Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libodfgen-0.1.7/test/testLink1.cxx Examining data/libodfgen-0.1.7/test/testGraphic1.cxx Examining data/libodfgen-0.1.7/test/testChart1.cxx Examining data/libodfgen-0.1.7/test/testMasterPage1.cxx Examining data/libodfgen-0.1.7/test/testLayer1.cxx Examining data/libodfgen-0.1.7/test/testList1.cxx Examining data/libodfgen-0.1.7/test/testPageSpan1.cxx Examining data/libodfgen-0.1.7/test/testParagraph1.cxx Examining data/libodfgen-0.1.7/test/testTextbox1.cxx Examining data/libodfgen-0.1.7/test/testSpan1.cxx Examining data/libodfgen-0.1.7/test/testTable1.cxx Examining data/libodfgen-0.1.7/test/StringDocumentHandler.cxx Examining data/libodfgen-0.1.7/src/SectionStyle.cxx Examining data/libodfgen-0.1.7/src/SheetStyle.cxx Examining data/libodfgen-0.1.7/src/PageSpan.cxx Examining data/libodfgen-0.1.7/src/FilterInternal.cxx Examining data/libodfgen-0.1.7/src/FillManager.cxx Examining data/libodfgen-0.1.7/src/DocumentElement.cxx Examining data/libodfgen-0.1.7/src/OdcGenerator.cxx Examining data/libodfgen-0.1.7/src/TableStyle.cxx Examining data/libodfgen-0.1.7/src/FontStyle.cxx Examining data/libodfgen-0.1.7/src/ListStyle.cxx Examining data/libodfgen-0.1.7/src/OdpGenerator.cxx Examining data/libodfgen-0.1.7/src/TextRunStyle.cxx Examining data/libodfgen-0.1.7/src/InternalHandler.cxx Examining data/libodfgen-0.1.7/src/GraphicStyle.cxx Examining data/libodfgen-0.1.7/src/OdsGenerator.cxx Examining data/libodfgen-0.1.7/src/OdtGenerator.cxx Examining data/libodfgen-0.1.7/src/GraphicFunctions.cxx Examining data/libodfgen-0.1.7/src/OdfGenerator.cxx Examining data/libodfgen-0.1.7/src/NumberingStyle.cxx Examining data/libodfgen-0.1.7/src/OdgGenerator.cxx FINAL RESULTS: data/libodfgen-0.1.7/src/FillManager.cxx:66:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. name.sprintf("Bitmap_%i", (int) mBitmapNameMap.size()); data/libodfgen-0.1.7/src/FillManager.cxx:110:14: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. angleValue.sprintf("%i", (unsigned)(angle*10)); data/libodfgen-0.1.7/src/FillManager.cxx:143:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. name.sprintf("Gradient_%i", (int) mGradientNameMap.size()); data/libodfgen-0.1.7/src/FillManager.cxx:229:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. name.sprintf("Hatch_%i", (int) mHatchNameMap.size()); data/libodfgen-0.1.7/src/FillManager.cxx:254:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sValue.sprintf("%i", (unsigned)(rotation*10)); data/libodfgen-0.1.7/src/FillManager.cxx:305:14: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. angleValue.sprintf("%i", (unsigned)(angle*10)); data/libodfgen-0.1.7/src/FillManager.cxx:330:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. name.sprintf("Transparency_%i", (int) mOpacityNameMap.size()); data/libodfgen-0.1.7/src/FilterInternal.cxx:68:7: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. std::vfprintf(stderr, format, args); data/libodfgen-0.1.7/src/GraphicFunctions.cxx:446:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sElement.sprintf("H%i", (int)((getInchValue(path[i]["svg:x"])-px)*2540)); data/libodfgen-0.1.7/src/GraphicFunctions.cxx:451:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sElement.sprintf("V%i", (int)((getInchValue(path[i]["svg:y"])-py)*2540)); data/libodfgen-0.1.7/src/GraphicFunctions.cxx:456:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sElement.sprintf("%c%i %i", action[0], (int)((getInchValue(path[i]["svg:x"])-px)*2540), data/libodfgen-0.1.7/src/GraphicFunctions.cxx:462:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sElement.sprintf("%c%i %i %i %i", action[0], (int)((getInchValue(path[i]["svg:x1"])-px)*2540), data/libodfgen-0.1.7/src/GraphicFunctions.cxx:469:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sElement.sprintf("C%i %i %i %i %i %i", (int)((getInchValue(path[i]["svg:x1"])-px)*2540), data/libodfgen-0.1.7/src/GraphicFunctions.cxx:477:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sElement.sprintf("A%i %i %i %i %i %i %i", (int)((getInchValue(path[i]["svg:rx"]))*2540), data/libodfgen-0.1.7/src/GraphicStyle.cxx:122:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. name.sprintf("gr_M%i", (int) mStyleNameMap.size()); data/libodfgen-0.1.7/src/GraphicStyle.cxx:124:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. name.sprintf("GraphicStyle_%i", (int) mStyleNameMap.size()); data/libodfgen-0.1.7/src/GraphicStyle.cxx:126:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. name.sprintf("gr_%i", (int) mStyleNameMap.size()); data/libodfgen-0.1.7/src/GraphicStyle.cxx:186:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. name.sprintf("Marker_%i", (int) mMarkerNameMap.size()); data/libodfgen-0.1.7/src/GraphicStyle.cxx:236:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. name.sprintf("Dash_%i", (int) mStrokeDashNameMap.size()); data/libodfgen-0.1.7/src/ListStyle.cxx:40:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sLevel.sprintf("%i", (iLevel+1)); data/libodfgen-0.1.7/src/ListStyle.cxx:113:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sLevel.sprintf("%i", (iLevel+1)); data/libodfgen-0.1.7/src/ListStyle.cxx:326:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sName.sprintf(ordered ? "OL_N%i" : "UL_N%i", miNumListStyles); data/libodfgen-0.1.7/src/ListStyle.cxx:328:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sName.sprintf(ordered ? "OL_M%i" : "UL_M%i", miNumListStyles); data/libodfgen-0.1.7/src/ListStyle.cxx:330:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sName.sprintf(ordered ? "OL%i" : "UL%i", miNumListStyles); data/libodfgen-0.1.7/src/NumberingStyle.cxx:79:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. what.sprintf("number:%s-style", type=="percentage" ? "percentage" : "number"); data/libodfgen-0.1.7/src/NumberingStyle.cxx:84:11: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. subWhat.sprintf("number:%s", type=="percentage" ? "number" : type=="scientific" ? "scientific-number" : type.c_str()); data/libodfgen-0.1.7/src/NumberingStyle.cxx:128:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. what.sprintf("number:%s-style", type.c_str()); data/libodfgen-0.1.7/src/NumberingStyle.cxx:182:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. subWhat.sprintf("number:%s", wh.c_str()); data/libodfgen-0.1.7/src/NumberingStyle.cxx:289:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. finalName.sprintf("Numbering_num%i", (int) mNumberingHash.size()); data/libodfgen-0.1.7/src/NumberingStyle.cxx:305:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. finalName.sprintf("Numbering_num%i", (int) mNumberingHash.size()); data/libodfgen-0.1.7/src/OdcGenerator.cxx:140:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sName.sprintf("Chart%i", (int)mChartStyleHash.size()); data/libodfgen-0.1.7/src/OdfGenerator.cxx:568:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. objectName.sprintf("Object%i", objectId); data/libodfgen-0.1.7/src/OdfGenerator.cxx:681:11: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. suffix.sprintf("#%d", i); data/libodfgen-0.1.7/src/OdfGenerator.cxx:816:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. date.sprintf("%04d-%02d-%02dT%02d:%02d:%02d", propList["librevenge:year"]->getInt(), data/libodfgen-0.1.7/src/OdfGenerator.cxx:821:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. date.sprintf("%04d-%02d-%02d", propList["librevenge:year"]->getInt(), data/libodfgen-0.1.7/src/OdfGenerator.cxx:830:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. time.sprintf("PT%02dH%02dM%02dS", propList["librevenge:hours"]->getInt(), minute, second); data/libodfgen-0.1.7/src/OdfGenerator.cxx:1257:20: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sColumnStyleName.sprintf("%s.Column%i", tableName.cstr(), (i+1)); data/libodfgen-0.1.7/src/OdfGenerator.cxx:1713:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sValue.sprintf("%i %i %i %i", 0, 0, (unsigned)(2540*(qx - px)), (unsigned)(2540*(qy - py))); data/libodfgen-0.1.7/src/OdgGenerator.cxx:214:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sWidth.sprintf("%li", (unsigned long)(2540 * mfMaxWidth)); data/libodfgen-0.1.7/src/OdgGenerator.cxx:222:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sHeight.sprintf("%li", (unsigned long)(2540 * mfMaxHeight)); data/libodfgen-0.1.7/src/OdgGenerator.cxx:429:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. pageName.sprintf("page%i", mpImpl->miPageIndex); data/libodfgen-0.1.7/src/OdgGenerator.cxx:639:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sValue.sprintf("rotate (%s) translate(%s, %s)", data/libodfgen-0.1.7/src/OdgGenerator.cxx:756:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sValue.sprintf("rotate (%s) translate(%s, %s)", data/libodfgen-0.1.7/src/OdpGenerator.cxx:261:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sValue.sprintf("rotate (%s) translate(%s, %s)", data/libodfgen-0.1.7/src/OdpGenerator.cxx:371:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sWidth.sprintf("%li", (unsigned long)(2540 * mfMaxWidth)); data/libodfgen-0.1.7/src/OdpGenerator.cxx:379:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sHeight.sprintf("%li", (unsigned long)(2540 * mfMaxHeight)); data/libodfgen-0.1.7/src/OdpGenerator.cxx:593:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. pageName.sprintf("page%i", mpImpl->miPageIndex); data/libodfgen-0.1.7/src/OdpGenerator.cxx:775:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sValue.sprintf("rotate (%s) translate(%s, %s)", data/libodfgen-0.1.7/src/OdpGenerator.cxx:1087:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. pageNumber.sprintf("%i", mpImpl->miPageIndex); data/libodfgen-0.1.7/src/OdsGenerator.cxx:251:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. dir.sprintf("Object %i/", miObjectNumber++); data/libodfgen-0.1.7/src/OdsGenerator.cxx:869:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. numEmpty.sprintf("%d", row-state.miLastSheetRow); data/libodfgen-0.1.7/src/OdsGenerator.cxx:931:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. numEmpty.sprintf("%d", col-state.miLastSheetColumn); data/libodfgen-0.1.7/src/OdsGenerator.cxx:1026:11: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. date.sprintf("%04d-%02d-%02dT%02d:%02d:%02d", propList["librevenge:year"]->getInt(), data/libodfgen-0.1.7/src/OdsGenerator.cxx:1031:11: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. date.sprintf("%04d-%02d-%02d", propList["librevenge:year"]->getInt(), data/libodfgen-0.1.7/src/OdsGenerator.cxx:1045:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. time.sprintf("PT%02dH%02dM%02dS", propList["librevenge:hours"]->getInt(), minute, second); data/libodfgen-0.1.7/src/OdsGenerator.cxx:1759:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. frameName.sprintf("Object%i", id); data/libodfgen-0.1.7/src/OdtGenerator.cxx:984:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. frameName.sprintf("Object%i", id); data/libodfgen-0.1.7/src/PageSpan.cxx:330:14: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. masterName.sprintf("PM%i", (int) mpPageList.size()); data/libodfgen-0.1.7/src/PageSpan.cxx:378:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. finalName.sprintf("DP%i", (int) mpDrawingList.size()+1); data/libodfgen-0.1.7/src/PageSpan.cxx:425:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. finalName.sprintf("PL%i", (int) mpLayoutList.size()); data/libodfgen-0.1.7/src/SectionStyle.cxx:120:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. name.sprintf("Section_M%i", (int)mStyleList.size()); data/libodfgen-0.1.7/src/SectionStyle.cxx:122:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. name.sprintf("Section%i", (int)mStyleList.size()); data/libodfgen-0.1.7/src/SheetStyle.cxx:217:20: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sColumnStyleName.sprintf("%s_col%i", getName().cstr(), col); data/libodfgen-0.1.7/src/SheetStyle.cxx:266:16: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sColumnName.sprintf("%s_col%i", getName().cstr(), col); data/libodfgen-0.1.7/src/SheetStyle.cxx:314:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. name.sprintf("%s_row%i", getName().cstr(), (int) mRowStyleHash.size()); data/libodfgen-0.1.7/src/SheetStyle.cxx:348:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. name.sprintf("%s_cell%i", getName().cstr(), (int) mCellStyleHash.size()); data/libodfgen-0.1.7/src/SheetStyle.cxx:381:14: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sTableName.sprintf("Sheet_M%i", (int) mSheetStyles.size()); data/libodfgen-0.1.7/src/SheetStyle.cxx:383:14: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sTableName.sprintf("Sheet%i", (int) mSheetStyles.size()); data/libodfgen-0.1.7/src/TableStyle.cxx:177:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