data/libheif-1.9.1/examples/heif_enc.cc:975:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
thumbnail_bbox_size = atoi(optarg);
data/libheif-1.9.1/examples/heif_enc.cc:978:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
output_bit_depth = atoi(optarg);
data/libheif-1.9.1/examples/heif_enc.cc:990:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nclx_matrix_coefficients = atoi(optarg);
data/libheif-1.9.1/examples/heif_enc.cc:993:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nclx_colour_primaries = atoi(optarg);
data/libheif-1.9.1/examples/heif_enc.cc:996:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nclx_transfer_characteristic = atoi(optarg);
data/libheif-1.9.1/examples/heif_enc.cc:999:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nclx_full_range = atoi(optarg);
data/libheif-1.9.1/examples/heif_info.cc:75:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fcc[5];
data/libheif-1.9.1/examples/heif_info.cc:120:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raw_image_id = atoi(optarg);
data/libheif-1.9.1/examples/heif_info.cc:144:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fh = fopen(input_filename, "rb");
data/libheif-1.9.1/examples/heif_test.cc:80:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pair.first = atoi(s.substr(0, p).c_str());
data/libheif-1.9.1/examples/heif_test.cc:81:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pair.second = atoi(s.substr(p + 1).c_str());
data/libheif-1.9.1/examples/heif_test.cc:99:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
image_IDs.push_back(atoi(optarg));
data/libheif-1.9.1/examples/heif_thumbnailer.cc:67:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size = atoi(optarg);
data/libheif-1.9.1/libheif/bitstream.cc:77:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_owned_data, data, m_length);
data/libheif-1.9.1/libheif/bitstream.cc:110:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &m_data[m_position], size);
data/libheif-1.9.1/libheif/bitstream.cc:587:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_data.data() + m_position, vec.data(), vec.size());
data/libheif-1.9.1/libheif/bitstream.cc:602:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_data.data() + m_position, data.data(), data.size());
data/libheif-1.9.1/libheif/box.cc:2724:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nal.data(), data, size);
data/libheif-1.9.1/libheif/encoder_fuzzer.cc:111:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_data, data_, size_);
data/libheif-1.9.1/libheif/encoder_fuzzer.cc:117:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data_[size_], data, size);
data/libheif-1.9.1/libheif/heif.cc:138:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char brand[5];
data/libheif-1.9.1/libheif/heif.cc:1035:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_data,
data/libheif-1.9.1/libheif/heif.cc:1101:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_data,
data/libheif-1.9.1/libheif/heif.cc:1151:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_data,
data/libheif-1.9.1/libheif/heif.cc:1649:78: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return heif_encoder_set_parameter_integer(encoder, parameter_name, atoi(value));
data/libheif-1.9.1/libheif/heif_colorconversion.cc:526:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out_a[y * out_a_stride], &in_a[y * in_a_stride], width * 2);
data/libheif-1.9.1/libheif/heif_colorconversion.cc:743:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out_a[y * out_a_stride], &in_a[y * in_a_stride], copyWidth);
data/libheif-1.9.1/libheif/heif_colorconversion.cc:1648:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_y + y * out_y_stride,
data/libheif-1.9.1/libheif/heif_colorconversion.cc:1663:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out_a[y * out_a_stride], &in_a[y * in_a_stride], width);
data/libheif-1.9.1/libheif/heif_context.cc:1464:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_data + xs + (ys + py) * out_stride,
data/libheif-1.9.1/libheif/heif_context.cc:1694:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nal_data.data(), data.data() + prev_start_code_start + 3, length);
data/libheif-1.9.1/libheif/heif_context.cc:1710:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nal_data_with_size.data() + 4, nal_data.data(), nal_data.size());
data/libheif-1.9.1/libheif/heif_context.cc:2031:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vec.data(), data, size);
data/libheif-1.9.1/libheif/heif_context.cc:2180:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_array.data() + 4, data, size);
data/libheif-1.9.1/libheif/heif_context.cc:2219:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_array.data(), data, size);
data/libheif-1.9.1/libheif/heif_cxx.h:1193:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[max_size];
data/libheif-1.9.1/libheif/heif_cxx.h:1214:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[max_size];
data/libheif-1.9.1/libheif/heif_decoder_aom.cc:51:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char plugin_name[MAX_PLUGIN_NAME_LENGTH];
data/libheif-1.9.1/libheif/heif_decoder_aom.cc:60:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(plugin_name, "AOMedia AV1 decoder");
data/libheif-1.9.1/libheif/heif_decoder_aom.cc:248:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_mem + y * dst_stride, data + y * stride, w * bytes_per_pixel);
