Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libjpeg-0.0~git20200925.f145908/autoconfig.h Examining data/libjpeg-0.0~git20200925.f145908/boxes/alphabox.cpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/alphabox.hpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/box.cpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/box.hpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/checksumbox.cpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/checksumbox.hpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/colortrafobox.cpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/colortrafobox.hpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/databox.cpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/databox.hpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/dctbox.cpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/dctbox.hpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/filetypebox.cpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/filetypebox.hpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/floattonemappingbox.cpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/floattonemappingbox.hpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/floattransformationbox.cpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/floattransformationbox.hpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/inversetonemappingbox.cpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/inversetonemappingbox.hpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/lineartransformationbox.cpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/lineartransformationbox.hpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/matrixbox.cpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/matrixbox.hpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/mergingspecbox.cpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/mergingspecbox.hpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/namespace.cpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/namespace.hpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/nonlineartrafobox.cpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/nonlineartrafobox.hpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/outputconversionbox.cpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/outputconversionbox.hpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/parametrictonemappingbox.cpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/parametrictonemappingbox.hpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/refinementspecbox.cpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/refinementspecbox.hpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/superbox.cpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/superbox.hpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/tonemapperbox.cpp Examining data/libjpeg-0.0~git20200925.f145908/boxes/tonemapperbox.hpp Examining data/libjpeg-0.0~git20200925.f145908/cmd/bitmaphook.cpp Examining data/libjpeg-0.0~git20200925.f145908/cmd/bitmaphook.hpp Examining data/libjpeg-0.0~git20200925.f145908/cmd/defaulttmoc.cpp Examining data/libjpeg-0.0~git20200925.f145908/cmd/defaulttmoc.hpp Examining data/libjpeg-0.0~git20200925.f145908/cmd/encodea.cpp Examining data/libjpeg-0.0~git20200925.f145908/cmd/encodea.hpp Examining data/libjpeg-0.0~git20200925.f145908/cmd/encodeb.cpp Examining data/libjpeg-0.0~git20200925.f145908/cmd/encodeb.hpp Examining data/libjpeg-0.0~git20200925.f145908/cmd/encodec.cpp Examining data/libjpeg-0.0~git20200925.f145908/cmd/encodec.hpp Examining data/libjpeg-0.0~git20200925.f145908/cmd/filehook.cpp Examining data/libjpeg-0.0~git20200925.f145908/cmd/filehook.hpp Examining data/libjpeg-0.0~git20200925.f145908/cmd/iohelpers.cpp Examining data/libjpeg-0.0~git20200925.f145908/cmd/iohelpers.hpp Examining data/libjpeg-0.0~git20200925.f145908/cmd/main.cpp Examining data/libjpeg-0.0~git20200925.f145908/cmd/main.hpp Examining data/libjpeg-0.0~git20200925.f145908/cmd/reconstruct.cpp Examining data/libjpeg-0.0~git20200925.f145908/cmd/reconstruct.hpp Examining data/libjpeg-0.0~git20200925.f145908/cmd/tmo.cpp Examining data/libjpeg-0.0~git20200925.f145908/cmd/tmo.hpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/aclosslessscan.cpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/aclosslessscan.hpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/acrefinementscan.cpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/acrefinementscan.hpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/acsequentialscan.cpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/acsequentialscan.hpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/decoder.cpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/decoder.hpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/encoder.cpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/encoder.hpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/entropyparser.cpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/entropyparser.hpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/image.cpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/image.hpