Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libraw-0.20.2/RawSpeed/rawspeed_xmldata.cpp
Examining data/libraw-0.20.2/internal/dcraw_common.cpp
Examining data/libraw-0.20.2/internal/dcraw_defs.h
Examining data/libraw-0.20.2/internal/dcraw_fileio.cpp
Examining data/libraw-0.20.2/internal/dcraw_fileio_defs.h
Examining data/libraw-0.20.2/internal/defines.h
Examining data/libraw-0.20.2/internal/demosaic_packs.cpp
Examining data/libraw-0.20.2/internal/dmp_include.h
Examining data/libraw-0.20.2/internal/libraw_cameraids.h
Examining data/libraw-0.20.2/internal/libraw_cxx_defs.h
Examining data/libraw-0.20.2/internal/libraw_internal_funcs.h
Examining data/libraw-0.20.2/internal/var_defines.h
Examining data/libraw-0.20.2/internal/x3f_tools.h
Examining data/libraw-0.20.2/libraw/libraw.h
Examining data/libraw-0.20.2/libraw/libraw_alloc.h
Examining data/libraw-0.20.2/libraw/libraw_const.h
Examining data/libraw-0.20.2/libraw/libraw_datastream.h
Examining data/libraw-0.20.2/libraw/libraw_internal.h
Examining data/libraw-0.20.2/libraw/libraw_types.h
Examining data/libraw-0.20.2/libraw/libraw_version.h
Examining data/libraw-0.20.2/samples/4channels.cpp
Examining data/libraw-0.20.2/samples/dcraw_emu.cpp
Examining data/libraw-0.20.2/samples/dcraw_half.c
Examining data/libraw-0.20.2/samples/half_mt.c
Examining data/libraw-0.20.2/samples/half_mt_win32.c
Examining data/libraw-0.20.2/samples/mem_image_sample.cpp
Examining data/libraw-0.20.2/samples/multirender_test.cpp
Examining data/libraw-0.20.2/samples/openbayer_sample.cpp
Examining data/libraw-0.20.2/samples/postprocessing_benchmark.cpp
Examining data/libraw-0.20.2/samples/raw-identify.cpp
Examining data/libraw-0.20.2/samples/rawtextdump.cpp
Examining data/libraw-0.20.2/samples/simple_dcraw.cpp
Examining data/libraw-0.20.2/samples/unprocessed_raw.cpp
Examining data/libraw-0.20.2/src/decoders/canon_600.cpp
Examining data/libraw-0.20.2/src/decoders/crx.cpp
Examining data/libraw-0.20.2/src/decoders/decoders_dcraw.cpp
Examining data/libraw-0.20.2/src/decoders/decoders_libraw.cpp
Examining data/libraw-0.20.2/src/decoders/decoders_libraw_dcrdefs.cpp
Examining data/libraw-0.20.2/src/decoders/dng.cpp
Examining data/libraw-0.20.2/src/decoders/fp_dng.cpp
Examining data/libraw-0.20.2/src/decoders/fuji_compressed.cpp
Examining data/libraw-0.20.2/src/decoders/generic.cpp
Examining data/libraw-0.20.2/src/decoders/kodak_decoders.cpp
Examining data/libraw-0.20.2/src/decoders/load_mfbacks.cpp
Examining data/libraw-0.20.2/src/decoders/smal.cpp
Examining data/libraw-0.20.2/src/decoders/unpack.cpp
Examining data/libraw-0.20.2/src/decoders/unpack_thumb.cpp
Examining data/libraw-0.20.2/src/demosaic/aahd_demosaic.cpp
Examining data/libraw-0.20.2/src/demosaic/ahd_demosaic.cpp
Examining data/libraw-0.20.2/src/demosaic/dcb_demosaic.cpp
Examining data/libraw-0.20.2/src/demosaic/dht_demosaic.cpp
Examining data/libraw-0.20.2/src/demosaic/misc_demosaic.cpp
Examining data/libraw-0.20.2/src/demosaic/xtrans_demosaic.cpp
Examining data/libraw-0.20.2/src/integration/dngsdk_glue.cpp
Examining data/libraw-0.20.2/src/integration/rawspeed_glue.cpp
Examining data/libraw-0.20.2/src/libraw_c_api.cpp
Examining data/libraw-0.20.2/src/libraw_cxx.cpp
Examining data/libraw-0.20.2/src/libraw_datastream.cpp
Examining data/libraw-0.20.2/src/metadata/adobepano.cpp
Examining data/libraw-0.20.2/src/metadata/canon.cpp
Examining data/libraw-0.20.2/src/metadata/ciff.cpp
Examining data/libraw-0.20.2/src/metadata/cr3_parser.cpp
Examining data/libraw-0.20.2/src/metadata/epson.cpp
Examining data/libraw-0.20.2/src/metadata/exif_gps.cpp
Examining data/libraw-0.20.2/src/metadata/fuji.cpp
Examining data/libraw-0.20.2/src/metadata/hasselblad_model.cpp
Examining data/libraw-0.20.2/src/metadata/identify.cpp
Examining data/libraw-0.20.2/src/metadata/identify_tools.cpp
Examining data/libraw-0.20.2/src/metadata/kodak.cpp
Examining data/libraw-0.20.2/src/metadata/leica.cpp
Examining data/libraw-0.20.2/src/metadata/makernotes.cpp
Examining data/libraw-0.20.2/src/metadata/mediumformat.cpp
Examining data/libraw-0.20.2/src/metadata/minolta.cpp
Examining data/libraw-0.20.2/src/metadata/misc_parsers.cpp
Examining data/libraw-0.20.2/src/metadata/nikon.cpp
Examining data/libraw-0.20.2/src/metadata/normalize_model.cpp
Examining data/libraw-0.20.2/src/metadata/olympus.cpp
Examining data/libraw-0.20.2/src/metadata/p1.cpp
Examining data/libraw-0.20.2/src/metadata/pentax.cpp
Examining data/libraw-0.20.2/src/metadata/samsung.cpp
Examining data/libraw-0.20.2/src/metadata/sony.cpp
Examining data/libraw-0.20.2/src/metadata/tiff.cpp
Examining data/libraw-0.20.2/src/postprocessing/aspect_ratio.cpp
Examining data/libraw-0.20.2/src/postprocessing/dcraw_process.cpp
Examining data/libraw-0.20.2/src/postprocessing/mem_image.cpp
Examining data/libraw-0.20.2/src/postprocessing/postprocessing_aux.cpp
Examining data/libraw-0.20.2/src/postprocessing/postprocessing_ph.cpp
Examining data/libraw-0.20.2/src/postprocessing/postprocessing_utils.cpp
Examining data/libraw-0.20.2/src/postprocessing/postprocessing_utils_dcrdefs.cpp
Examining data/libraw-0.20.2/src/preprocessing/ext_preprocess.cpp
Examining data/libraw-0.20.2/src/preprocessing/preprocessing_ph.cpp
Examining data/libraw-0.20.2/src/preprocessing/raw2image.cpp
Examining data/libraw-0.20.2/src/preprocessing/subtract_black.cpp
Examining data/libraw-0.20.2/src/tables/cameralist.cpp
Examining data/libraw-0.20.2/src/tables/colorconst.cpp
Examining data/libraw-0.20.2/src/tables/colordata.cpp
Examining data/libraw-0.20.2/src/tables/wblists.cpp
Examining data/libraw-0.20.2/src/utils/curves.cpp
Examining data/libraw-0.20.2/src/utils/decoder_info.cpp
Examining data/libraw-0.20.2/src/utils/init_close_utils.cpp
Examining data/libraw-0.20.2/src/utils/open.cpp
Examining data/libraw-0.20.2/src/utils/phaseone_processing.cpp
Examining data/libraw-0.20.2/src/utils/read_utils.cpp
Examining data/libraw-0.20.2/src/utils/thumb_utils.cpp
Examining data/libraw-0.20.2/src/utils/utils_dcraw.cpp
Examining data/libraw-0.20.2/src/utils/utils_libraw.cpp
Examining data/libraw-0.20.2/src/write/apply_profile.cpp
Examining data/libraw-0.20.2/src/write/file_write.cpp
Examining data/libraw-0.20.2/src/write/tiff_writer.cpp
Examining data/libraw-0.20.2/src/write/write_ph.cpp
Examining data/libraw-0.20.2/src/x3f/x3f_parse_process.cpp
Examining data/libraw-0.20.2/src/x3f/x3f_utils_patched.cpp
FINAL RESULTS:
data/libraw-0.20.2/internal/var_defines.h:210:38: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
#define fgets(str,n,stream) stream->gets(str,n)
data/libraw-0.20.2/libraw/libraw_datastream.h:95:17: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
virtual char *gets(char *, int) = 0;
data/libraw-0.20.2/libraw/libraw_datastream.h:148:17: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
virtual char *gets(char *str, int sz);
data/libraw-0.20.2/libraw/libraw_datastream.h:169:17: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
virtual char *gets(char *s, int sz);
data/libraw-0.20.2/libraw/libraw_datastream.h:198:17: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
virtual char *gets(char *str, int sz);
data/libraw-0.20.2/src/libraw_datastream.cpp:287:31: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
char *LibRaw_file_datastream::gets(char *str, int sz)
data/libraw-0.20.2/src/libraw_datastream.cpp:418:33: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
char *LibRaw_buffer_datastream::gets(char *s, int sz)
data/libraw-0.20.2/src/libraw_datastream.cpp:610:34: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
char *LibRaw_bigfile_datastream::gets(char *str, int sz)
data/libraw-0.20.2/internal/defines.h:56:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libraw-0.20.2/internal/defines.h:56:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libraw-0.20.2/internal/var_defines.h:211:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
#define fscanf(stream,fmt,ptr) stream->scanf_one(fmt,ptr)
data/libraw-0.20.2/samples/4channels.cpp:33:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libraw-0.20.2/samples/4channels.cpp:33:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libraw-0.20.2/samples/dcraw_emu.cpp:44:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libraw-0.20.2/samples/dcraw_emu.cpp:44:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libraw-0.20.2/samples/dcraw_emu.cpp:61:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("-c float-num Set adjust maximum threshold (default 0.75)\n"
data/libraw-0.20.2/samples/dcraw_half.c:69:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfn, av[i]);
data/libraw-0.20.2/samples/half_mt_win32.c:29:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libraw-0.20.2/samples/half_mt_win32.c:29:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libraw-0.20.2/samples/mem_image_sample.cpp:32:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libraw-0.20.2/samples/mem_image_sample.cpp:32:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libraw-0.20.2/samples/multirender_test.cpp:33:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libraw-0.20.2/samples/multirender_test.cpp:33:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libraw-0.20.2/samples/openbayer_sample.cpp:60:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outfn, "%s.tif", av[1]);
data/libraw-0.20.2/samples/raw-identify.cpp:31:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libraw-0.20.2/samples/raw-identify.cpp:31:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libraw-0.20.2/samples/simple_dcraw.cpp:33:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libraw-0.20.2/samples/simple_dcraw.cpp:33:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libraw-0.20.2/samples/unprocessed_raw.cpp:36:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libraw-0.20.2/samples/unprocessed_raw.cpp:36:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libraw-0.20.2/src/libraw_datastream.cpp:447:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
scanf_res = sscanf((char *)(buf + streampos), fmt, val);
data/libraw-0.20.2/src/libraw_datastream.cpp:621:20: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
fscanf(f, fmt, val)
data/libraw-0.20.2/src/metadata/cr3_parser.cpp:225:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(HandlerType, sHandlerType[0]);
data/libraw-0.20.2/src/metadata/fuji.cpp:82:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(imFuji.RAFVersion, model2);
data/libraw-0.20.2/src/metadata/fuji.cpp:749:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model2, ystr);
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:187:28: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (add_MP_toName) strcpy(model, Hasselblad_SensorEnclosures[c]);
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:196:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, str); \
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:430:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(model, imHassy.Sensor);
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:449:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(normalized_model, ps);
data/libraw-0.20.2/src/metadata/identify.cpp:110:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_make, CorpTable[i].CorpName);
data/libraw-0.20.2/src/metadata/identify.cpp:163:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model,software);
data/libraw-0.20.2/src/metadata/identify.cpp:537:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(imFuji.RAFVersion, model2);
data/libraw-0.20.2/src/metadata/identify.cpp:694:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(make, table[i].t_make);
data/libraw-0.20.2/src/metadata/identify.cpp:695:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model, table[i].t_model);
data/libraw-0.20.2/src/metadata/identify.cpp:859:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(make, CorpTable[i].CorpName);
data/libraw-0.20.2/src/metadata/identify.cpp:1025:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, model);
data/libraw-0.20.2/src/metadata/identify.cpp:1176:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cdesc, colors == 3 ? "RGBG" : "GMCY");
data/libraw-0.20.2/src/metadata/identify.cpp:2429:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, model);
data/libraw-0.20.2/src/metadata/identify.cpp:2547:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, model);
data/libraw-0.20.2/src/metadata/identify.cpp:2556:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, model);
data/libraw-0.20.2/src/metadata/identify.cpp:2568:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, model);
data/libraw-0.20.2/src/metadata/identify.cpp:2594:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, model);
data/libraw-0.20.2/src/metadata/identify.cpp:2602:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, model);
data/libraw-0.20.2/src/metadata/kodak.cpp:170:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ilm.body, pkti + c);
