Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libpagemaker-0.0.4/src/fuzz/pmdfuzzer.cpp
Examining data/libpagemaker-0.0.4/src/lib/PMDTypes.cpp
Examining data/libpagemaker-0.0.4/src/lib/PMDRecord.h
Examining data/libpagemaker-0.0.4/src/lib/PMDPage.h
Examining data/libpagemaker-0.0.4/src/lib/constants.h
Examining data/libpagemaker-0.0.4/src/lib/offsets.h
Examining data/libpagemaker-0.0.4/src/lib/PMDParser.cpp
Examining data/libpagemaker-0.0.4/src/lib/PMDTypes.h
Examining data/libpagemaker-0.0.4/src/lib/OutputShape.cpp
Examining data/libpagemaker-0.0.4/src/lib/OutputShape.h
Examining data/libpagemaker-0.0.4/src/lib/geometry.cpp
Examining data/libpagemaker-0.0.4/src/lib/PMDocument.cpp
Examining data/libpagemaker-0.0.4/src/lib/libpagemaker_utils.cpp
Examining data/libpagemaker-0.0.4/src/lib/PMDParser.h
Examining data/libpagemaker-0.0.4/src/lib/Units.h
Examining data/libpagemaker-0.0.4/src/lib/PMDExceptions.h
Examining data/libpagemaker-0.0.4/src/lib/geometry.h
Examining data/libpagemaker-0.0.4/src/lib/PMDCollector.cpp
Examining data/libpagemaker-0.0.4/src/lib/PMDCollector.h
Examining data/libpagemaker-0.0.4/src/lib/libpagemaker_utils.h
Examining data/libpagemaker-0.0.4/src/conv/raw/pmd2raw.cpp
Examining data/libpagemaker-0.0.4/src/conv/text/pmd2text.cpp
Examining data/libpagemaker-0.0.4/src/conv/svg/pmd2svg.cpp
Examining data/libpagemaker-0.0.4/inc/libpagemaker/libpagemaker.h
Examining data/libpagemaker-0.0.4/inc/libpagemaker/PMDocument.h
FINAL RESULTS:
data/libpagemaker-0.0.4/src/conv/raw/pmd2raw.cpp:51:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(TOOL " " VERSION "\n");
data/libpagemaker-0.0.4/src/conv/svg/pmd2svg.cpp:48:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(TOOL " " VERSION "\n");
data/libpagemaker-0.0.4/src/conv/text/pmd2text.cpp:50:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(TOOL " " VERSION "\n");
data/libpagemaker-0.0.4/src/lib/PMDCollector.cpp:94:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
border.sprintf("%fpt", stroke.m_strokeWidth / 5.0);
data/libpagemaker-0.0.4/src/lib/PMDCollector.cpp:123:14: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
colorStr.sprintf("#%.2x%.2x%.2x", color.m_red, color.m_green, color.m_blue);
data/libpagemaker-0.0.4/src/lib/PMDCollector.cpp:213:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
tempFillColorString.sprintf("#%.2x%.2x%.2x", tempFillColor.m_red,tempFillColor.m_green,tempFillColor.m_blue);
data/libpagemaker-0.0.4/src/lib/PMDCollector.cpp:244:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
tempStrokeColorString.sprintf("#%.2x%.2x%.2x", tempStrokeColor.m_red,tempStrokeColor.m_green,tempStrokeColor.m_blue);
data/libpagemaker-0.0.4/src/lib/PMDCollector.cpp:411:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
tempColorString.sprintf("#%.2x%.2x%.2x",(uint16_t)(tempColor.m_red * charTint + temp_bgcolor),(uint16_t)(tempColor.m_green * charTint + temp_bgcolor),(uint16_t)(tempColor.m_blue * charTint + temp_bgcolor));
data/libpagemaker-0.0.4/src/lib/PMDCollector.cpp:436:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
pos.sprintf("%.1f%% %.1f%%", intPos / 10.0, charProperty.m_superSubSize / 10.0);
data/libpagemaker-0.0.4/src/lib/PMDCollector.cpp:574:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
tempFillColorString.sprintf("#%.2x%.2x%.2x", tempFillColor.m_red,tempFillColor.m_green,tempFillColor.m_blue);
data/libpagemaker-0.0.4/src/lib/PMDCollector.cpp:605:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
tempStrokeColorString.sprintf("#%.2x%.2x%.2x", tempStrokeColor.m_red,tempStrokeColor.m_green,tempStrokeColor.m_blue);
data/libpagemaker-0.0.4/src/lib/libpagemaker_utils.cpp:36:8: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
std::vfprintf(stderr, format, args);
data/libpagemaker-0.0.4/src/lib/libpagemaker_utils.h:53:102: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PMD_WARN_MSG(M) std::fprintf(stderr, "PageMaker [WARN] %15s:%d: ", __FILE__, __LINE__); std::fprintf(stderr, M)
data/libpagemaker-0.0.4/src/lib/libpagemaker_utils.h:54:102: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PMD_ERR_MSG(M) std::fprintf(stderr, "PageMaker [ERROR] %15s:%d: ", __FILE__, __LINE__); std::fprintf(stderr, M)
data/libpagemaker-0.0.4/src/lib/PMDParser.cpp:104:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool equal(const RecordIterator &other) const;
data/libpagemaker-0.0.4/src/lib/PMDParser.cpp:166:33: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool PMDParser::RecordIterator::equal(const RecordIterator &other) const
data/libpagemaker-0.0.4/src/lib/libpagemaker_utils.cpp:46:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t const *p = input->read(sizeof(uint8_t), numBytesRead);
data/libpagemaker-0.0.4/src/lib/libpagemaker_utils.cpp:63:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t const *p = input->read(sizeof(uint16_t), numBytesRead);
data/libpagemaker-0.0.4/src/lib/libpagemaker_utils.cpp:84:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t const *p = input->read(sizeof(uint32_t), numBytesRead);
data/libpagemaker-0.0.4/src/lib/libpagemaker_utils.cpp:105:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t const *p = input->read(sizeof(uint64_t), numBytesRead);
data/libpagemaker-0.0.4/src/lib/libpagemaker_utils.cpp:126:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *const s = input->read(numBytes, readBytes);
ANALYSIS SUMMARY:
Hits = 21
Lines analyzed = 4396 in approximately 0.16 seconds (28014 lines/second)
Physical Source Lines of Code (SLOC) = 3350
Hits@level = [0] 32 [1] 7 [2] 0 [3] 0 [4] 14 [5] 0
Hits@level+ = [0+] 53 [1+] 21 [2+] 14 [3+] 14 [4+] 14 [5+] 0
Hits/KSLOC@level+ = [0+] 15.8209 [1+] 6.26866 [2+] 4.1791 [3+] 4.1791 [4+] 4.1791 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.