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/jpeglsscan.cpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/jpeglsscan.hpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/lineinterleavedlsscan.cpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/lineinterleavedlsscan.hpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/losslessscan.cpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/losslessscan.hpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/predictivescan.cpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/predictivescan.hpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/predictor.cpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/predictor.hpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/predictorbase.cpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/predictorbase.hpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/rectanglerequest.cpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/rectanglerequest.hpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/refinementscan.cpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/refinementscan.hpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/sampleinterleavedlsscan.cpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/sampleinterleavedlsscan.hpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/sequentialscan.cpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/sequentialscan.hpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/singlecomponentlsscan.cpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/singlecomponentlsscan.hpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/tables.cpp Examining data/libjpeg-0.0~git20200925.f145908/codestream/tables.hpp Examining data/libjpeg-0.0~git20200925.f145908/coding/actemplate.cpp Examining data/libjpeg-0.0~git20200925.f145908/coding/actemplate.hpp Examining data/libjpeg-0.0~git20200925.f145908/coding/arithmetictemplate.cpp Examining data/libjpeg-0.0~git20200925.f145908/coding/arithmetictemplate.hpp Examining data/libjpeg-0.0~git20200925.f145908/coding/arthdeco.cpp Examining data/libjpeg-0.0~git20200925.f145908/coding/arthdeco.hpp Examining data/libjpeg-0.0~git20200925.f145908/coding/blockrow.cpp Examining data/libjpeg-0.0~git20200925.f145908/coding/blockrow.hpp Examining data/libjpeg-0.0~git20200925.f145908/coding/decodertemplate.cpp Examining data/libjpeg-0.0~git20200925.f145908/coding/decodertemplate.hpp Examining data/libjpeg-0.0~git20200925.f145908/coding/huffmancoder.cpp Examining data/libjpeg-0.0~git20200925.f145908/coding/huffmancoder.hpp Examining data/libjpeg-0.0~git20200925.f145908/coding/huffmandecoder.cpp Examining data/libjpeg-0.0~git20200925.f145908/coding/huffmandecoder.hpp Examining data/libjpeg-0.0~git20200925.f145908/coding/huffmanstatistics.cpp Examining data/libjpeg-0.0~git20200925.f145908/coding/huffmanstatistics.hpp Examining data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp Examining data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.hpp Examining data/libjpeg-0.0~git20200925.f145908/coding/qmcoder.cpp Examining data/libjpeg-0.0~git20200925.f145908/coding/qmcoder.hpp Examining data/libjpeg-0.0~git20200925.f145908/coding/quantizedrow.cpp Examining data/libjpeg-0.0~git20200925.f145908/coding/quantizedrow.hpp Examining data/libjpeg-0.0~git20200925.f145908/colortrafo/colortrafo.cpp Examining data/libjpeg-0.0~git20200925.f145908/colortrafo/colortrafo.hpp Examining data/libjpeg-0.0~git20200925.f145908/colortrafo/colortransformerfactory.cpp Examining data/libjpeg-0.0~git20200925.f145908/colortrafo/colortransformerfactory.hpp Examining data/libjpeg-0.0~git20200925.f145908/colortrafo/floattrafo.cpp Examining data/libjpeg-0.0~git20200925.f145908/colortrafo/floattrafo.hpp Examining data/libjpeg-0.0~git20200925.f145908/colortrafo/integertrafo.cpp Examining data/libjpeg-0.0~git20200925.f145908/colortrafo/integertrafo.hpp Examining data/libjpeg-0.0~git20200925.f145908/colortrafo/lslosslesstrafo.cpp Examining data/libjpeg-0.0~git20200925.f145908/colortrafo/lslosslesstrafo.hpp Examining data/libjpeg-0.0~git20200925.f145908/colortrafo/multiplicationtrafo.cpp Examining data/libjpeg-0.0~git20200925.f145908/colortrafo/multiplicationtrafo.hpp Examining data/libjpeg-0.0~git20200925.f145908/colortrafo/trivialtrafo.cpp Examining data/libjpeg-0.0~git20200925.f145908/colortrafo/trivialtrafo.hpp Examining data/libjpeg-0.0~git20200925.f145908/colortrafo/ycbcrtrafo.cpp Examining data/libjpeg-0.0~git20200925.f145908/colortrafo/ycbcrtrafo.hpp Examining data/libjpeg-0.0~git20200925.f145908/config.h Examining data/libjpeg-0.0~git20200925.f145908/control/bitmapctrl.cpp Examining data/libjpeg-0.0~git20200925.f145908/control/bitmapctrl.hpp Examining data/libjpeg-0.0~git20200925.f145908/control/blockbitmaprequester.cpp Examining data/libjpeg-0.0~git20200925.f145908/control/blockbitmaprequester.hpp Examining data/libjpeg-0.0~git20200925.f145908/control/blockbuffer.cpp Examining data/libjpeg-0.0~git20200925.f145908/control/blockbuffer.hpp Examining data/libjpeg-0.0~git20200925.f145908/control/blockctrl.cpp Examining data/libjpeg-0.0~git20200925.f145908/control/blockctrl.hpp