data/libheif-1.9.1/libheif/heif_decoder_dav1d.cc:50:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char plugin_name[MAX_PLUGIN_NAME_LENGTH];
data/libheif-1.9.1/libheif/heif_decoder_dav1d.cc:142:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, frame_data, frame_size);
data/libheif-1.9.1/libheif/heif_decoder_dav1d.cc:272:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_mem + y * dst_stride, data + y * stride, w * bytes_per_pixel);
data/libheif-1.9.1/libheif/heif_decoder_libde265.cc:49:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char plugin_name[MAX_PLUGIN_NAME_LENGTH];
data/libheif-1.9.1/libheif/heif_decoder_libde265.cc:54:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(plugin_name, "libde265 HEVC decoder");
data/libheif-1.9.1/libheif/heif_decoder_libde265.cc:59:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(plugin_name, ", version ");
data/libheif-1.9.1/libheif/heif_decoder_libde265.cc:148:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_mem + y * dst_stride, data + y * stride, w * bytes_per_pixel);
data/libheif-1.9.1/libheif/heif_emscripten.h:29:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, width * height);
data/libheif-1.9.1/libheif/heif_emscripten.h:35:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_dest, _src, stride);
data/libheif-1.9.1/libheif/heif_encoder_aom.cc:86:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char plugin_name[MAX_PLUGIN_NAME_LENGTH];
data/libheif-1.9.1/libheif/heif_encoder_aom.cc:98:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(plugin_name, "AOMedia AV1 encoder");
data/libheif-1.9.1/libheif/heif_encoder_aom.cc:659:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &in_p[y * in_stride], w);
data/libheif-1.9.1/libheif/heif_encoder_aom.cc:787:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(encoder->compressedData.data() + oldSize,
data/libheif-1.9.1/libheif/heif_encoder_rav1e.cc:80:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char plugin_name[MAX_PLUGIN_NAME_LENGTH];
data/libheif-1.9.1/libheif/heif_encoder_rav1e.cc:88:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(plugin_name, "Rav1e encoder");
data/libheif-1.9.1/libheif/heif_encoder_rav1e.cc:662:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(encoder->compressed_data.data(), pkt->data, pkt->len);
data/libheif-1.9.1/libheif/heif_encoder_x265.cc:180:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char plugin_name[MAX_PLUGIN_NAME_LENGTH];
data/libheif-1.9.1/libheif/heif_encoder_x265.cc:188:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(plugin_name, "x265 HEVC encoder");
data/libheif-1.9.1/libheif/heif_encoder_x265.cc:191:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(plugin_name, " (");
data/libheif-1.9.1/libheif/heif_encoder_x265.cc:830:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/libheif-1.9.1/libheif/heif_encoder_x265.cc:831:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", p.value_int);
data/libheif-1.9.1/libheif/heif_file.cc:785:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nal.data() + 4, data, size);
data/libheif-1.9.1/libheif/heif_image.cc:254:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&newPlane.mem[y * newPlane.stride],
data/libheif-1.9.1/libheif/heif_image.cc:269:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&plane->mem[y * plane->stride + x * nbytes],
data/libheif-1.9.1/libheif/heif_image.cc:276:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&plane->mem[y * plane->stride],
data/libheif-1.9.1/libheif/heif_image.cc:427:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst + y * dst_stride, src + y * src_stride, bpl);
data/libheif-1.9.1/libheif/heif_image.cc:682:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out_data[(y - plane_top) * out_stride],
data/libheif-1.9.1/libheif/heif_image.cc:689:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out_data[(y - plane_top) * out_stride],
data/libheif-1.9.1/libheif/heif_image.cc:848:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_p + out_x0 + (out_y0 + y - in_y0) * out_stride,
data/libheif-1.9.1/tests/catch.hpp:2098:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeStamp[timeStampSize];
data/libheif-1.9.1/tests/catch.hpp:4314:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
alignas(alignof(T)) char storage[sizeof(T)];
data/libheif-1.9.1/tests/catch.hpp:5696:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[CATCH_CONFIG_CONSOLE_WIDTH] = {0};
data/libheif-1.9.1/tests/catch.hpp:7214:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/libheif-1.9.1/tests/catch.hpp:10970:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&i, &f, sizeof(f));
data/libheif-1.9.1/tests/catch.hpp:10979:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&i, &d, sizeof(d));
data/libheif-1.9.1/tests/catch.hpp:11437:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_buffer[L_tmpnam] = { 0 };
data/libheif-1.9.1/tests/catch.hpp:11524:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/libheif-1.9.1/tests/catch.hpp:11533:23: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
m_file = std::tmpfile();
data/libheif-1.9.1/tests/catch.hpp:11557:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100] = {};
data/libheif-1.9.1/tests/catch.hpp:11977:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tracker->open();
data/libheif-1.9.1/tests/catch.hpp:12747:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **utf8Argv = new char *[ argc ];
