Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libpixelif-0.8.4/src/locales/libpixelif_locales.c
Examining data/libpixelif-0.8.4/src/locales/libpixelif_locales.h
Examining data/libpixelif-0.8.4/src/screen_interface/screen_pixel_interface.h
Examining data/libpixelif-0.8.4/src/pixel_interface/pixel_interface.h
Examining data/libpixelif-0.8.4/src/pixel_interface/true_type_wordwrapper.c
Examining data/libpixelif-0.8.4/src/pixel_interface/true_type_factory.c
Examining data/libpixelif-0.8.4/src/pixel_interface/true_type_font.h
Examining data/libpixelif-0.8.4/src/pixel_interface/true_type_factory.h
Examining data/libpixelif-0.8.4/src/pixel_interface/true_type_wordwrapper.h
Examining data/libpixelif-0.8.4/src/pixel_interface/true_type_font.c
Examining data/libpixelif-0.8.4/src/pixel_interface/pixel_interface.c
FINAL RESULTS:
data/libpixelif-0.8.4/src/pixel_interface/true_type_factory.c:114:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fullname, dirname);
data/libpixelif-0.8.4/src/pixel_interface/true_type_factory.c:116:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fullname, z_dir_entry.d_name);
data/libpixelif-0.8.4/src/pixel_interface/pixel_interface.c:217:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char last_left_margin_config_value_as_string[MAX_MARGIN_AS_STRING_LEN];
data/libpixelif-0.8.4/src/pixel_interface/pixel_interface.c:218:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char last_right_margin_config_value_as_string[MAX_MARGIN_AS_STRING_LEN];
data/libpixelif-0.8.4/src/pixel_interface/pixel_interface.c:230:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char last_font_size_config_value_as_string[MAX_VALUE_AS_STRING_LEN];
data/libpixelif-0.8.4/src/pixel_interface/pixel_interface.c:2659:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char latin1_buf1[14];
data/libpixelif-0.8.4/src/pixel_interface/pixel_interface.c:2660:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char latin1_buf2[9];
data/libpixelif-0.8.4/src/pixel_interface/pixel_interface.c:2699:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(latin1_buf1, ": %d ", parameter1);
data/libpixelif-0.8.4/src/pixel_interface/pixel_interface.c:2700:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(latin1_buf2, ": %d", parameter2);
data/libpixelif-0.8.4/src/pixel_interface/pixel_interface.c:2726:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(latin1_buf1, "%02d:%02d", parameter1, parameter2);
data/libpixelif-0.8.4/src/pixel_interface/pixel_interface.c:1408:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (value == NULL) || (strlen(value) == 0) )
data/libpixelif-0.8.4/src/pixel_interface/pixel_interface.c:1485:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (value == NULL) || (strlen(value) == 0) )
data/libpixelif-0.8.4/src/pixel_interface/pixel_interface.c:2704:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(latin1_buf1)
data/libpixelif-0.8.4/src/pixel_interface/pixel_interface.c:2706:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(latin1_buf2);
data/libpixelif-0.8.4/src/pixel_interface/pixel_interface.c:2728:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rightside_char_length = strlen(latin1_buf1);
data/libpixelif-0.8.4/src/pixel_interface/pixel_interface.c:3936:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input_size = strlen((char*)cmd_history_ptr);
data/libpixelif-0.8.4/src/pixel_interface/true_type_factory.c:109:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_len = strlen(dirname) + strlen(z_dir_entry.d_name) + 2;
data/libpixelif-0.8.4/src/pixel_interface/true_type_factory.c:109:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_len = strlen(dirname) + strlen(z_dir_entry.d_name) + 2;
data/libpixelif-0.8.4/src/pixel_interface/true_type_factory.c:115:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(fullname, "/");
ANALYSIS SUMMARY:
Hits = 19
Lines analyzed = 6617 in approximately 0.19 seconds (34449 lines/second)
Physical Source Lines of Code (SLOC) = 4388
Hits@level = [0] 3 [1] 9 [2] 8 [3] 0 [4] 2 [5] 0
Hits@level+ = [0+] 22 [1+] 19 [2+] 10 [3+] 2 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 5.01367 [1+] 4.32999 [2+] 2.27894 [3+] 0.455789 [4+] 0.455789 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.