Examining data/libjpeg-0.0~git20200925.f145908/control/blocklineadapter.cpp Examining data/libjpeg-0.0~git20200925.f145908/control/blocklineadapter.hpp Examining data/libjpeg-0.0~git20200925.f145908/control/bufferctrl.cpp Examining data/libjpeg-0.0~git20200925.f145908/control/bufferctrl.hpp Examining data/libjpeg-0.0~git20200925.f145908/control/hierarchicalbitmaprequester.cpp Examining data/libjpeg-0.0~git20200925.f145908/control/hierarchicalbitmaprequester.hpp Examining data/libjpeg-0.0~git20200925.f145908/control/lineadapter.cpp Examining data/libjpeg-0.0~git20200925.f145908/control/lineadapter.hpp Examining data/libjpeg-0.0~git20200925.f145908/control/linebitmaprequester.cpp Examining data/libjpeg-0.0~git20200925.f145908/control/linebitmaprequester.hpp Examining data/libjpeg-0.0~git20200925.f145908/control/linebuffer.cpp Examining data/libjpeg-0.0~git20200925.f145908/control/linebuffer.hpp Examining data/libjpeg-0.0~git20200925.f145908/control/linelineadapter.cpp Examining data/libjpeg-0.0~git20200925.f145908/control/linelineadapter.hpp Examining data/libjpeg-0.0~git20200925.f145908/control/linemerger.cpp Examining data/libjpeg-0.0~git20200925.f145908/control/linemerger.hpp Examining data/libjpeg-0.0~git20200925.f145908/control/residualblockhelper.cpp Examining data/libjpeg-0.0~git20200925.f145908/control/residualblockhelper.hpp Examining data/libjpeg-0.0~git20200925.f145908/control/residualbuffer.cpp Examining data/libjpeg-0.0~git20200925.f145908/control/residualbuffer.hpp Examining data/libjpeg-0.0~git20200925.f145908/dct/dct.cpp Examining data/libjpeg-0.0~git20200925.f145908/dct/dct.hpp Examining data/libjpeg-0.0~git20200925.f145908/dct/deringing.cpp Examining data/libjpeg-0.0~git20200925.f145908/dct/deringing.hpp Examining data/libjpeg-0.0~git20200925.f145908/dct/idct.cpp Examining data/libjpeg-0.0~git20200925.f145908/dct/idct.hpp Examining data/libjpeg-0.0~git20200925.f145908/dct/liftingdct.cpp Examining data/libjpeg-0.0~git20200925.f145908/dct/liftingdct.hpp Examining data/libjpeg-0.0~git20200925.f145908/interface/bitmaphook.cpp Examining data/libjpeg-0.0~git20200925.f145908/interface/bitmaphook.hpp Examining data/libjpeg-0.0~git20200925.f145908/interface/hooks.cpp Examining data/libjpeg-0.0~git20200925.f145908/interface/hooks.hpp Examining data/libjpeg-0.0~git20200925.f145908/interface/imagebitmap.cpp Examining data/libjpeg-0.0~git20200925.f145908/interface/imagebitmap.hpp Examining data/libjpeg-0.0~git20200925.f145908/interface/jpeg.cpp Examining data/libjpeg-0.0~git20200925.f145908/interface/jpeg.hpp Examining data/libjpeg-0.0~git20200925.f145908/interface/jpgtypes.cpp Examining data/libjpeg-0.0~git20200925.f145908/interface/jpgtypes.hpp Examining data/libjpeg-0.0~git20200925.f145908/interface/parameters.cpp Examining data/libjpeg-0.0~git20200925.f145908/interface/parameters.hpp Examining data/libjpeg-0.0~git20200925.f145908/interface/tagitem.cpp Examining data/libjpeg-0.0~git20200925.f145908/interface/tagitem.hpp Examining data/libjpeg-0.0~git20200925.f145908/interface/types.cpp Examining data/libjpeg-0.0~git20200925.f145908/interface/types.hpp Examining data/libjpeg-0.0~git20200925.f145908/io/bitstream.cpp Examining data/libjpeg-0.0~git20200925.f145908/io/bitstream.hpp Examining data/libjpeg-0.0~git20200925.f145908/io/bytestream.cpp Examining data/libjpeg-0.0~git20200925.f145908/io/bytestream.hpp Examining data/libjpeg-0.0~git20200925.f145908/io/checksumadapter.cpp Examining data/libjpeg-0.0~git20200925.f145908/io/checksumadapter.hpp Examining data/libjpeg-0.0~git20200925.f145908/io/decoderstream.cpp Examining data/libjpeg-0.0~git20200925.f145908/io/decoderstream.hpp Examining data/libjpeg-0.0~git20200925.f145908/io/iostream.cpp Examining data/libjpeg-0.0~git20200925.f145908/io/iostream.hpp Examining data/libjpeg-0.0~git20200925.f145908/io/memorystream.cpp Examining data/libjpeg-0.0~git20200925.f145908/io/memorystream.hpp Examining data/libjpeg-0.0~git20200925.f145908/io/randomaccessstream.cpp Examining data/libjpeg-0.0~git20200925.f145908/io/randomaccessstream.hpp Examining data/libjpeg-0.0~git20200925.f145908/io/staticstream.cpp Examining data/libjpeg-0.0~git20200925.f145908/io/staticstream.hpp Examining data/libjpeg-0.0~git20200925.f145908/marker/actable.cpp Examining data/libjpeg-0.0~git20200925.f145908/marker/actable.hpp Examining data/libjpeg-0.0~git20200925.f145908/marker/adobemarker.cpp Examining data/libjpeg-0.0~git20200925.f145908/marker/adobemarker.hpp Examining data/libjpeg-0.0~git20200925.f145908/marker/component.cpp Examining data/libjpeg-0.0~git20200925.f145908/marker/component.hpp Examining data/libjpeg-0.0~git20200925.f145908/marker/exifmarker.cpp Examining data/libjpeg-0.0~git20200925.f145908/marker/exifmarker.hpp Examining data/libjpeg-0.0~git20200925.f145908/marker/frame.cpp Examining data/libjpeg-0.0~git20200925.f145908/marker/frame.hpp Examining data/libjpeg-0.0~git20200925.f145908/marker/huffmantable.cpp Examining data/libjpeg-0.0~git20200925.f145908/marker/huffmantable.hpp Examining data/libjpeg-0.0~git20200925.f145908/marker/jfifmarker.cpp Examining data/libjpeg-0.0~git20200925.f145908/marker/jfifmarker.hpp Examining