. name.sprintf("%s_row%i", getName().cstr(), (int) mRowStyleHash.size()); data/libodfgen-0.1.7/src/TableStyle.cxx:224:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. name.sprintf("%s_cell%i", getName().cstr(), (int) mCellStyleHash.size()); data/libodfgen-0.1.7/src/TableStyle.cxx:295:16: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sColumnName.sprintf("%s.Column%i", getName().cstr(), i); data/libodfgen-0.1.7/src/TableStyle.cxx:342:14: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sTableName.sprintf("Table_M%i", (int) mTableStyles.size()); data/libodfgen-0.1.7/src/TableStyle.cxx:344:14: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sTableName.sprintf("Table%i", (int) mTableStyles.size()); data/libodfgen-0.1.7/src/TextRunStyle.cxx:230:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sName.sprintf("S_N%i", (int)mStyleHash.size()); data/libodfgen-0.1.7/src/TextRunStyle.cxx:232:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sName.sprintf("S_M%i", (int)mStyleHash.size()); data/libodfgen-0.1.7/src/TextRunStyle.cxx:234:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sName.sprintf("S%i", (int)mStyleHash.size()); data/libodfgen-0.1.7/src/TextRunStyle.cxx:386:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sName.sprintf("Span_N%i", (int)mStyleHash.size()); data/libodfgen-0.1.7/src/TextRunStyle.cxx:388:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sName.sprintf("Span_M%i", (int)mStyleHash.size()); data/libodfgen-0.1.7/src/TextRunStyle.cxx:390:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sName.sprintf("Span%i", (int)mStyleHash.size()); data/libodfgen-0.1.7/test/StringDocumentHandler.cxx:62:18: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. m_openedTagName.sprintf("%s", psName); data/libodfgen-0.1.7/src/OdcGenerator.cxx:319:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char const *s_paraStyle[4*4] = data/libodfgen-0.1.7/src/OdcGenerator.cxx:579:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char const *wh[8] = data/libodfgen-0.1.7/src/OdcGenerator.cxx:632:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char const *wh[4] = data/libodfgen-0.1.7/src/OdcGenerator.cxx:646:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char const *wh[4] = data/libodfgen-0.1.7/src/OdcGenerator.cxx:691:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char const *wh[17] = data/libodfgen-0.1.7/src/OdcGenerator.cxx:766:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char const *wh[2] = data/libodfgen-0.1.7/src/OdcGenerator.cxx:811:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char const *wh[2] = data/libodfgen-0.1.7/src/OdcGenerator.cxx:857:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char const *wh[4] = data/libodfgen-0.1.7/src/OdcGenerator.cxx:871:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char const *wh[2] = data/libodfgen-0.1.7/src/OdcGenerator.cxx:896:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char const *wh[2] = data/libodfgen-0.1.7/src/OdfGenerator.cxx:83:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outbuf[7]; data/libodfgen-0.1.7/src/OdfGenerator.cxx:1877:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char librvng_utf8_skip_data[256] = data/libodfgen-0.1.7/src/OdsGenerator.cxx:169:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(Command const command) data/libodfgen-0.1.7/src/OdsGenerator.cxx:596:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char const *s_paraStyle[4*10] = data/libodfgen-0.1.7/src/OdsGenerator.cxx:621:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char const *s_textStyle[2*4] = data/libodfgen-0.1.7/src/OdsGenerator.cxx:764:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mpImpl->open(OdsGeneratorPrivate::C_PageSpan); data/libodfgen-0.1.7/src/OdsGenerator.cxx:782:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mpImpl->open(OdsGeneratorPrivate::C_Sheet); data/libodfgen-0.1.7/src/OdsGenerator.cxx:844:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mpImpl->open(OdsGeneratorPrivate::C_SheetRow); data/libodfgen-0.1.7/src/OdsGenerator.cxx:914:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mpImpl->open(OdsGeneratorPrivate::C_SheetCell); data/libodfgen-0.1.7/src/OdsGenerator.cxx:1082:