data/libraw-0.20.2/src/metadata/mediumformat.cpp:232:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(imgdata.makernotes.phaseone.SystemModel, model);
data/libraw-0.20.2/src/metadata/mediumformat.cpp:422:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(imgdata.shootinginfo.BodySerial, words[0]);
data/libraw-0.20.2/src/metadata/mediumformat.cpp:431:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(imgdata.shootinginfo.InternalBodySerial, words[0]);
data/libraw-0.20.2/src/metadata/mediumformat.cpp:449:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model, mod[i]);
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:60:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(make, table[i].t_make);
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:62:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model, table[i].t_model);
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:280:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(date, "%*s %s %d %d:%d:%d %d", month, &t.tm_mday, &t.tm_hour,
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:393:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model, cp + 1);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:599:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_make, make);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:605:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model, imgdata.color.UniqueCameraModel);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:627:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (imgdata.lens.Lens, imgdata.color.UniqueCameraModel);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:689:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, model);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:699:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model, unique[i].t_model);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:700:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, unique[i].t_model);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:717:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, orig);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:733:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, orig);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:743:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, orig);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:762:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, orig);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:797:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, orig);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:814:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, orig);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:825:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, orig);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:853:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, orig);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:880:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, orig);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:900:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, orig);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:930:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, model);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:943:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, orig);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:957:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model, sonique[i].t_model);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:958:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, sonique[i].t_model);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:977:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, orig);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:985:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, model);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:990:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, model);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:995:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, model);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:1000:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normalized_model, model);
data/libraw-0.20.2/src/metadata/p1.cpp:184:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ilm.body, p1_unique[i].t_model);
data/libraw-0.20.2/src/metadata/pentax.cpp:447:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ilm.Lens, LensInfo);
data/libraw-0.20.2/src/metadata/pentax.cpp:472:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(imgdata.shootinginfo.BodySerial, "%8s", buffer + 8);
data/libraw-0.20.2/src/metadata/pentax.cpp:475:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(imgdata.shootinginfo.InternalBodySerial, "%8s", buffer);
data/libraw-0.20.2/src/metadata/tiff.cpp:892:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model, cp + 1);
data/libraw-0.20.2/src/postprocessing/postprocessing_utils_dcrdefs.cpp:56:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(prof_desc, "%s gamma %g toe slope %g", name[output_color - 1], floorf(1000.f/gamm[0]+.5f)/1000.f, floorf(gamm[1]*1000.0f+.5f)/1000.f);
data/libraw-0.20.2/src/postprocessing/postprocessing_utils_dcrdefs.cpp:92:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)oprof + pbody[5] + 12, prof_desc);
data/libraw-0.20.2/src/utils/utils_libraw.cpp:95:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(string, list[i]);
data/libraw-0.20.2/src/write/file_write.cpp:75:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(th->soft, "dcraw v" DCRAW_VERSION);
data/libraw-0.20.2/src/x3f/x3f_parse_process.cpp:155:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(imgdata.idata.make, value);
data/libraw-0.20.2/src/x3f/x3f_parse_process.cpp:157:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(imgdata.idata.model, value);
data/libraw-0.20.2/src/x3f/x3f_parse_process.cpp:159:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(imgdata.shootinginfo.BodySerial, value);
data/libraw-0.20.2/src/x3f/x3f_parse_process.cpp:161:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(imgdata.color.model2, value);
data/libraw-0.20.2/internal/libraw_internal_funcs.h:337:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void identify_finetune_dcr(char head[64],int,int);
data/libraw-0.20.2/internal/libraw_internal_funcs.h:346:118: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ahd_interpolate_build_homogeneity_map(int top, int left, short (*lab)[LIBRAW_AHD_TILE][LIBRAW_AHD_TILE][3], char (*out_homogeneity_map)[LIBRAW_AHD_TILE][2]);
data/libraw-0.20.2/internal/libraw_internal_funcs.h:347:124: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ahd_interpolate_combine_homogeneous_pixels(int top, int left, ushort (*rgb)[LIBRAW_AHD_TILE][LIBRAW_AHD_TILE][3], char (*homogeneity_map)[LIBRAW_AHD_TILE][2]);
data/libraw-0.20.2/internal/x3f_tools.h:478:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char white_balance[SIZE_WHITE_BALANCE]; /* Introduced in 2.1 */
data/libraw-0.20.2/internal/x3f_tools.h:479:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char color_mode[SIZE_COLOR_MODE]; /* Introduced in 2.3 */
data/libraw-0.20.2/libraw/libraw_internal.h:222:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/libraw-0.20.2/libraw/libraw_internal.h:242:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t_desc[512], t_make[64], t_model[64], soft[32], date[20], t_artist[64];
data/libraw-0.20.2/libraw/libraw_types.h:177:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[1];
data/libraw-0.20.2/libraw/libraw_types.h:182:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char guard[4];
data/libraw-0.20.2/libraw/libraw_types.h:183:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char make[64];
data/libraw-0.20.2/libraw/libraw_types.h:184:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model[64];
data/libraw-0.20.2/libraw/libraw_types.h:185:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char software[64];
data/libraw-0.20.2/libraw/libraw_types.h:186:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char normalized_make[64];
data/libraw-0.20.2/libraw/libraw_types.h:187:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char normalized_model[64];
data/libraw-0.20.2/libraw/libraw_types.h:194:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xtrans[6][6];
data/libraw-0.20.2/libraw/libraw_types.h:195:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xtrans_abs[6][6];
data/libraw-0.20.2/libraw/libraw_types.h:196:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cdesc[5];
data/libraw-0.20.2/libraw/libraw_types.h:329:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Sensor[8];
data/libraw-0.20.2/libraw/libraw_types.h:330:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SensorUnit[64]; // SU
data/libraw-0.20.2/libraw/libraw_types.h:331:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HostBody[64]; // HB
data/libraw-0.20.2/libraw/libraw_types.h:345:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CaptureSequenceInitiator[32];
data/libraw-0.20.2/libraw/libraw_types.h:351:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SensorUnitConnector[64];
data/libraw-0.20.2/libraw/libraw_types.h:412:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SerialSignature[0x0c + 1];
data/libraw-0.20.2/libraw/libraw_types.h:413:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char RAFVersion[4 + 1];
data/libraw-0.20.2/libraw/libraw_types.h:440:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FocusMode[7];
data/libraw-0.20.2/libraw/libraw_types.h:456:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FlashSetting[13];
data/libraw-0.20.2/libraw/libraw_types.h:457:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FlashType[20];
data/libraw-0.20.2/libraw/libraw_types.h:510:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CameraType2[6];
data/libraw-0.20.2/libraw/libraw_types.h:554:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LensFirmware[32];
data/libraw-0.20.2/libraw/libraw_types.h:576:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Software[64]; // tag 0x0203
data/libraw-0.20.2/libraw/libraw_types.h:577:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SystemType[64]; // tag 0x0204
data/libraw-0.20.2/libraw/libraw_types.h:578:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FirmwareString[256]; // tag 0x0301
data/libraw-0.20.2/libraw/libraw_types.h:579:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SystemModel[64];
data/libraw-0.20.2/libraw/libraw_types.h:617:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SonyDateTime[20];
data/libraw-0.20.2/libraw/libraw_types.h:672:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model2[64];
data/libraw-0.20.2/libraw/libraw_types.h:673:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char UniqueCameraModel[64];
data/libraw-0.20.2/libraw/libraw_types.h:674:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LocalizedCameraModel[64];
data/libraw-0.20.2/libraw/libraw_types.h:675:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ImageUniqueID[64];
data/libraw-0.20.2/libraw/libraw_types.h:676:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char RawDataUniqueID[17];
data/libraw-0.20.2/libraw/libraw_types.h:677:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char OriginalRawFileName[64];
data/libraw-0.20.2/libraw/libraw_types.h:731:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[512], artist[64];
data/libraw-0.20.2/libraw/libraw_types.h:753:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char firmware[128];
data/libraw-0.20.2/libraw/libraw_types.h:813:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p4shot_order[5];
data/libraw-0.20.2/libraw/libraw_types.h:848:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Lens[128];
data/libraw-0.20.2/libraw/libraw_types.h:854:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char body[64];
data/libraw-0.20.2/libraw/libraw_types.h:856:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LensFeatures_pre[16], LensFeatures_suf[16];
data/libraw-0.20.2/libraw/libraw_types.h:866:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Teleconverter[128];
data/libraw-0.20.2/libraw/libraw_types.h:868:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Adapter[128];
data/libraw-0.20.2/libraw/libraw_types.h:870:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Attachment[128];
data/libraw-0.20.2/libraw/libraw_types.h:889:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LensMake[128], Lens[128], LensSerial[128], InternalLensSerial[128];
data/libraw-0.20.2/libraw/libraw_types.h:921:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BodySerial[64];
data/libraw-0.20.2/libraw/libraw_types.h:922:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char InternalBodySerial[64]; /* this may be PCB or sensor serial, depends on
data/libraw-0.20.2/libraw/libraw_types.h:933:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t_make[10], t_model[20];