data/libjpeg-0.0~git20200925.f145908/marker/lscolortrafo.cpp Examining data/libjpeg-0.0~git20200925.f145908/marker/lscolortrafo.hpp Examining data/libjpeg-0.0~git20200925.f145908/marker/quantization.cpp Examining data/libjpeg-0.0~git20200925.f145908/marker/quantization.hpp Examining data/libjpeg-0.0~git20200925.f145908/marker/quantizationtable.cpp Examining data/libjpeg-0.0~git20200925.f145908/marker/quantizationtable.hpp Examining data/libjpeg-0.0~git20200925.f145908/marker/restartintervalmarker.cpp Examining data/libjpeg-0.0~git20200925.f145908/marker/restartintervalmarker.hpp Examining data/libjpeg-0.0~git20200925.f145908/marker/scan.cpp Examining data/libjpeg-0.0~git20200925.f145908/marker/scan.hpp Examining data/libjpeg-0.0~git20200925.f145908/marker/scantypes.cpp Examining data/libjpeg-0.0~git20200925.f145908/marker/scantypes.hpp Examining data/libjpeg-0.0~git20200925.f145908/marker/thresholds.cpp Examining data/libjpeg-0.0~git20200925.f145908/marker/thresholds.hpp Examining data/libjpeg-0.0~git20200925.f145908/std/assert.cpp Examining data/libjpeg-0.0~git20200925.f145908/std/assert.hpp Examining data/libjpeg-0.0~git20200925.f145908/std/ctype.cpp Examining data/libjpeg-0.0~git20200925.f145908/std/ctype.hpp Examining data/libjpeg-0.0~git20200925.f145908/std/errno.cpp Examining data/libjpeg-0.0~git20200925.f145908/std/errno.hpp Examining data/libjpeg-0.0~git20200925.f145908/std/math.cpp Examining data/libjpeg-0.0~git20200925.f145908/std/math.hpp Examining data/libjpeg-0.0~git20200925.f145908/std/setjmp.cpp Examining data/libjpeg-0.0~git20200925.f145908/std/setjmp.hpp Examining data/libjpeg-0.0~git20200925.f145908/std/stdarg.cpp Examining data/libjpeg-0.0~git20200925.f145908/std/stdarg.hpp Examining data/libjpeg-0.0~git20200925.f145908/std/stddef.cpp Examining data/libjpeg-0.0~git20200925.f145908/std/stddef.hpp Examining data/libjpeg-0.0~git20200925.f145908/std/stdio.cpp Examining data/libjpeg-0.0~git20200925.f145908/std/stdio.hpp Examining data/libjpeg-0.0~git20200925.f145908/std/stdlib.cpp Examining data/libjpeg-0.0~git20200925.f145908/std/stdlib.hpp Examining data/libjpeg-0.0~git20200925.f145908/std/string.cpp Examining data/libjpeg-0.0~git20200925.f145908/std/string.hpp Examining data/libjpeg-0.0~git20200925.f145908/std/unistd.cpp Examining data/libjpeg-0.0~git20200925.f145908/std/unistd.hpp Examining data/libjpeg-0.0~git20200925.f145908/tools/checksum.cpp Examining data/libjpeg-0.0~git20200925.f145908/tools/checksum.hpp Examining data/libjpeg-0.0~git20200925.f145908/tools/debug.cpp Examining data/libjpeg-0.0~git20200925.f145908/tools/debug.hpp Examining data/libjpeg-0.0~git20200925.f145908/tools/environment.cpp Examining data/libjpeg-0.0~git20200925.f145908/tools/environment.hpp Examining data/libjpeg-0.0~git20200925.f145908/tools/line.cpp Examining data/libjpeg-0.0~git20200925.f145908/tools/line.hpp Examining data/libjpeg-0.0~git20200925.f145908/tools/numerics.cpp Examining data/libjpeg-0.0~git20200925.f145908/tools/numerics.hpp Examining data/libjpeg-0.0~git20200925.f145908/tools/priorityqueue.cpp Examining data/libjpeg-0.0~git20200925.f145908/tools/priorityqueue.hpp Examining data/libjpeg-0.0~git20200925.f145908/tools/rectangle.cpp Examining data/libjpeg-0.0~git20200925.f145908/tools/rectangle.hpp Examining data/libjpeg-0.0~git20200925.f145908/tools/traits.cpp Examining data/libjpeg-0.0~git20200925.f145908/tools/traits.hpp Examining data/libjpeg-0.0~git20200925.f145908/upsampling/cositedupsampler.cpp Examining data/libjpeg-0.0~git20200925.f145908/upsampling/cositedupsampler.hpp Examining data/libjpeg-0.0~git20200925.f145908/upsampling/downsampler.cpp Examining data/libjpeg-0.0~git20200925.f145908/upsampling/downsampler.hpp Examining data/libjpeg-0.0~git20200925.f145908/upsampling/downsamplerbase.cpp Examining data/libjpeg-0.0~git20200925.f145908/upsampling/downsamplerbase.hpp Examining data/libjpeg-0.0~git20200925.f145908/upsampling/interdownsampler.cpp Examining data/libjpeg-0.0~git20200925.f145908/upsampling/interdownsampler.hpp Examining data/libjpeg-0.0~git20200925.f145908/upsampling/upsampler.cpp Examining data/libjpeg-0.0~git20200925.f145908/upsampling/upsampler.hpp Examining data/libjpeg-0.0~git20200925.f145908/upsampling/upsamplerbase.cpp Examining data/libjpeg-0.0~git20200925.f145908/upsampling/upsamplerbase.hpp FINAL RESULTS: data/libjpeg-0.0~git20200925.f145908/cmd/main.cpp:190:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf("Usage: %s [options] source target\n" data/libjpeg-0.0~git20200925.f145908/cmd/reconstruct.cpp:233:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(headername,"%s_%d.h",outfile,i); data/libjpeg-0.0~git20200925.f145908/cmd/reconstruct.cpp:234:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rawname ,"%s_%d.raw" ,outfile,i); data/libjpeg-0.0~git20200925.f145908/std/stdio.cpp:45:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int vsnprintf(char *str, size_t size, const char *format, va_list ap) data/libjpeg-0.0~git20200925.f145908/std/stdio.cpp:47:10: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. return vsprintf(str,format,ap); data/libjpeg-0.0~git20200925.f145908/std/stdio.cpp:52:16: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int