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mpImpl->open(OdsGeneratorPrivate::C_Chart); data/libodfgen-0.1.7/src/OdsGenerator.cxx:1116:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mpImpl->open(OdsGeneratorPrivate::C_ChartPlotArea); data/libodfgen-0.1.7/src/OdsGenerator.cxx:1138:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mpImpl->open(OdsGeneratorPrivate::C_ChartTextObject); data/libodfgen-0.1.7/src/OdsGenerator.cxx:1171:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mpImpl->open(OdsGeneratorPrivate::C_ChartSerie); data/libodfgen-0.1.7/src/OdsGenerator.cxx:1190:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mpImpl->open(OdsGeneratorPrivate::C_Header); data/libodfgen-0.1.7/src/OdsGenerator.cxx:1234:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mpImpl->open(OdsGeneratorPrivate::C_Footer); data/libodfgen-0.1.7/src/OdsGenerator.cxx:1279:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mpImpl->open(OdsGeneratorPrivate::C_Section); data/libodfgen-0.1.7/src/OdsGenerator.cxx:1303:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mpImpl->open(OdsGeneratorPrivate::C_Paragraph); data/libodfgen-0.1.7/src/OdsGenerator.cxx:1346:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mpImpl->open(OdsGeneratorPrivate::C_Span); data/libodfgen-0.1.7/src/OdsGenerator.cxx:1392:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mpImpl->open(OdsGeneratorPrivate::C_OrderedList); data/libodfgen-0.1.7/src/OdsGenerator.cxx:1404:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mpImpl->open(OdsGeneratorPrivate::C_UnorderedList); data/libodfgen-0.1.7/src/OdsGenerator.cxx:1438:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mpImpl->open(OdsGeneratorPrivate::C_ListElement); data/libodfgen-0.1.7/src/OdsGenerator.cxx:1471:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mpImpl->open(OdsGeneratorPrivate::C_Footnote); data/libodfgen-0.1.7/src/OdsGenerator.cxx:1492:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mpImpl->open(OdsGeneratorPrivate::C_Comment); data/libodfgen-0.1.7/src/OdsGenerator.cxx:1530:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mpImpl->open(OdsGeneratorPrivate::C_Table); data/libodfgen-0.1.7/src/OdsGenerator.cxx:1565:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mpImpl->open(OdsGeneratorPrivate::C_TableRow); data/libodfgen-0.1.7/src/OdsGenerator.cxx:1581:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mpImpl->open(OdsGeneratorPrivate::C_TableCell); data/libodfgen-0.1.7/src/OdsGenerator.cxx:1660:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mpImpl->open(OdsGeneratorPrivate::C_Frame); data/libodfgen-0.1.7/src/OdsGenerator.cxx:1736:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mpImpl->open(OdsGeneratorPrivate::C_TextBox); data/libodfgen-0.1.7/src/OdsGenerator.cxx:1789:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mpImpl->open(OdsGeneratorPrivate::C_Document); data/libodfgen-0.1.7/src/OdsGenerator.cxx:1820:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mpImpl->open(OdsGeneratorPrivate::C_Group); data/libodfgen-0.1.7/src/OdtGenerator.cxx:234:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char const *s_paraStyle[4*10] = data/libodfgen-0.1.7/src/OdtGenerator.cxx:259:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char const *s_textStyle[2*4] = data/libodfgen-0.1.7/src/OdtGenerator.cxx:290:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char const *s_noteConfig[4*2] = data/libodfgen-0.1.7/test/testChart1.cxx:252:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char const *wh[3] = {"a","b","c"}; data/libodfgen-0.1.7/src/PageSpan.cxx:263:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bool hasTagName=contentTagName && strlen(contentTagName); data/libodfgen-0.1.7/src/SheetStyle.cxx:104:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). auto len = (int) strlen(i.key()); ANALYSIS SUMMARY: Hits = 126 Lines analyzed = 16554 in approximately 0.67 seconds (24759 lines/second) Physical Source Lines of Code (SLOC) = 13446 Hits@level = [0] 11 [1] 2 [2] 44 [3] 0 [4] 80 [5] 0 Hits@level+ = [0+] 137 [1+] 126 [2+] 124 [3+] 80 [4+] 80 [5+] 0 Hits/KSLOC@level+ = [0+] 10.1889 [1+] 9.37082 [2+] 9.22207 [3+] 5.94972 [4+] 5.94972 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.