data/libraw-0.20.2/samples/4channels.cpp:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfn[1024];
data/libraw-0.20.2/samples/4channels.cpp:77:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
OUT.shot_select = av[i] ? atoi(av[i]) : 0;
data/libraw-0.20.2/samples/4channels.cpp:151:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lname[8];
data/libraw-0.20.2/samples/dcraw_emu.cpp:207:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((data.fd = open(fn.c_str(), O_RDONLY)) < 0) return;
data/libraw-0.20.2/samples/dcraw_emu.cpp:309:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
OUT.user_black = atoi(argv[arg++]);
data/libraw-0.20.2/samples/dcraw_emu.cpp:312:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
OUT.user_sat = atoi(argv[arg++]);
data/libraw-0.20.2/samples/dcraw_emu.cpp:315:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
OUT.raw_processing_options = atoi(argv[arg++]);
data/libraw-0.20.2/samples/dcraw_emu.cpp:321:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
OUT.user_flip = atoi(argv[arg++]);
data/libraw-0.20.2/samples/dcraw_emu.cpp:326:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
OUT.user_qual = atoi(argv[arg++]);
data/libraw-0.20.2/samples/dcraw_emu.cpp:337:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
OUT.med_passes = atoi(argv[arg++]);
data/libraw-0.20.2/samples/dcraw_emu.cpp:343:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
OUT.highlight = atoi(argv[arg++]);
data/libraw-0.20.2/samples/dcraw_emu.cpp:346:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
OUT.shot_select = abs(atoi(argv[arg++]));
data/libraw-0.20.2/samples/dcraw_emu.cpp:350:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
OUT.output_color = atoi(argv[arg++]);
data/libraw-0.20.2/samples/dcraw_emu.cpp:364:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
OUT.fbdd_noiserd = atoi(argv[arg++]);
data/libraw-0.20.2/samples/dcraw_emu.cpp:375:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
OUT.greybox[c] = atoi(argv[arg++]);
data/libraw-0.20.2/samples/dcraw_emu.cpp:379:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
OUT.cropbox[c] = atoi(argv[arg++]);
data/libraw-0.20.2/samples/dcraw_emu.cpp:429:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
OUT.dcb_iterations = atoi(argv[arg++]);
data/libraw-0.20.2/samples/dcraw_emu.cpp:454:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
OUT.use_dngsdk = atoi(argv[arg++]);
data/libraw-0.20.2/samples/dcraw_emu.cpp:490:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfn[1024];
data/libraw-0.20.2/samples/dcraw_emu.cpp:516:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int file = open(argv[arg], O_RDONLY | O_BINARY);
data/libraw-0.20.2/samples/dcraw_half.c:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfn[1024];
data/libraw-0.20.2/samples/dcraw_half.c:70:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outfn, ".ppm");
data/libraw-0.20.2/samples/half_mt.c:66:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfn[1024], *fn;
data/libraw-0.20.2/samples/half_mt.c:153:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_threads = atoi(av[++i]);
data/libraw-0.20.2/samples/half_mt_win32.c:83:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfn[1024], *fn;
data/libraw-0.20.2/samples/half_mt_win32.c:172:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_threads = atoi(av[++i]);
data/libraw-0.20.2/samples/mem_image_sample.cpp:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[1024];
data/libraw-0.20.2/samples/mem_image_sample.cpp:49:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(fn, "wb");
data/libraw-0.20.2/samples/mem_image_sample.cpp:93:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[1024];
data/libraw-0.20.2/samples/mem_image_sample.cpp:95:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(fn, "wb");
data/libraw-0.20.2/samples/mem_image_sample.cpp:126:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fnt[1024];
data/libraw-0.20.2/samples/mem_image_sample.cpp:132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[1024];
data/libraw-0.20.2/samples/mem_image_sample.cpp:134:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(fn, "wb");
data/libraw-0.20.2/samples/mem_image_sample.cpp:200:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jpgqual = atoi(av[i]+2);
data/libraw-0.20.2/samples/multirender_test.cpp:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfn[1024];
data/libraw-0.20.2/samples/openbayer_sample.cpp:37:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *in = fopen(av[1], "rb");
data/libraw-0.20.2/samples/openbayer_sample.cpp:59:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfn[256];
data/libraw-0.20.2/samples/postprocessing_benchmark.cpp:91:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
OUT.highlight = atoi(argv[arg++]);
data/libraw-0.20.2/samples/postprocessing_benchmark.cpp:94:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
OUT.user_qual = atoi(argv[arg++]);
data/libraw-0.20.2/samples/postprocessing_benchmark.cpp:102:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
OUT.med_passes = atoi(argv[arg++]);
data/libraw-0.20.2/samples/postprocessing_benchmark.cpp:108:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
OUT.shot_select = abs(atoi(argv[arg++]));
data/libraw-0.20.2/samples/postprocessing_benchmark.cpp:112:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
OUT.cropbox[c] = atoi(argv[arg++]);
data/libraw-0.20.2/samples/postprocessing_benchmark.cpp:115:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rep = abs(atoi(argv[arg++]));
data/libraw-0.20.2/samples/raw-identify.cpp:570:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((data.fd = open(fn.c_str(), O_RDONLY)) < 0) return;
data/libraw-0.20.2/samples/raw-identify.cpp:674:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_PATH + 1];
data/libraw-0.20.2/samples/raw-identify.cpp:675:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filelistfile, "r");
data/libraw-0.20.2/samples/raw-identify.cpp:693:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = fopen(outputfilename, "wt");
data/libraw-0.20.2/samples/raw-identify.cpp:1609:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame[64] = "";
data/libraw-0.20.2/samples/raw-identify.cpp:1674:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame[48] = "";
data/libraw-0.20.2/samples/rawtextdump.cpp:63:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int colstart = atoi(av[2]);
data/libraw-0.20.2/samples/rawtextdump.cpp:64:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int rowstart = atoi(av[3]);
data/libraw-0.20.2/samples/rawtextdump.cpp:66:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (ac > 4) channel = atoi(av[4]);
data/libraw-0.20.2/samples/rawtextdump.cpp:68:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (ac > 5) width = atoi(av[5]);
data/libraw-0.20.2/samples/rawtextdump.cpp:70:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (ac > 6) height = atoi(av[6]);
data/libraw-0.20.2/samples/simple_dcraw.cpp:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfn[1024], thumbfn[1024];
data/libraw-0.20.2/samples/unprocessed_raw.cpp:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfn[1024];
data/libraw-0.20.2/samples/unprocessed_raw.cpp:89:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
OUT.shot_select = av[i] ? atoi(av[i]) : 0;
data/libraw-0.20.2/samples/unprocessed_raw.cpp:178:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(fname, "wb");
data/libraw-0.20.2/samples/unprocessed_raw.cpp:303:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(th->date, "%04d:%02d:%02d %02d:%02d:%02d", t->tm_year + 1900,
data/libraw-0.20.2/samples/unprocessed_raw.cpp:311:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ofp = fopen(fn, "wb");
data/libraw-0.20.2/src/decoders/crx.cpp:974:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bandBuf, lineBuf, param->subbandWidth * sizeof(int32_t));
data/libraw-0.20.2/src/decoders/crx.cpp:990:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bandBuf, lineBuf, param->subbandWidth * sizeof(int32_t));
data/libraw-0.20.2/src/decoders/crx.cpp:1002:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bandBuf, lineBuf, param->subbandWidth * sizeof(int32_t));
data/libraw-0.20.2/src/decoders/crx.cpp:1023:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bandBuf, lineBuf, param->subbandWidth * sizeof(int32_t));
data/libraw-0.20.2/src/decoders/crx.cpp:1042:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bandBuf, lineBuf, param->subbandWidth * sizeof(int32_t));
data/libraw-0.20.2/src/decoders/crx.cpp:1061:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bandBuf, lineBuf, param->subbandWidth * sizeof(int32_t));
data/libraw-0.20.2/src/decoders/dng.cpp:222:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FORC3 memcpy(cur[c], curve, sizeof cur[0]);
data/libraw-0.20.2/src/decoders/fuji_compressed.cpp:988:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info.linebuf[mtable[i].a], info.linebuf[mtable[i].b], line_size);
data/libraw-0.20.2/src/decoders/kodak_decoders.cpp:137:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf[c][0] + !c, buf[c][2], sizeof buf[c][0] - 2 * !c);
data/libraw-0.20.2/src/decoders/kodak_decoders.cpp:202:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *buf[1];
data/libraw-0.20.2/src/decoders/load_mfbacks.cpp:93:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
/* static */ const signed char dir[12][2] = {
data/libraw-0.20.2/src/decoders/load_mfbacks.cpp:691:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&raw_image[scan_line * raw_width + tile_n * tile_width],
data/libraw-0.20.2/src/demosaic/aahd_demosaic.cpp:43:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ndir, *homo[2];
data/libraw-0.20.2/src/demosaic/aahd_demosaic.cpp:141:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ndir = (char *)(yuv[1] + nr_height * nr_width);
data/libraw-0.20.2/src/demosaic/aahd_demosaic.cpp:415:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hm[2];
data/libraw-0.20.2/src/demosaic/ahd_demosaic.cpp:177:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char (*out_homogeneity_map)[LIBRAW_AHD_TILE][2])
data/libraw-0.20.2/src/demosaic/ahd_demosaic.cpp:239:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char (*homogeneity_map)[LIBRAW_AHD_TILE][2])
data/libraw-0.20.2/src/demosaic/ahd_demosaic.cpp:284:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pix[0], rix[hm[1] > hm[0]][0], 3 * sizeof(ushort));
data/libraw-0.20.2/src/demosaic/misc_demosaic.cpp:302:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(brow[2][col], pix, sizeof *image);
data/libraw-0.20.2/src/demosaic/misc_demosaic.cpp:329:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(image[(row - 2) * width + 2], brow[0] + 2,
data/libraw-0.20.2/src/demosaic/misc_demosaic.cpp:334:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(image[(row - 2) * width + 2], brow[0] + 2,
data/libraw-0.20.2/src/demosaic/misc_demosaic.cpp:336:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(image[(row - 1) * width + 2], brow[1] + 2,
data/libraw-0.20.2/src/demosaic/xtrans_demosaic.cpp:179:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rgb[0][row - top][col - left], image[row * width + col], 6);
data/libraw-0.20.2/src/demosaic/xtrans_demosaic.cpp:180:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FORC3 memcpy(rgb[c + 1], rgb[0], sizeof *rgb);
data/libraw-0.20.2/src/demosaic/xtrans_demosaic.cpp:207:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rgb += 4, buffer, 4 * sizeof *rgb);
data/libraw-0.20.2/src/libraw_datastream.cpp:189:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buf->open(filename.c_str(), std::ios_base::in | std::ios_base::binary);
data/libraw-0.20.2/src/libraw_datastream.cpp:214:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buf->open(wfilename.c_str(), std::ios_base::in | std::ios_base::binary);
data/libraw-0.20.2/src/libraw_datastream.cpp:515:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fname, "rb");
data/libraw-0.20.2/src/metadata/canon.cpp:338:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.Lens, pl, 4);
data/libraw-0.20.2/src/metadata/canon.cpp:340:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.LensFeatures_pre, pl, 4);
data/libraw-0.20.2/src/metadata/canon.cpp:343:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.Lens + 5, pl + 4, 60);
data/libraw-0.20.2/src/metadata/canon.cpp:347:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.Lens, pl, 4);
data/libraw-0.20.2/src/metadata/canon.cpp:349:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.LensFeatures_pre, pl, 4);
data/libraw-0.20.2/src/metadata/canon.cpp:352:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.Lens + 5, pl + 4, 60);
data/libraw-0.20.2/src/metadata/canon.cpp:356:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.Lens, pl, 2);
data/libraw-0.20.2/src/metadata/canon.cpp:358:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.LensFeatures_pre, pl, 2);