TYPE_CDECL snprintf(char *str,size_t size,const char *format,...) data/libjpeg-0.0~git20200925.f145908/std/stdio.cpp:58:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. result = vsnprintf(str,size,format,args); data/libjpeg-0.0~git20200925.f145908/std/stdio.hpp:62:12: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. extern int vsnprintf(char *str, size_t size, const char *format, va_list ap); data/libjpeg-0.0~git20200925.f145908/std/stdio.hpp:67:23: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. extern int TYPE_CDECL snprintf(char *str,size_t size,const char *format,...); data/libjpeg-0.0~git20200925.f145908/boxes/filetypebox.cpp:163:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p,m_pulCompatible,m_ulNumCompats * sizeof(ULONG)); data/libjpeg-0.0~git20200925.f145908/boxes/floattransformationbox.cpp:139:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_fInverse,m_fMatrix,sizeof(m_fMatrix)); data/libjpeg-0.0~git20200925.f145908/boxes/lineartransformationbox.cpp:136:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_lInverse,m_lMatrix,sizeof(m_lMatrix)); data/libjpeg-0.0~git20200925.f145908/cmd/encodec.cpp:343:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *out = fopen(target,"wb"); data/libjpeg-0.0~git20200925.f145908/cmd/iohelpers.cpp:168:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *in = fopen(file,"rb"); data/libjpeg-0.0~git20200925.f145908/cmd/iohelpers.cpp:188:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/libjpeg-0.0~git20200925.f145908/cmd/reconstruct.cpp:71:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *in = fopen(infile,"rb"); data/libjpeg-0.0~git20200925.f145908/cmd/reconstruct.cpp:200:36: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bmm.bmm_pTarget = fopen(outfile,"wb"); data/libjpeg-0.0~git20200925.f145908/cmd/reconstruct.cpp:201:47: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bmm.bmm_pAlphaTarget = (doalpha)?(fopen(alpha,"wb")):NULL; data/libjpeg-0.0~git20200925.f145908/cmd/reconstruct.cpp:231:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char headername[256],rawname[256]; data/libjpeg-0.0~git20200925.f145908/cmd/reconstruct.cpp:236:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). hdr = fopen(headername,"wb"); data/libjpeg-0.0~git20200925.f145908/cmd/reconstruct.cpp:244:39: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bmm.bmm_PGXFiles[i] = fopen(rawname,"wb"); data/libjpeg-0.0~git20200925.f145908/cmd/tmo.cpp:183:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void save_histogram(const char *filename,double hist[256]) data/libjpeg-0.0~git20200925.f145908/cmd/tmo.cpp:185:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *out = fopen(filename,"w"); data/libjpeg-0.0~git20200925.f145908/cmd/tmo.cpp:600:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void LoadLTable(const char *ltable,UWORD ldrtohdr[65536],bool flt,int max,int hiddenbits) data/libjpeg-0.0~git20200925.f145908/cmd/tmo.cpp:602:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *in = fopen(ltable,"r"); data/libjpeg-0.0~git20200925.f145908/cmd/tmo.cpp:605:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/libjpeg-0.0~git20200925.f145908/cmd/tmo.hpp:88:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern void LoadLTable(const char *ltable,UWORD ldrtohdr[65536],bool flt, data/libjpeg-0.0~git20200925.f145908/codestream/acrefinementscan.hpp:95:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[5] = "s000"; data/libjpeg-0.0~git20200925.f145908/codestream/acsequentialscan.hpp:99:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[5] = "Z0S0"; data/libjpeg-0.0~git20200925.f145908/codestream/acsequentialscan.hpp:100:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(string,base,2); data/libjpeg-0.0~git20200925.f145908/codestream/acsequentialscan.hpp:131:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[5] = "X0 "; data/libjpeg-0.0~git20200925.f145908/codestream/acsequentialscan.hpp:153:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[5] = "se00"; data/libjpeg-0.0~git20200925.f145908/codestream/acsequentialscan.hpp:182:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[5] = "xl00"; data/libjpeg-0.0~git20200925.f145908/codestream/rectanglerequest.hpp:109:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this,&req,sizeof(struct RectangleRequest)); data/libjpeg-0.0~git20200925.f145908/codestream/rectanglerequest.hpp:118:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this,&req,sizeof(struct RectangleRequest)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:162:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_ucLengths,bits_dc_luminance,sizeof(bits_dc_luminance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:163:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pucValues,val_dc_luminance ,sizeof(val_dc_luminance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:173:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_ucLengths,bits_dc_luminance,sizeof(bits_dc_luminance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:174:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pucValues,val_dc_luminance ,sizeof(val_dc_luminance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:185:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_ucLengths,bits_dc_luminance,sizeof(bits_dc_luminance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:186:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pucValues,val_dc_luminance ,sizeof(val_dc_luminance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:196:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_ucLengths,bits_dc_luminance,sizeof(bits_dc_luminance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:197:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pucValues,val_dc_luminance ,sizeof(val_dc_luminance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:229:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_ucLengths,bits_dc_luminance,sizeof(bits_dc_luminance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:230:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pucValues,val_dc_luminance ,sizeof(val_dc_luminance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:276:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_ucLengths,bits_dc_chrominance,sizeof(bits_dc_chrominance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:277:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pucValues,val_dc_chrominance ,sizeof(val_dc_chrominance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:289:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_ucLengths,bits_dc_chrominance,sizeof(bits_dc_chrominance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:290:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pucValues,val_dc_chrominance ,sizeof(val_dc_chrominance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:301:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_ucLengths,bits_dc_luminance,sizeof(bits_dc_luminance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:302:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pucValues,val_dc_luminance ,sizeof(val_dc_luminance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:314:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_ucLengths,bits_dc_chrominance,sizeof(bits_dc_chrominance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:315:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pucValues,val_dc_chrominance ,sizeof(val_dc_chrominance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:353:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_ucLengths,bits_dc_luminance,sizeof(bits_dc_luminance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:354:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pucValues,val_dc_luminance ,sizeof(val_dc_luminance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:428:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_ucLengths,bits_ac_luminance,sizeof(bits_ac_luminance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:429:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pucValues,val_ac_luminance ,sizeof(val_ac_luminance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:475:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_ucLengths,bits_ac_luminance,sizeof(bits_ac_luminance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:476:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pucValues,val_ac_luminance ,sizeof(val_ac_luminance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:516:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_ucLengths,bits_ac_chrominance,sizeof(bits_ac_chrominance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:517:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pucValues,val_ac_chrominance ,sizeof(val_ac_chrominance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:563:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_ucLengths,bits_ac_luminance,sizeof(bits_ac_luminance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:564:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pucValues,val_ac_luminance ,sizeof(val_ac_luminance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:637:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_ucLengths,bits_ac_chrominance,sizeof(bits_ac_chrominance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:638:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pucValues,val_ac_chrominance ,sizeof(val_ac_chrominance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:684:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_ucLengths,bits_ac_chrominance,sizeof(bits_ac_chrominance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:685:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pucValues,val_ac_chrominance ,sizeof(val_ac_chrominance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:725:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_ucLengths,bits_ac_chrominance,sizeof(bits_ac_chrominance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:726:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pucValues,val_ac_chrominance ,sizeof(val_ac_chrominance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:766:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_ucLengths,bits_ac_chrominance,sizeof(bits_ac_chrominance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:767:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pucValues,val_ac_chrominance ,sizeof(val_ac_chrominance)); data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:928:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[30]; data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:931:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((stats = fopen(filename,"r"))) { data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:935:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((stats = fopen(filename,"w"))) { data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:977:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[30]; data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:981:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((file = fopen(filename,"w"))) { data/libjpeg-0.0~git20200925.f145908/coding/huffmantemplate.cpp:988:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((file = fopen(filename,"w"))) { data/libjpeg-0.0~git20200925.f145908/coding/qmcoder.hpp:107:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_ucID,name,4); data/libjpeg-0.0~git20200925.f145908/coding/qmcoder.hpp:113:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_ucID,name,4); data/libjpeg-0.0~git20200925.f145908/colortrafo/colortransformerfactory.cpp:146:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(matrix,df,sizeof(LONG) * 9); data/libjpeg-0.0~git20200925.f145908/colortrafo/colortransformerfactory.cpp:190:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(matrix,df,sizeof(LONG) * 9); data/libjpeg-0.0~git20200925.f145908/colortrafo/colortransformerfactory.cpp:391:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(matrix,lbox->MatrixOf(),9 * sizeof(LONG)); data/libjpeg-0.0~git20200925.f145908/colortrafo/colortransformerfactory.cpp:393:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inverse,lbox->InverseMatrixOf(),9 * sizeof(LONG)); data/libjpeg-0.0~git20200925.f145908/colortrafo/colortransformerfactory.cpp:414:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(matrix,lbox->MatrixOf(),9 * sizeof(LONG)); data/libjpeg-0.0~git20200925.f145908/colortrafo/colortransformerfactory.cpp:416:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inverse,lbox->InverseMatrixOf(),9 * sizeof(LONG)); data/libjpeg-0.0~git20200925.f145908/colortrafo/colortransformerfactory.cpp:579:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(matrix,lbox->MatrixOf(),9 * sizeof(LONG)); data/libjpeg-0.0~git20200925.f145908/colortrafo/colortransformerfactory.cpp:581:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inverse,lbox->InverseMatrixOf(),9 * sizeof(LONG)); data/libjpeg-0.0~git20200925.f145908/control/blockbitmaprequester.cpp:915:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_ppDTemp[i],m_ppCTemp[i],64 * sizeof(LONG)); data/libjpeg-0.0~git20200925.f145908/control/blocklineadapter.cpp:202:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out[l]->m_pData + (x << 3),&dst[l << 3],8 * sizeof(LONG)); data/libjpeg-0.0~git20200925.f145908/control/blocklineadapter.cpp:283:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&src[l << 3],line->m_pData + (x << 3),8 * sizeof(LONG)); data/libjpeg-0.0~git20200925.f145908/control/hierarchicalbitmaprequester.cpp:361:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (*line) memcpy((*line)->m_pData + x,buffer,8 * sizeof(LONG)); data/libjpeg-0.0~git20200925.f145908/control/hierarchicalbitmaprequester.cpp:378:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer,(*line)->m_pData + (x << 3),8 * sizeof(LONG)); data/libjpeg-0.0~git20200925.f145908/control/linebuffer.cpp:295:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst,buffer,8 * sizeof(LONG)); data/libjpeg-0.0~git20200925.f145908/control/linebuffer.cpp:307:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(line->m_pData + x,buffer,8 * sizeof(LONG)); data/libjpeg-0.0~git20200925.f145908/control/linebuffer.cpp:322:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer,line->m_pData + (x << 3),8 * sizeof(LONG)); data/libjpeg-0.0~git20200925.f145908/control/linemerger.cpp:262:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xline->m_pData,line->m_pData,m_pulPixelWidth[comp] * sizeof(LONG)); data/libjpeg-0.0~git20200925.f145908/control/linemerger.cpp:507:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->m_pData,center->m_pData,sizeof(LONG) * m_pulPixelWidth[comp]); data/libjpeg-0.0~git20200925.f145908/control/linemerger.cpp:547:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->m_pData,src->m_pData,m_pulPixelWidth[comp] * sizeof(LONG)); data/libjpeg-0.0~git20200925.f145908/control/residualblockhelper.cpp:125:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *spectrumfile = fopen("spectrum.plot","w"); data/libjpeg-0.0~git20200925.f145908/control/residualblockhelper.cpp:136:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *resfile = fopen("residual.ppm","wb"); data/libjpeg-0.0~git20200925.f145908/io/bytestream.cpp:67:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer,m_pucBufPtr,avail); // copy all data over