data/libheif-1.9.1/tests/catch.hpp:12901:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[bufferSize];
data/libheif-1.9.1/tests/catch.hpp:12950:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ofs.open( filename.c_str() );
data/libheif-1.9.1/tests/catch.hpp:13199:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( m_data, m_start, m_size );
data/libheif-1.9.1/tests/catch.hpp:13715:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void TrackerBase::open() {
data/libheif-1.9.1/tests/catch.hpp:13815:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open();
data/libheif-1.9.1/tests/catch.hpp:14100:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asChar[sizeof (int)];
data/libheif-1.9.1/tests/catch.hpp:14762:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[maxDoubleSize];
data/libheif-1.9.1/tests/catch.hpp:14769:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf(buffer, "%.3f", duration);
data/libheif-1.9.1/tests/catch.hpp:15361:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() {
data/libheif-1.9.1/tests/catch.hpp:15396:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tp.open();
data/libheif-1.9.1/tests/catch.hpp:15773:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeStamp[timeStampSize];
data/libheif-1.9.1/examples/heif_convert.cc:168:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
istr.read((char*) magic, 12);
data/libheif-1.9.1/examples/heif_enc.cc:798:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
istr.read((char*) (py + y * y_stride), w);
data/libheif-1.9.1/examples/heif_enc.cc:802:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
istr.read((char*) (pcb + y * cb_stride), (w + 1) / 2);
data/libheif-1.9.1/examples/heif_enc.cc:806:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
istr.read((char*) (pcr + y * cr_stride), (w + 1) / 2);
data/libheif-1.9.1/extra/getopt_long.c:176:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_argv_len = strlen(current_argv);
data/libheif-1.9.1/extra/getopt_long.c:182:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(long_options[i].name) == (unsigned)current_argv_len) {
data/libheif-1.9.1/libheif/bitstream.cc:50:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool StreamReader_istream::read(void* data, size_t size)
data/libheif-1.9.1/libheif/bitstream.cc:57:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_istr->read((char*) data, size);
data/libheif-1.9.1/libheif/bitstream.cc:103:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool StreamReader_memory::read(void* data, size_t size)
data/libheif-1.9.1/libheif/bitstream.cc:178:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool success = istr->read((char*) &buf, 1);
data/libheif-1.9.1/libheif/bitstream.cc:198:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool success = istr->read((char*) buf, 2);
data/libheif-1.9.1/libheif/bitstream.cc:218:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool success = istr->read((char*) buf, 4);
data/libheif-1.9.1/libheif/bitstream.cc:249:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool success = istr->read(&c, 1);
data/libheif-1.9.1/libheif/bitstream.cc:268:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool BitstreamRange::read(uint8_t* data, int64_t n)
data/libheif-1.9.1/libheif/bitstream.cc:275:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool success = istr->read(data, n);
data/libheif-1.9.1/libheif/bitstream.h:62:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual bool read(void* data, size_t size) = 0;
data/libheif-1.9.1/libheif/bitstream.h:82:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(void* data, size_t size) override;
data/libheif-1.9.1/libheif/bitstream.h:103:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(void* data, size_t size) override;
data/libheif-1.9.1/libheif/bitstream.h:127:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(void* data, size_t size) override
data/libheif-1.9.1/libheif/bitstream.h:128:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ return !m_func_table->read(data, size, m_userdata); }
data/libheif-1.9.1/libheif/bitstream.h:161:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(uint8_t* data, int64_t n);
data/libheif-1.9.1/libheif/box.cc:235:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
range.get_istream()->read((char*) m_uuid_type.data(), 16);
data/libheif-1.9.1/libheif/box.cc:379:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Error Box::read(BitstreamRange& range, std::shared_ptr<heif::Box>* result)
data/libheif-1.9.1/libheif/box.cc:614:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Error error = Box::read(range, &box);
data/libheif-1.9.1/libheif/box.cc:1121:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
success = istr->read((char*) dest->data() + old_size, static_cast<size_t>(extent.length));
data/libheif-1.9.1/libheif/box.cc:2603:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
range.get_istream()->read((char*) nal_unit.data(), size);
data/libheif-1.9.1/libheif/box.cc:2844:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!range.read(m_config_OBUs.data(), configOBUs_bytes)) {
data/libheif-1.9.1/libheif/box.cc:2983:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
success = istr->read((char*) data, static_cast<size_t>(length));
data/libheif-1.9.1/libheif/box.h:187:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static Error read(BitstreamRange& range, std::shared_ptr<heif::Box>* box);