data/libraw-0.20.2/src/metadata/canon.cpp:361:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.Lens + 3, pl + 2, 62);
data/libraw-0.20.2/src/metadata/canon.cpp:367:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.LensFeatures_pre, ilm.Lens, 4);
data/libraw-0.20.2/src/metadata/canon.cpp:373:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.Lens, pl, 4);
data/libraw-0.20.2/src/metadata/canon.cpp:375:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.LensFeatures_pre, pl, 4);
data/libraw-0.20.2/src/metadata/canon.cpp:378:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.Lens + 5, pl + 4, 60);
data/libraw-0.20.2/src/metadata/canon.cpp:382:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.Lens, pl, 4);
data/libraw-0.20.2/src/metadata/canon.cpp:384:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.LensFeatures_pre, pl, 4);
data/libraw-0.20.2/src/metadata/canon.cpp:387:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.Lens + 5, pl + 4, 60);
data/libraw-0.20.2/src/metadata/canon.cpp:390:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.Lens, pl, 64);
data/libraw-0.20.2/src/metadata/canon.cpp:588:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(imgdata.shootinginfo.BodySerial, "%d", tS);
data/libraw-0.20.2/src/metadata/canon.cpp:626:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.LensFeatures_pre, ilm.Lens, 4);
data/libraw-0.20.2/src/metadata/canon.cpp:634:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.LensFeatures_pre, ilm.Lens, 4);
data/libraw-0.20.2/src/metadata/canon.cpp:642:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.LensFeatures_pre, ilm.Lens, 2);
data/libraw-0.20.2/src/metadata/canon.cpp:650:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.LensFeatures_pre, ilm.Lens, 4);
data/libraw-0.20.2/src/metadata/canon.cpp:658:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.LensFeatures_pre, ilm.Lens, 4);
data/libraw-0.20.2/src/metadata/canon.cpp:666:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.LensFeatures_pre, ilm.Lens, 4);
data/libraw-0.20.2/src/metadata/canon.cpp:674:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.LensFeatures_pre, ilm.Lens, 2);
data/libraw-0.20.2/src/metadata/ciff.cpp:261:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(imgdata.shootinginfo.BodySerial, "%d", len);
data/libraw-0.20.2/src/metadata/ciff.cpp:263:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(imgdata.shootinginfo.BodySerial, "%0x-%05d", len >> 16,
data/libraw-0.20.2/src/metadata/cr3_parser.cpp:112:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char UIID_Canon[17] =
data/libraw-0.20.2/src/metadata/cr3_parser.cpp:124:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AtomName[5];
data/libraw-0.20.2/src/metadata/cr3_parser.cpp:206:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char sHandlerType[5][5] = {"unk.", "soun", "vide", "hint", "meta"};
data/libraw-0.20.2/src/metadata/cr3_parser.cpp:211:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nmAtom[5]; // Atom name
data/libraw-0.20.2/src/metadata/cr3_parser.cpp:217:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char UIID[16];
data/libraw-0.20.2/src/metadata/cr3_parser.cpp:219:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HandlerType[5], MediaFormatID[5];
data/libraw-0.20.2/src/metadata/exif_gps.cpp:25:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[4] = { 0,0,0,0 };
data/libraw-0.20.2/src/metadata/exif_gps.cpp:219:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mn_text[512];
data/libraw-0.20.2/src/metadata/exif_gps.cpp:221:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ccms[512];
data/libraw-0.20.2/src/metadata/exif_gps.cpp:247:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ccms, pos, l);
data/libraw-0.20.2/src/metadata/exif_gps.cpp:263:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
imgdata.color.ccm[l][c] = (float)atoi(pos);
data/libraw-0.20.2/src/metadata/fuji.cpp:76:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(imFuji.SerialSignature, PrivateMknBuf + 6, 0x0c);
data/libraw-0.20.2/src/metadata/fuji.cpp:78:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(model, PrivateMknBuf + 0x12, 0x20);
data/libraw-0.20.2/src/metadata/fuji.cpp:80:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(model2, PrivateMknBuf + 0x32, 4);
data/libraw-0.20.2/src/metadata/fuji.cpp:680:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FujiSerial[sizeof(imgdata.shootinginfo.InternalBodySerial)];
data/libraw-0.20.2/src/metadata/fuji.cpp:681:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *words[4];
data/libraw-0.20.2/src/metadata/fuji.cpp:682:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yy[2], mm[3], dd[3], ystr[16], ynum[16];
data/libraw-0.20.2/src/metadata/fuji.cpp:702:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[sizeof(imgdata.shootinginfo.InternalBodySerial)];
data/libraw-0.20.2/src/metadata/fuji.cpp:753:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[sizeof(imgdata.shootinginfo.InternalBodySerial)];
data/libraw-0.20.2/src/metadata/fuji.cpp:781:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[sizeof(imgdata.shootinginfo.InternalBodySerial)];
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:45:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int c = atoi(strchr(imgdata.lens.Lens, ' ') +1);
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:65:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ilm.LensID += atoi(ps+1)*10ULL;
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_model[64];
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:124:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_model, imgdata.color.LocalizedCameraModel,cc);
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:157:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(imHassy.HostBody, model, ps-model);
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:178:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "CFVII");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:179:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(model, "CFV");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:182:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "CFV");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:202:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imHassy.Sensor, "-16");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:207:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imHassy.Sensor, "-22");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:212:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imHassy.Sensor, "-31");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:217:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imHassy.Sensor, "-39");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:222:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imHassy.Sensor, "-39");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:223:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "H3DII");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:229:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imHassy.Sensor, "-40");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:234:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imHassy.Sensor, "-40");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:240:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "H3DII-50");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:241:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(imHassy.Sensor, "-50");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:246:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imHassy.Sensor, "-50");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:251:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imHassy.Sensor, "-50c");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:256:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(imHassy.Sensor, " II");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:258:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "X1D II 50C");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:259:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(normalized_model, "-II");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:261:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "X1D-50c");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:267:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imHassy.Sensor, "-60");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:272:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imHassy.Sensor, "-100c");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:279:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imHassy.Sensor, "-16");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:284:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imHassy.Sensor, "-20c");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:289:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imHassy.Sensor, "-22");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:296:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imHassy.Sensor, "-31");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:308:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imHassy.Sensor, "-39");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:318:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "H3D-39");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:323:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "H3DII-39");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:335:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imHassy.Sensor, "-40");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:349:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imHassy.Sensor, "-50");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:357:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "H3DII-50");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:371:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imHassy.Sensor, "-50c");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:375:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(imHassy.Sensor, " II");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:377:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "X1D II 50C");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:378:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(normalized_model, "-II");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:380:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "X1D-50c");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:387:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imHassy.Sensor, "-60");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:395:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imHassy.Sensor, "-80");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:401:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imHassy.Sensor, "-100c");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:409:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "V96C");
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:465:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ilm.Adapter, "XH");
data/libraw-0.20.2/src/metadata/identify.cpp:395:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char head[64] = {0}, *cp;
data/libraw-0.20.2/src/metadata/identify.cpp:508:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "Contax");
data/libraw-0.20.2/src/metadata/identify.cpp:509:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "N Digital");
data/libraw-0.20.2/src/metadata/identify.cpp:514:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "Logitech");
data/libraw-0.20.2/src/metadata/identify.cpp:515:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "Fotoman Pixtura");
data/libraw-0.20.2/src/metadata/identify.cpp:519:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "Apple");
data/libraw-0.20.2/src/metadata/identify.cpp:520:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "QuickTake 100");
data/libraw-0.20.2/src/metadata/identify.cpp:525:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "Apple");
data/libraw-0.20.2/src/metadata/identify.cpp:526:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "QuickTake 150");
data/libraw-0.20.2/src/metadata/identify.cpp:531:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(imFuji.SerialSignature, head + 0x10, 0x0c);
data/libraw-0.20.2/src/metadata/identify.cpp:535:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(model2, head + 0x3c, 4);
data/libraw-0.20.2/src/metadata/identify.cpp:582:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "NOKIA");
data/libraw-0.20.2/src/metadata/identify.cpp:617:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "ARRI");
data/libraw-0.20.2/src/metadata/identify.cpp:646:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "Red");
data/libraw-0.20.2/src/metadata/identify.cpp:647:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "One");