data/libjpeg-0.0~git20200925.f145908/io/bytestream.cpp:86:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer,m_pucBufPtr,size); data/libjpeg-0.0~git20200925.f145908/io/bytestream.cpp:109:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pucBufPtr,buffer,avail); // copy the data over data/libjpeg-0.0~git20200925.f145908/io/bytestream.cpp:124:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pucBufPtr,buffer,size); data/libjpeg-0.0~git20200925.f145908/io/iostream.cpp:583:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + 1,m_pucBuffer,bytes); data/libjpeg-0.0~git20200925.f145908/std/stdio.hpp:72:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). # define fopen fopen64 data/libjpeg-0.0~git20200925.f145908/std/string.hpp:109:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # undef memcpy data/libjpeg-0.0~git20200925.f145908/std/string.hpp:110:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy __builtin_memcpy data/libjpeg-0.0~git20200925.f145908/tools/checksum.hpp:83:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmpout = fopen("/tmp/chksum","w"); data/libjpeg-0.0~git20200925.f145908/upsampling/cositedupsampler.cpp:124:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(target,cur->m_pData + offset,8 * sizeof(LONG)); data/libjpeg-0.0~git20200925.f145908/upsampling/cositedupsampler.cpp:149:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out,c,8 * sizeof(LONG)); data/libjpeg-0.0~git20200925.f145908/upsampling/cositedupsampler.cpp:187:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out,c,8 * sizeof(LONG)); data/libjpeg-0.0~git20200925.f145908/upsampling/cositedupsampler.cpp:228:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out,c,8 * sizeof(LONG)); data/libjpeg-0.0~git20200925.f145908/upsampling/downsamplerbase.cpp:169:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst + ofs,data,8 * sizeof(LONG)); data/libjpeg-0.0~git20200925.f145908/upsampling/upsampler.cpp:124:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(target,cur->m_pData + offset,8 * sizeof(LONG)); data/libjpeg-0.0~git20200925.f145908/upsampling/upsampler.cpp:198:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out,c,8 * sizeof(LONG)); data/libjpeg-0.0~git20200925.f145908/upsampling/upsamplerbase.cpp:319:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest + bx,data,8 * sizeof(LONG)); data/libjpeg-0.0~git20200925.f145908/cmd/iohelpers.cpp:107:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = getc(in); data/libjpeg-0.0~git20200925.f145908/cmd/iohelpers.cpp:108:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). g = getc(in); data/libjpeg-0.0~git20200925.f145908/cmd/iohelpers.cpp:109:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b = getc(in); data/libjpeg-0.0~git20200925.f145908/cmd/iohelpers.cpp:111:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = getc(in) << 8; data/libjpeg-0.0~git20200925.f145908/cmd/iohelpers.cpp:112:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r |= getc(in); data/libjpeg-0.0~git20200925.f145908/cmd/iohelpers.cpp:113:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). g = getc(in) << 8; data/libjpeg-0.0~git20200925.f145908/cmd/iohelpers.cpp:114:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). g |= getc(in); data/libjpeg-0.0~git20200925.f145908/cmd/iohelpers.cpp:115:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b = getc(in) << 8; data/libjpeg-0.0~git20200925.f145908/cmd/iohelpers.cpp:116:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b |= getc(in); data/libjpeg-0.0~git20200925.f145908/cmd/iohelpers.cpp:149:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). g = getc(in); data/libjpeg-0.0~git20200925.f145908/cmd/iohelpers.cpp:151:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). g = getc(in) << 8; data/libjpeg-0.0~git20200925.f145908/cmd/iohelpers.cpp:152:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). g |= getc(in); data/libjpeg-0.0~git20200925.f145908/cmd/iohelpers.cpp:187:21: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((id = getc(in)) == '#') { data/libjpeg-0.0~git20200925.f145908/cmd/iohelpers.hpp:129:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dt1 = getc(in); data/libjpeg-0.0~git20200925.f145908/cmd/iohelpers.hpp:130:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dt2 = getc(in); data/libjpeg-0.0~git20200925.f145908/cmd/iohelpers.hpp:131:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dt3 = getc(in); data/libjpeg-0.0~git20200925.f145908/cmd/iohelpers.hpp:132:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dt4 = getc(in); data/libjpeg-0.0~git20200925.f145908/std/string.hpp:97:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen((const char *)data); data/libjpeg-0.0~git20200925.f145908/std/string.hpp:207:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char *t = s + strlen(s); ANALYSIS SUMMARY: Hits = 136 Lines analyzed = 70971 in approximately 1.90 seconds (37305 lines/second) Physical Source Lines of Code (SLOC) = 36489 Hits@level = [0] 105 [1] 19 [2] 108 [3] 0 [4] 9 [5] 0 Hits@level+ = [0+] 241 [1+] 136 [2+] 117 [3+] 9 [4+] 9 [5+] 0 Hits/KSLOC@level+ = [0+] 6.60473 [1+] 3.72715 [2+] 3.20645 [3+] 0.24665 [4+] 0.24665 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.