data/libheif-1.9.1/libheif/box_fuzzer.cc:34:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
heif::Error error = heif::Box::read(range, &box);
data/libheif-1.9.1/libheif/color_conversion_fuzzer.cc:78:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert(stream->read(plane, width));
data/libheif-1.9.1/libheif/color_conversion_fuzzer.cc:101:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert(stream->read(plane, width * comps));
data/libheif-1.9.1/libheif/encoder_fuzzer.cc:174:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert(read <= size);
data/libheif-1.9.1/libheif/encoder_fuzzer.cc:175:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read) {
data/libheif-1.9.1/libheif/encoder_fuzzer.cc:181:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data += read;
data/libheif-1.9.1/libheif/encoder_fuzzer.cc:182:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size -= read;
data/libheif-1.9.1/libheif/heif.cc:311:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Error err = ctx->context->read(reader);
data/libheif-1.9.1/libheif/heif.cc:888:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(color_profile_type_fourcc) != 4) {
data/libheif-1.9.1/libheif/heif.h:370:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (* read)(void* data,
data/libheif-1.9.1/libheif/heif_context.cc:353:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Error HeifContext::read(std::shared_ptr<StreamReader> reader)
data/libheif-1.9.1/libheif/heif_context.cc:356:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Error err = m_heif_file->read(reader);
data/libheif-1.9.1/libheif/heif_context.h:82:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Error read(std::shared_ptr<StreamReader> reader);
data/libheif-1.9.1/libheif/heif_cxx.h:116:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual int read(void* data, size_t size) = 0;
data/libheif-1.9.1/libheif/heif_cxx.h:514:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return reader->read(data, size);
data/libheif-1.9.1/libheif/heif_decoder_aom.cc:56:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(aom_codec_iface_name(aom_codec_av1_dx())) < MAX_PLUGIN_NAME_LENGTH) {
data/libheif-1.9.1/libheif/heif_decoder_libde265.cc:58:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(libde265_version) + 10 < MAX_PLUGIN_NAME_LENGTH) {
data/libheif-1.9.1/libheif/heif_encoder_aom.cc:94:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(aom_codec_iface_name(aom_codec_av1_cx())) < MAX_PLUGIN_NAME_LENGTH) {
data/libheif-1.9.1/libheif/heif_encoder_aom.cc:439:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dst, src, dst_size - 1);
data/libheif-1.9.1/libheif/heif_encoder_rav1e.cc:412:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dst, src, dst_size - 1);
data/libheif-1.9.1/libheif/heif_encoder_x265.cc:190:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(x265_version_str) + strlen(plugin_name) + 4 < MAX_PLUGIN_NAME_LENGTH) {
data/libheif-1.9.1/libheif/heif_encoder_x265.cc:190:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(x265_version_str) + strlen(plugin_name) + 4 < MAX_PLUGIN_NAME_LENGTH) {
data/libheif-1.9.1/libheif/heif_encoder_x265.cc:193:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(plugin_name, ")");
data/libheif-1.9.1/libheif/heif_encoder_x265.cc:542:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dst, src, dst_size - 1);
data/libheif-1.9.1/libheif/heif_file.cc:65:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(input_stream);
data/libheif-1.9.1/libheif/heif_file.cc:73:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(input_stream);
data/libheif-1.9.1/libheif/heif_file.cc:77:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Error HeifFile::read(std::shared_ptr<StreamReader> reader)
data/libheif-1.9.1/libheif/heif_file.cc:184:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Error error = Box::read(range, &box);
data/libheif-1.9.1/libheif/heif_file.h:55:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Error read(std::shared_ptr<StreamReader> reader);
data/libheif-1.9.1/tests/catch.hpp:3586:29: [1] (buffer) is_permutation:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return std::is_permutation(m_target.begin(), m_target.end(), vec.begin());
data/libheif-1.9.1/tests/catch.hpp:12776:36: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static_cast<void>(std::getchar());
data/libheif-1.9.1/tests/catch.hpp:12781:36: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static_cast<void>(std::getchar());
data/libheif-1.9.1/tests/catch.hpp:13073:50: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return s.size() >= prefix.size() && std::equal(prefix.begin(), prefix.end(), s.begin());
data/libheif-1.9.1/tests/catch.hpp:13079:50: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return s.size() >= suffix.size() && std::equal(suffix.rbegin(), suffix.rend(), s.rbegin());
data/libheif-1.9.1/tests/catch.hpp:13165:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: StringRef( rawChars, static_cast<StringRef::size_type>(std::strlen(rawChars) ) )
ANALYSIS SUMMARY:
Hits = 189
Lines analyzed = 45230 in approximately 1.20 seconds (37700 lines/second)
Physical Source Lines of Code (SLOC) = 32081
Hits@level = [0] 103 [1] 64 [2] 108 [3] 13 [4] 4 [5] 0
Hits@level+ = [0+] 292 [1+] 189 [2+] 125 [3+] 17 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 9.10196 [1+] 5.89134 [2+] 3.89639 [3+] 0.529909 [4+] 0.124684 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.