data/libraw-0.20.2/src/metadata/identify.cpp:668:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "RaspberryPi");
data/libraw-0.20.2/src/metadata/identify.cpp:669:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "Pi");
data/libraw-0.20.2/src/metadata/identify.cpp:680:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AtomNameStack[128];
data/libraw-0.20.2/src/metadata/identify.cpp:681:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "Canon");
data/libraw-0.20.2/src/metadata/identify.cpp:777:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "SonyRPF");
data/libraw-0.20.2/src/metadata/identify.cpp:797:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "OmniVision");
data/libraw-0.20.2/src/metadata/identify.cpp:815:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "Broadcom");
data/libraw-0.20.2/src/metadata/identify.cpp:816:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "RPi IMX219");
data/libraw-0.20.2/src/metadata/identify.cpp:831:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "Broadcom");
data/libraw-0.20.2/src/metadata/identify.cpp:833:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "RPi OV5647 v.1");
data/libraw-0.20.2/src/metadata/identify.cpp:835:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "RPi OV5647 v.2");
data/libraw-0.20.2/src/metadata/identify.cpp:869:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "Pentax");
data/libraw-0.20.2/src/metadata/identify.cpp:872:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "Kodak");
data/libraw-0.20.2/src/metadata/identify.cpp:1000:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "C603");
data/libraw-0.20.2/src/metadata/identify.cpp:1024:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(model, "%dx%d", width, height);
data/libraw-0.20.2/src/metadata/identify.cpp:1099:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rgb_cam, cmatrix, sizeof cmatrix);
data/libraw-0.20.2/src/metadata/identify.cpp:1652:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "E995");
data/libraw-0.20.2/src/metadata/identify.cpp:1657:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "E2500");
data/libraw-0.20.2/src/metadata/identify.cpp:1672:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "Minolta");
data/libraw-0.20.2/src/metadata/identify.cpp:1673:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "DiMAGE Z2");
data/libraw-0.20.2/src/metadata/identify.cpp:1678:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void LibRaw::identify_finetune_dcr(char head[64], int fsize, int flen)
data/libraw-0.20.2/src/metadata/identify.cpp:1841:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model + 10, "S2 IS"); // chdk hack
data/libraw-0.20.2/src/metadata/identify.cpp:2032:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(atoi(model + 1) < 3700)) // but not E3700;
data/libraw-0.20.2/src/metadata/identify.cpp:2137:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "ISG");
data/libraw-0.20.2/src/metadata/identify.cpp:2256:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)xtrans)[c] =
data/libraw-0.20.2/src/metadata/identify.cpp:2428:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "V96C");
data/libraw-0.20.2/src/metadata/identify.cpp:2545:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cdesc, "RBTG");
data/libraw-0.20.2/src/metadata/identify.cpp:2546:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "CatchLight");
data/libraw-0.20.2/src/metadata/identify.cpp:2555:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "DCB2");
data/libraw-0.20.2/src/metadata/identify.cpp:2567:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "Cantare");
data/libraw-0.20.2/src/metadata/identify.cpp:2593:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "Valeo 6");
data/libraw-0.20.2/src/metadata/identify.cpp:2601:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "Valeo 6");
data/libraw-0.20.2/src/metadata/identify.cpp:2656:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cdesc, "RGBE");
data/libraw-0.20.2/src/metadata/identify.cpp:2787:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cdesc, "MYCY");
data/libraw-0.20.2/src/metadata/identify.cpp:2870:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model + 10, "200");
data/libraw-0.20.2/src/metadata/kodak.cpp:150:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kti[1024];
data/libraw-0.20.2/src/metadata/kodak.cpp:175:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ilm.CurFocal = atoi(pkti + c);
data/libraw-0.20.2/src/metadata/kodak.cpp:189:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iso_speed = atoi(pkti + c);
data/libraw-0.20.2/src/metadata/kodak.cpp:194:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ilm.CurFocal = atoi(pkti + c);
data/libraw-0.20.2/src/metadata/leica.cpp:117:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(plln, "N/A");
data/libraw-0.20.2/src/metadata/leica.cpp:124:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(plln, "N/A");
data/libraw-0.20.2/src/metadata/leica.cpp:137:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(plibs, "N/A");
data/libraw-0.20.2/src/metadata/leica.cpp:155:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(plibs + 15, plibs + 9, 4);
data/libraw-0.20.2/src/metadata/leica.cpp:156:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(plibs + 12, plibs + 7, 2);
data/libraw-0.20.2/src/metadata/leica.cpp:157:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(plibs + 9, plibs + 5, 2);
data/libraw-0.20.2/src/metadata/leica.cpp:158:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(plibs + 6, plibs + 3, 2);
data/libraw-0.20.2/src/metadata/leica.cpp:163:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(plibs + 4, "20", 2);
data/libraw-0.20.2/src/metadata/leica.cpp:167:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(plibs + 4, "19", 2);
data/libraw-0.20.2/src/metadata/leica.cpp:182:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/libraw-0.20.2/src/metadata/leica.cpp:323:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ilm.Adapter, "M-Adapter L");
data/libraw-0.20.2/src/metadata/makernotes.cpp:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/libraw-0.20.2/src/metadata/makernotes.cpp:389:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/libraw-0.20.2/src/metadata/makernotes.cpp:390:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char another_buf[128];
data/libraw-0.20.2/src/metadata/mediumformat.cpp:218:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(model, imgdata.makernotes.phaseone.FirmwareString, 63);
data/libraw-0.20.2/src/metadata/mediumformat.cpp:237:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ilm.body, "Contax 645AF");
data/libraw-0.20.2/src/metadata/mediumformat.cpp:243:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ilm.body, "Mamiya 645");
data/libraw-0.20.2/src/metadata/mediumformat.cpp:249:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ilm.body, "Hasselblad H1/H2");
data/libraw-0.20.2/src/metadata/mediumformat.cpp:298:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "Phase One");
data/libraw-0.20.2/src/metadata/mediumformat.cpp:304:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "LightPhase");
data/libraw-0.20.2/src/metadata/mediumformat.cpp:307:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "H 10");
data/libraw-0.20.2/src/metadata/mediumformat.cpp:310:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "H 20");
data/libraw-0.20.2/src/metadata/mediumformat.cpp:313:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "H 25");
data/libraw-0.20.2/src/metadata/mediumformat.cpp:320:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[40];
data/libraw-0.20.2/src/metadata/mediumformat.cpp:417:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[sizeof(imgdata.shootinginfo.BodySerial)];
data/libraw-0.20.2/src/metadata/mediumformat.cpp:418:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *words[4];
data/libraw-0.20.2/src/metadata/mediumformat.cpp:426:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[sizeof(imgdata.shootinginfo.InternalBodySerial)];
data/libraw-0.20.2/src/metadata/mediumformat.cpp:427:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *words[4];
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t_make[12], t_model[15];
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tail[424];
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:154:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "CINE");
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:155:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(model, "%d", get4());
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:199:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[4];
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:236:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "SMaL");
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:237:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(model, "v%d %dx%d", ver, width, height);
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:247:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[4], date[64], month[64];
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:248:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char mon[12][4] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun",
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:297:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128], *val;
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:317:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
thumb_offset = atoi(val);
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:319:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raw_width = atoi(val);
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:321:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raw_height = atoi(val);
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:323:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
thumb_width = atoi(val);
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:325:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
thumb_height = atoi(val);
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:333:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
black = atoi(val) +1;
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:335:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch (atoi(val)) {
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:359:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "Rollei");
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:360:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "d530flex");
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:367:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[8], *cp;
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:554:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[20];
data/libraw-0.20.2/src/metadata/nikon.cpp:70:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ilm.LensFeatures_pre, "AF-P");
data/libraw-0.20.2/src/metadata/nikon.cpp:104:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ilm.Adapter, "FT-1");
data/libraw-0.20.2/src/metadata/nikon.cpp:159:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ilm.Adapter, "FTZ");
data/libraw-0.20.2/src/metadata/nikon.cpp:201:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.Lens, LensData + 390, 64);
data/libraw-0.20.2/src/metadata/nikon.cpp:205:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.Lens, LensData + 391, 64);
data/libraw-0.20.2/src/metadata/nikon.cpp:209:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilm.Lens, LensData + 680, 64);
data/libraw-0.20.2/src/metadata/nikon.cpp:250:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/libraw-0.20.2/src/metadata/nikon.cpp:501:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(imgdata.shootinginfo.BodySerial, "%d", serial);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t_model[20];
data/libraw-0.20.2/src/metadata/normalize_model.cpp:625:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ilm.body, "Ricoh GXR");
data/libraw-0.20.2/src/metadata/normalize_model.cpp:646:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "GXR A12 50mm");
data/libraw-0.20.2/src/metadata/normalize_model.cpp:653:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "GXR S10");
data/libraw-0.20.2/src/metadata/normalize_model.cpp:660:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "GXR P10");
data/libraw-0.20.2/src/metadata/normalize_model.cpp:667:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "GXR A12 28mm");
data/libraw-0.20.2/src/metadata/normalize_model.cpp:674:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "GXR A16");
data/libraw-0.20.2/src/metadata/normalize_model.cpp:681:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "GXR Mount A12");
data/libraw-0.20.2/src/metadata/normalize_model.cpp:775:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "Minolta");
data/libraw-0.20.2/src/metadata/normalize_model.cpp:789:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "Minolta");
data/libraw-0.20.2/src/metadata/normalize_model.cpp:796:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "Minolta");
data/libraw-0.20.2/src/metadata/normalize_model.cpp:886:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "Ricoh");
data/libraw-0.20.2/src/metadata/normalize_model.cpp:910:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "WB5500");
data/libraw-0.20.2/src/metadata/normalize_model.cpp:915:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "WB5000");
data/libraw-0.20.2/src/metadata/normalize_model.cpp:920:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "WB550");
data/libraw-0.20.2/src/metadata/normalize_model.cpp:925:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "WB500");
data/libraw-0.20.2/src/metadata/normalize_model.cpp:984:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "DC25");
data/libraw-0.20.2/src/metadata/normalize_model.cpp:989:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "DC40");
data/libraw-0.20.2/src/metadata/normalize_model.cpp:994:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "DC50");
data/libraw-0.20.2/src/metadata/normalize_model.cpp:999:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "DC120");
data/libraw-0.20.2/src/metadata/normalize_model.cpp:1032:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ilm.body, " shutter system");
data/libraw-0.20.2/src/metadata/normalize_model.cpp:1046:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ilm.body, "Contax 645");
data/libraw-0.20.2/src/metadata/normalize_model.cpp:1051:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ilm.body, "Hasselblad H1/H2");
data/libraw-0.20.2/src/metadata/normalize_model.cpp:1056:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ilm.body, "Mamiya 645");
data/libraw-0.20.2/src/metadata/normalize_model.cpp:1070:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ilm.body, "Fujifilm GX680");
data/libraw-0.20.2/src/metadata/normalize_model.cpp:1338:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ilm.LensID = atoi(ps + 9);
data/libraw-0.20.2/src/metadata/olympus.cpp:116:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bits[4];
data/libraw-0.20.2/src/metadata/olympus.cpp:160:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ilm.Teleconverter, "MC-20");
data/libraw-0.20.2/src/metadata/olympus.cpp:162:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ilm.Teleconverter, "MC-14");
data/libraw-0.20.2/src/metadata/olympus.cpp:164:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ilm.Teleconverter, "EC-20");
data/libraw-0.20.2/src/metadata/olympus.cpp:166:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ilm.Teleconverter, "EC-14"); }
data/libraw-0.20.2/src/metadata/p1.cpp:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t_model[32];
data/libraw-0.20.2/src/metadata/pentax.cpp:423:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(imgdata.shootinginfo.InternalBodySerial, "%d", get4());
data/libraw-0.20.2/src/metadata/pentax.cpp:442:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LensInfo[20];
data/libraw-0.20.2/src/metadata/pentax.cpp:454:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[17];
data/libraw-0.20.2/src/metadata/pentax.cpp:479:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(imgdata.shootinginfo.BodySerial, "%02x%02x%02x%02x", buffer[4],
data/libraw-0.20.2/src/metadata/pentax.cpp:481:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(imgdata.shootinginfo.InternalBodySerial, "%02x%02x%02x%02x",
data/libraw-0.20.2/src/metadata/pentax.cpp:508:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ilm.Attachment, "Wide-Angle Adapter");
data/libraw-0.20.2/src/metadata/pentax.cpp:530:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(imgdata.shootinginfo.BodySerial, buffer+4, 12);
data/libraw-0.20.2/src/metadata/pentax.cpp:534:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(imgdata.lens.LensSerial, buffer+4, 12);
data/libraw-0.20.2/src/metadata/sony.cpp:452:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ilm.Adapter, "MC-11");
data/libraw-0.20.2/src/metadata/sony.cpp:480:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ilm.LensFeatures_pre, "FE");
data/libraw-0.20.2/src/metadata/sony.cpp:482:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ilm.LensFeatures_pre, "DT");
data/libraw-0.20.2/src/metadata/sony.cpp:669:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ilm.Adapter, "MC-11");
data/libraw-0.20.2/src/metadata/sony.cpp:720:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(imgdata.shootinginfo.InternalBodySerial, "%06llx",
data/libraw-0.20.2/src/metadata/sony.cpp:733:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(imgdata.shootinginfo.InternalBodySerial, "%05llx",
data/libraw-0.20.2/src/metadata/sony.cpp:747:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(imgdata.shootinginfo.InternalBodySerial, "%04x",
data/libraw-0.20.2/src/metadata/sony.cpp:1738:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ilm.Adapter, "MC-11");
data/libraw-0.20.2/src/metadata/tiff.cpp:543:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "Sarnoff");
data/libraw-0.20.2/src/metadata/tiff.cpp:609:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
FORC(36)((char *)xtrans)[c] = fgetc(ifp) & 3;
data/libraw-0.20.2/src/metadata/tiff.cpp:632:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cfa_pc, "\003\004\005", 3); /* CMY */
data/libraw-0.20.2/src/metadata/tiff.cpp:634:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cfa_pc, "\005\003\004\001", 4); /* GMCY */
data/libraw-0.20.2/src/metadata/tiff.cpp:737:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "Leaf");
data/libraw-0.20.2/src/metadata/tiff.cpp:793:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "Imacon");
data/libraw-0.20.2/src/metadata/tiff.cpp:837:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(model, "Ixpress %d-Mp", c);
data/libraw-0.20.2/src/metadata/tiff.cpp:861:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "Hasselblad");
data/libraw-0.20.2/src/metadata/tiff.cpp:881:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(make, "DNG");
data/libraw-0.20.2/src/metadata/tiff.cpp:1281:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbuf[64];
data/libraw-0.20.2/src/metadata/tiff.cpp:1796:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cdesc, "RGBG");
data/libraw-0.20.2/src/postprocessing/mem_image.cpp:103:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(exif, "\xff\xe1 Exif\0\0", 10);
data/libraw-0.20.2/src/postprocessing/postprocessing_aux.cpp:325:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const signed char dir[8][2] = {{-1, -1}, {-1, 0}, {-1, 1}, {0, 1},
data/libraw-0.20.2/src/postprocessing/postprocessing_utils_dcrdefs.cpp:59:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_cam, rgb_cam, sizeof out_cam);
data/libraw-0.20.2/src/postprocessing/postprocessing_utils_dcrdefs.cpp:65:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oprof, phead, sizeof phead);
data/libraw-0.20.2/src/postprocessing/postprocessing_utils_dcrdefs.cpp:75:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oprof + 32, pbody, sizeof pbody);
data/libraw-0.20.2/src/postprocessing/postprocessing_utils_dcrdefs.cpp:77:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)oprof + pbody[8] + 8, pwhite, sizeof pwhite);
data/libraw-0.20.2/src/postprocessing/postprocessing_utils_dcrdefs.cpp:80:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)oprof + pbody[i * 3 + 2], pcurve, sizeof pcurve);
data/libraw-0.20.2/src/postprocessing/postprocessing_utils_dcrdefs.cpp:91:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)oprof + pbody[2] + 8, "auto-generated by dcraw");
data/libraw-0.20.2/src/postprocessing/postprocessing_utils_dcrdefs.cpp:117:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pre_mul, user_mul, sizeof pre_mul);
data/libraw-0.20.2/src/postprocessing/postprocessing_utils_dcrdefs.cpp:175:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pre_mul, cam_mul, sizeof pre_mul);
data/libraw-0.20.2/src/postprocessing/postprocessing_utils_dcrdefs.cpp:274:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(img, image, height * width * sizeof *image);
data/libraw-0.20.2/src/preprocessing/ext_preprocess.cpp:28:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, line[128];
data/libraw-0.20.2/src/preprocessing/ext_preprocess.cpp:35:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(cfname, "r");
data/libraw-0.20.2/src/preprocessing/ext_preprocess.cpp:76:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(fname, "rb")))
data/libraw-0.20.2/src/utils/curves.cpp:122:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gamm, g, sizeof gamm);
data/libraw-0.20.2/src/utils/open.cpp:197:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imgdata.idata.make, "BayerDump");
data/libraw-0.20.2/src/utils/open.cpp:259:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imgdata.idata.cdesc, "RGBG");
data/libraw-0.20.2/src/utils/read_utils.cpp:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[8];
data/libraw-0.20.2/src/utils/read_utils.cpp:107:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[8];
data/libraw-0.20.2/src/utils/thumb_utils.cpp:279:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *tfp = fopen(fname, "wb");
data/libraw-0.20.2/src/utils/utils_dcraw.cpp:23:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char filter[16][16] = {
data/libraw-0.20.2/src/utils/utils_libraw.cpp:94:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *string = (char *)malloc(strlen(list[i]) + 1);
data/libraw-0.20.2/src/write/apply_profile.cpp:47:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fp = fopen(output, "rb")))
data/libraw-0.20.2/src/write/file_write.cpp:46:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
FORC(4) tt->val.c[c] = ((char *)th)[val + c];
data/libraw-0.20.2/src/write/file_write.cpp:77:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(th->date, "%04d:%02d:%02d %02d:%02d:%02d", t->tm_year + 1900,
data/libraw-0.20.2/src/write/file_write.cpp:136:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(th->gps, gpsdata, sizeof th->gps);
data/libraw-0.20.2/src/write/file_write.cpp:148:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(exif, "\xff\xe1 Exif\0\0", 10);
data/libraw-0.20.2/src/write/tiff_writer.cpp:39:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "wb");
data/libraw-0.20.2/src/x3f/x3f_parse_process.cpp:142:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100], value[100];
data/libraw-0.20.2/src/x3f/x3f_parse_process.cpp:153:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
imgdata.other.iso_speed = atoi(value);
data/libraw-0.20.2/src/x3f/x3f_parse_process.cpp:163:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
imgdata.other.timestamp = atoi(value);
data/libraw-0.20.2/src/x3f/x3f_parse_process.cpp:238:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imgdata.idata.make, "SIGMA");
data/libraw-0.20.2/src/x3f/x3f_parse_process.cpp:243:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2048];
data/libraw-0.20.2/src/x3f/x3f_parse_process.cpp:263:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imgdata.idata.model, "sd Quattro H");
data/libraw-0.20.2/src/x3f/x3f_parse_process.cpp:265:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(imgdata.idata.model, "dp2 Quattro");
data/libraw-0.20.2/src/x3f/x3f_utils_patched.cpp:771:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/libraw-0.20.2/src/x3f/x3f_utils_patched.cpp:811:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/libraw-0.20.2/src/x3f/x3f_utils_patched.cpp:825:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100];
data/libraw-0.20.2/src/x3f/x3f_utils_patched.cpp:826:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[100];
data/libraw-0.20.2/src/x3f/x3f_utils_patched.cpp:832:43: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
: (sprintf(buf1, "%x", t->leaf), buf1),
data/libraw-0.20.2/src/x3f/x3f_utils_patched.cpp:1860:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entry->matrix_decoded, entry->matrix_data, size);
data/libraw-0.20.2/internal/dcraw_defs.h:31:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf, string, LIM(sizeof(buf) - strbuflen(buf) - 1, 0, sizeof(buf)))
data/libraw-0.20.2/internal/var_defines.h:198:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define fread(ptr,size,n,stream) stream->read(ptr,size,n)
data/libraw-0.20.2/internal/var_defines.h:204:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#ifdef getc
data/libraw-0.20.2/internal/var_defines.h:205:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#undef getc
data/libraw-0.20.2/internal/var_defines.h:207:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define getc(stream) stream->get_char()
data/libraw-0.20.2/internal/var_defines.h:208:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define fgetc(stream) stream->get_char()
data/libraw-0.20.2/libraw/libraw_datastream.h:90:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual int read(void *, size_t, size_t) = 0;
data/libraw-0.20.2/libraw/libraw_datastream.h:142:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual int read(void *ptr, size_t size, size_t nmemb);
data/libraw-0.20.2/libraw/libraw_datastream.h:164:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual int read(void *ptr, size_t sz, size_t nmemb);
data/libraw-0.20.2/libraw/libraw_datastream.h:193:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual int read(void *ptr, size_t size, size_t nmemb);
data/libraw-0.20.2/libraw/libraw_datastream.h:209:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return fgetc(f);
data/libraw-0.20.2/libraw/libraw_datastream.h:284:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
parent_stream->read(data, 1, count);
data/libraw-0.20.2/samples/4channels.cpp:156:11: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(lname, "2");
data/libraw-0.20.2/samples/dcraw_emu.cpp:394:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(OUT.p4shot_order, argv[arg++], 5);
data/libraw-0.20.2/samples/dcraw_emu.cpp:537:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (st.st_size != (rd = read(file, iobuffer, st.st_size)))
data/libraw-0.20.2/samples/dcraw_emu.cpp:607:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outfn, outext, sizeof(outfn));
data/libraw-0.20.2/samples/dcraw_emu.cpp:610:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outfn, argv[arg], sizeof(outfn));
data/libraw-0.20.2/samples/dcraw_emu.cpp:611:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(outfn) > 0)
data/libraw-0.20.2/samples/dcraw_emu.cpp:613:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *lastchar = outfn + strlen(outfn); // points to term 0
data/libraw-0.20.2/samples/dcraw_emu.cpp:625:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(outfn, ".", sizeof(outfn) - strlen(outfn) - 1);
data/libraw-0.20.2/samples/dcraw_emu.cpp:625:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(outfn, ".", sizeof(outfn) - strlen(outfn) - 1);
data/libraw-0.20.2/samples/dcraw_emu.cpp:626:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(outfn, outext, sizeof(outfn) - strlen(outfn) - 1);
data/libraw-0.20.2/samples/dcraw_emu.cpp:626:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(outfn, outext, sizeof(outfn) - strlen(outfn) - 1);
data/libraw-0.20.2/samples/raw-identify.cpp:509:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(p);
data/libraw-0.20.2/src/decoders/crx.cpp:211:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bitStrm->curBufSize = bitStrm->input->read(
data/libraw-0.20.2/src/decoders/crx.cpp:2458:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
libraw_internal_data.internal_data.input->read(hdrBuf, 1, hdr.mdatHdrSize);
data/libraw-0.20.2/src/decoders/decoders_dcraw.cpp:40:42: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!reset && vbits < nbits && (c = fgetc(ifp)) != (unsigned)EOF &&
data/libraw-0.20.2/src/decoders/decoders_dcraw.cpp:41:50: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
!(reset = zero_after_ff && c == 0xff && fgetc(ifp)))
data/libraw-0.20.2/src/decoders/decoders_dcraw.cpp:259:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(ifp);
data/libraw-0.20.2/src/decoders/decoders_dcraw.cpp:318:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(ifp);
data/libraw-0.20.2/src/decoders/decoders_dcraw.cpp:395:35: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mark = (mark << 8) + (c = fgetc(ifp));
data/libraw-0.20.2/src/decoders/decoders_dcraw.cpp:460:35: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mark = (mark << 8) + (c = fgetc(ifp));
data/libraw-0.20.2/src/decoders/decoders_dcraw.cpp:807:25: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FORC(dep) bit[1][c] = fgetc(ifp);
data/libraw-0.20.2/src/decoders/decoders_dcraw.cpp:836:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ver0 = fgetc(ifp);
data/libraw-0.20.2/src/decoders/decoders_dcraw.cpp:837:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ver1 = fgetc(ifp);
data/libraw-0.20.2/src/decoders/decoders_dcraw.cpp:884:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ver0 = fgetc(ifp);
data/libraw-0.20.2/src/decoders/decoders_dcraw.cpp:885:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ver1 = fgetc(ifp);
data/libraw-0.20.2/src/decoders/decoders_dcraw.cpp:961:35: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FORC(6) bitbuf |= (UINT64)fgetc(ifp) << c * 8;
data/libraw-0.20.2/src/decoders/decoders_dcraw.cpp:1411:24: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fseek(ifp, (unsigned)fgetc(ifp) * 4 - 1, SEEK_CUR);
data/libraw-0.20.2/src/decoders/decoders_dcraw.cpp:1676:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
opt = fgetc(ifp);
data/libraw-0.20.2/src/decoders/decoders_libraw.cpp:197:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
libraw_internal_data.internal_data.input->read(buf, 1, linelen);
data/libraw-0.20.2/src/decoders/decoders_libraw.cpp:218:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
libraw_internal_data.internal_data.input->read(buf, 1, linelen);
data/libraw-0.20.2/src/decoders/decoders_libraw.cpp:248:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
libraw_internal_data.internal_data.input->read(
data/libraw-0.20.2/src/decoders/decoders_libraw.cpp:364:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (libraw_internal_data.internal_data.input->read(
data/libraw-0.20.2/src/decoders/decoders_libraw.cpp:433:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (libraw_internal_data.internal_data.input->read(
data/libraw-0.20.2/src/decoders/decoders_libraw.cpp:513:49: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
libraw_internal_data.internal_data.input->read(rd, 3,
data/libraw-0.20.2/src/decoders/fp_dng.cpp:346:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
libraw_internal_data.internal_data.input->read(cBuffer, 1, tBytes[t]);
data/libraw-0.20.2/src/decoders/fuji_compressed.cpp:149:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
info->cur_buf_size = info->input->read(
data/libraw-0.20.2/src/decoders/fuji_compressed.cpp:1036:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
libraw_internal_data.internal_data.input->read(
data/libraw-0.20.2/src/decoders/fuji_compressed.cpp:1090:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
libraw_internal_data.internal_data.input->read(header, 1, sizeof(header));
data/libraw-0.20.2/src/decoders/generic.cpp:75:31: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bitbuf |= (unsigned(fgetc(ifp)) << i);
data/libraw-0.20.2/src/decoders/generic.cpp:79:48: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (load_flags & 1 && (col % 10) == 9 && fgetc(ifp) &&
data/libraw-0.20.2/src/decoders/kodak_decoders.cpp:402:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(ifp);
data/libraw-0.20.2/src/decoders/kodak_decoders.cpp:419:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bitbuf = fgetc(ifp) << 8;
data/libraw-0.20.2/src/decoders/kodak_decoders.cpp:420:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bitbuf += fgetc(ifp);
data/libraw-0.20.2/src/decoders/kodak_decoders.cpp:429:26: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bitbuf += (INT64)fgetc(ifp) << (bits + (j ^ 8));
data/libraw-0.20.2/src/decoders/smal.cpp:166:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nseg = (uchar)fgetc(ifp);
data/libraw-0.20.2/src/decoders/smal.cpp:171:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
holes = fgetc(ifp);
data/libraw-0.20.2/src/decoders/unpack_thumb.cpp:111:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ID.input->read(T.thumb, 1, T.tlength);
data/libraw-0.20.2/src/decoders/unpack_thumb.cpp:132:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ID.input->read(T.thumb, 1, T.tlength);
data/libraw-0.20.2/src/decoders/unpack_thumb.cpp:166:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ID.input->read(tbuf, colors, T.tlength);
data/libraw-0.20.2/src/decoders/unpack_thumb.cpp:267:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ID.input->read(dest, sz, 1);
data/libraw-0.20.2/src/decoders/unpack_thumb.cpp:291:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ID.input->read(T.thumb, 1, T.tlength);
data/libraw-0.20.2/src/decoders/unpack_thumb.cpp:315:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ID.input->read(t_thumb, 1, i_length);
data/libraw-0.20.2/src/integration/rawspeed_glue.cpp:90:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(_rawspeed_data_xml[i]);
data/libraw-0.20.2/src/integration/rawspeed_glue.cpp:100:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ll = strlen(_rawspeed_data_xml[i]);
data/libraw-0.20.2/src/integration/rawspeed_glue.cpp:177:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ID.input->read(_rawspeed_buffer, _rawspeed_buffer_sz, 1);
data/libraw-0.20.2/src/integration/rawspeed_glue.cpp:252:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(RDE.what(), "Decoder canceled", strlen("Decoder canceled")))
data/libraw-0.20.2/src/libraw_datastream.cpp:75:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nbytes = src->instream->read((void*)src->buffer, 1, LR_JPEG_INPUT_BUF_SIZE);
data/libraw-0.20.2/src/libraw_datastream.cpp:240:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int LibRaw_file_datastream::read(void *ptr, size_t size, size_t nmemb)
data/libraw-0.20.2/src/libraw_datastream.cpp:360:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int LibRaw_buffer_datastream::read(void *ptr, size_t sz, size_t nmemb)
data/libraw-0.20.2/src/libraw_datastream.cpp:570:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int LibRaw_bigfile_datastream::read(void *ptr, size_t size, size_t nmemb)
data/libraw-0.20.2/src/metadata/cr3_parser.cpp:239:56: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FORC4 nmAtom[c] = AtomNameStack[nesting * 4 + c] = fgetc(ifp);
data/libraw-0.20.2/src/metadata/cr3_parser.cpp:362:30: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FORC4 HandlerType[c] = fgetc(ifp);
data/libraw-0.20.2/src/metadata/cr3_parser.cpp:382:32: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FORC4 MediaFormatID[c] = fgetc(ifp);
data/libraw-0.20.2/src/metadata/exif_gps.cpp:307:23: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
exif_cfa |= fgetc(ifp) * 0x01010101U << c;
data/libraw-0.20.2/src/metadata/exif_gps.cpp:347:41: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imgdata.other.parsed_gps.latref = getc(ifp);
data/libraw-0.20.2/src/metadata/exif_gps.cpp:350:42: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imgdata.other.parsed_gps.longref = getc(ifp);
data/libraw-0.20.2/src/metadata/exif_gps.cpp:353:41: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imgdata.other.parsed_gps.altref = getc(ifp);
data/libraw-0.20.2/src/metadata/exif_gps.cpp:371:44: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imgdata.other.parsed_gps.gpsstatus = getc(ifp);
data/libraw-0.20.2/src/metadata/exif_gps.cpp:398:31: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gpsdata[29 + tag / 2] = getc(ifp);
data/libraw-0.20.2/src/metadata/fuji.cpp:686:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ifp->read(FujiSerial, MIN(len,sizeof(FujiSerial)), 1);
data/libraw-0.20.2/src/metadata/fuji.cpp:697:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(imgdata.shootinginfo.InternalBodySerial, words[0],
data/libraw-0.20.2/src/metadata/fuji.cpp:705:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(imgdata.shootinginfo.InternalBodySerial, tbuf,
data/libraw-0.20.2/src/metadata/fuji.cpp:711:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(
data/libraw-0.20.2/src/metadata/fuji.cpp:718:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(
data/libraw-0.20.2/src/metadata/fuji.cpp:725:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(
data/libraw-0.20.2/src/metadata/fuji.cpp:743:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ynum, words[i], ynum_len);
data/libraw-0.20.2/src/metadata/fuji.cpp:776:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(imgdata.shootinginfo.InternalBodySerial, tbuf,
data/libraw-0.20.2/src/metadata/fuji.cpp:789:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(imgdata.shootinginfo.InternalBodySerial, tbuf,
data/libraw-0.20.2/src/metadata/fuji.cpp:935:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fuji_layout = fgetc(ifp) >> 7;
data/libraw-0.20.2/src/metadata/fuji.cpp:936:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fuji_width = !(fgetc(ifp) & 8);
data/libraw-0.20.2/src/metadata/fuji.cpp:944:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int q = fgetc(ifp);
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:96:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(model, model+1, MIN(sizeof(model)-1,strlen(model)));
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:122:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else c = strlen(imgdata.color.LocalizedCameraModel);
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:127:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(normalized_model, imgdata.color.UniqueCameraModel,sizeof(imgdata.color.UniqueCameraModel)-1);
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:136:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_model, imgdata.color.UniqueCameraModel, sizeof(imgdata.color.UniqueCameraModel) - 1);
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:143:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(imHassy.CaptureSequenceInitiator, model,31);
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:148:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(model, tmp_model,63);
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:156:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(imHassy.SensorUnit, model,63);
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:161:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(imHassy.Sensor, ps,7);
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:165:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(imHassy.HostBody, model,63);
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:168:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(model, tmp_model,63);
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:173:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(imHassy.HostBody, model,63);
data/libraw-0.20.2/src/metadata/hasselblad_model.cpp:432:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(imHassy.Sensor, imHassy.Sensor+1, strlen(imHassy.Sensor));
data/libraw-0.20.2/src/metadata/identify.cpp:156:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strncasecmp(model,alist[i].a_model,strlen(alist[i].a_model)) && software
data/libraw-0.20.2/src/metadata/identify.cpp:157:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& !strncasecmp(software,alist[i].a_software,strlen(alist[i].a_software))
data/libraw-0.20.2/src/metadata/identify.cpp:502:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(ifp) != 0xff)
data/libraw-0.20.2/src/metadata/identify.cpp:533:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(model, head + 0x1c, 0x20);
data/libraw-0.20.2/src/metadata/identify.cpp:883:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(model, model + 7, strlen(model) - 6);
data/libraw-0.20.2/src/metadata/identify.cpp:885:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(model, model + 1, strlen(model));
data/libraw-0.20.2/src/metadata/identify.cpp:889:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(model, model + 15, strlen(model) - 14);
data/libraw-0.20.2/src/metadata/identify_tools.cpp:60:32: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bitbuf |= (unsigned)(fgetc(ifp) << i);
data/libraw-0.20.2/src/metadata/identify_tools.cpp:79:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(p);
data/libraw-0.20.2/src/metadata/identify_tools.cpp:111:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int fill_len = strlen(subStr);
data/libraw-0.20.2/src/metadata/identify_tools.cpp:122:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int orig_len = strlen(string);
data/libraw-0.20.2/src/metadata/kodak.cpp:164:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((int)strlen(pkti) > c) && (!strncasecmp(pkti, "Camera body:", c)))
data/libraw-0.20.2/src/metadata/kodak.cpp:166:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((pkti[c] == ' ') && (c < (int)strlen(pkti)))
data/libraw-0.20.2/src/metadata/kodak.cpp:173:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((int)strlen(pkti) > c) && (!strncasecmp(pkti, "Lens:", c)))
data/libraw-0.20.2/src/metadata/kodak.cpp:178:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((int)strlen(pkti) > c) && (!strncasecmp(pkti, "Aperture:", c)))
data/libraw-0.20.2/src/metadata/kodak.cpp:180:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (((pkti[c] == ' ') || (pkti[c] == 'f')) && (c < (int)strlen(pkti)))
data/libraw-0.20.2/src/metadata/kodak.cpp:187:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((int)strlen(pkti) > c) && (!strncasecmp(pkti, "ISO Speed:", c)))
data/libraw-0.20.2/src/metadata/kodak.cpp:192:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((int)strlen(pkti) > c) && (!strncasecmp(pkti, "Focal Length:", c)))
data/libraw-0.20.2/src/metadata/kodak.cpp:197:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((int)strlen(pkti) > c) && (!strncasecmp(pkti, "Max Aperture:", c)))
data/libraw-0.20.2/src/metadata/kodak.cpp:199:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (((pkti[c] == ' ') || (pkti[c] == 'f')) && (c < (int)strlen(pkti)))
data/libraw-0.20.2/src/metadata/kodak.cpp:206:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((int)strlen(pkti) > c) && (!strncasecmp(pkti, "Min Aperture:", c)))
data/libraw-0.20.2/src/metadata/kodak.cpp:208:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (((pkti[c] == ' ') || (pkti[c] == 'f')) && (c < (int)strlen(pkti)))
data/libraw-0.20.2/src/metadata/kodak.cpp:288:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
wbi = fgetc(ifp);
data/libraw-0.20.2/src/metadata/leica.cpp:276:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ci = fgetc(ifp);
data/libraw-0.20.2/src/metadata/leica.cpp:277:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cj = fgetc(ifp);
data/libraw-0.20.2/src/metadata/leica.cpp:286:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ci = fgetc(ifp);
data/libraw-0.20.2/src/metadata/leica.cpp:287:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cj = fgetc(ifp);
data/libraw-0.20.2/src/metadata/leica.cpp:320:50: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((tag == 0x0304) && (len == 1) && ((c = fgetc(ifp)) != 0) &&
data/libraw-0.20.2/src/metadata/minolta.cpp:28:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(ifp) || fgetc(ifp) - 'M' || fgetc(ifp) - 'R')
data/libraw-0.20.2/src/metadata/minolta.cpp:28:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(ifp) || fgetc(ifp) - 'M' || fgetc(ifp) - 'R')
data/libraw-0.20.2/src/metadata/minolta.cpp:28:41: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(ifp) || fgetc(ifp) - 'M' || fgetc(ifp) - 'R')
data/libraw-0.20.2/src/metadata/minolta.cpp:30:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
order = fgetc(ifp) * 0x101;
data/libraw-0.20.2/src/metadata/minolta.cpp:39:24: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tag = tag << 8 | fgetc(ifp);
data/libraw-0.20.2/src/metadata/minolta.cpp:54:40: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imSony.prd_RawBitDepth = (ushort)fgetc(ifp);
data/libraw-0.20.2/src/metadata/minolta.cpp:55:42: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imSony.prd_StorageMethod = (ushort)fgetc(ifp);
data/libraw-0.20.2/src/metadata/minolta.cpp:57:41: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imSony.prd_BayerPattern = (ushort)fgetc(ifp);
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:89:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (getc(ifp) > 15)
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:227:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ver = fgetc(ifp);
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:442:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(ifp) != 0xff || fgetc(ifp) != 0xd8)
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:442:29: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(ifp) != 0xff || fgetc(ifp) != 0xd8)
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:445:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (fgetc(ifp) == 0xff && (mark = fgetc(ifp)) != 0xda)
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:445:40: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (fgetc(ifp) == 0xff && (mark = fgetc(ifp)) != 0xda)
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:452:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(ifp);
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:540:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
histo[fgetc(ifp)]++;
data/libraw-0.20.2/src/metadata/misc_parsers.cpp:560:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
str[i] = fgetc(ifp);
data/libraw-0.20.2/src/metadata/nikon.cpp:318:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ci = fgetc(ifp);
data/libraw-0.20.2/src/metadata/nikon.cpp:319:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cj = fgetc(ifp);
data/libraw-0.20.2/src/metadata/nikon.cpp:320:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ck = fgetc(ifp);
data/libraw-0.20.2/src/metadata/nikon.cpp:482:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(ifp)) && (len-- > 0) && (c != (unsigned)EOF))
data/libraw-0.20.2/src/metadata/nikon.cpp:522:52: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
libraw_powf64l(2.0f, double((uchar)fgetc(ifp)) / 12.0 - 5.0));
data/libraw-0.20.2/src/metadata/nikon.cpp:553:37: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imgdata.lens.nikon.LensType = fgetc(ifp);
data/libraw-0.20.2/src/metadata/nikon.cpp:564:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ci = fgetc(ifp);
data/libraw-0.20.2/src/metadata/nikon.cpp:565:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cj = fgetc(ifp);
data/libraw-0.20.2/src/metadata/nikon.cpp:566:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ck = fgetc(ifp);
data/libraw-0.20.2/src/metadata/nikon.cpp:589:46: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imNikon.ColorBalanceVersion * 10 + fgetc(ifp) - '0';
data/libraw-0.20.2/src/metadata/nikon.cpp:662:42: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imNikon.LensDataVersion * 10 + fgetc(ifp) - '0';
data/libraw-0.20.2/src/metadata/nikon.cpp:705:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imNikon.key = fgetc(ifp) ^ fgetc(ifp) ^ fgetc(ifp) ^ fgetc(ifp);
data/libraw-0.20.2/src/metadata/nikon.cpp:705:34: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imNikon.key = fgetc(ifp) ^ fgetc(ifp) ^ fgetc(ifp) ^ fgetc(ifp);
data/libraw-0.20.2/src/metadata/nikon.cpp:705:47: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imNikon.key = fgetc(ifp) ^ fgetc(ifp) ^ fgetc(ifp) ^ fgetc(ifp);
data/libraw-0.20.2/src/metadata/nikon.cpp:705:60: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imNikon.key = fgetc(ifp) ^ fgetc(ifp) ^ fgetc(ifp) ^ fgetc(ifp);
data/libraw-0.20.2/src/metadata/nikon.cpp:745:43: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imNikon.FlashInfoVersion * 10 + fgetc(ifp) - '0';
data/libraw-0.20.2/src/metadata/nikon.cpp:756:28: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imNikon.AFFineTune = fgetc(ifp);
data/libraw-0.20.2/src/metadata/nikon.cpp:757:33: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imNikon.AFFineTuneIndex = fgetc(ifp);
data/libraw-0.20.2/src/metadata/nikon.cpp:758:39: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imNikon.AFFineTuneAdj = (int8_t)fgetc(ifp);
data/libraw-0.20.2/src/metadata/nikon.cpp:781:36: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
WhiteBalanceAdj_active = fgetc(ifp);
data/libraw-0.20.2/src/metadata/normalize_model.cpp:1005:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(model, KodakMonochrome[i], strlen(KodakMonochrome[i])))
data/libraw-0.20.2/src/metadata/normalize_model.cpp:1186:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(Kodak_mounts[i].Kmodel)))
data/libraw-0.20.2/src/metadata/normalize_model.cpp:1335:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ilm.LensMount == LIBRAW_MOUNT_Samsung_NX) && xmpdata && (strlen(xmpdata) > 9) &&
data/libraw-0.20.2/src/metadata/olympus.cpp:152:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ilm.TeleconverterID = fgetc(ifp) << 8;
data/libraw-0.20.2/src/metadata/olympus.cpp:153:5: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(ifp);
data/libraw-0.20.2/src/metadata/olympus.cpp:154:49: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ilm.TeleconverterID = ilm.TeleconverterID | fgetc(ifp);
data/libraw-0.20.2/src/metadata/olympus.cpp:158:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(ilm.Teleconverter) && strchr(ilm.Lens, '+')) {
data/libraw-0.20.2/src/metadata/pentax.cpp:323:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned a = unsigned(fgetc(ifp)) << 8;
data/libraw-0.20.2/src/metadata/pentax.cpp:324:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ilm.LensID = a | fgetc(ifp);
data/libraw-0.20.2/src/metadata/pentax.cpp:328:41: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imCommon.CameraTemperature = (float)fgetc(ifp);
data/libraw-0.20.2/src/metadata/pentax.cpp:335:48: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imCommon.FlashEC = (float)((signed short)fgetc(ifp)) / 6.0f;
data/libraw-0.20.2/src/metadata/pentax.cpp:339:5: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(ifp);
data/libraw-0.20.2/src/metadata/pentax.cpp:340:54: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imgdata.shootinginfo.ImageStabilization = (short)fgetc(ifp);
data/libraw-0.20.2/src/metadata/pentax.cpp:354:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
short a = (short)fgetc(ifp);
data/libraw-0.20.2/src/metadata/pentax.cpp:390:32: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imPentax.MultiExposure = fgetc(ifp) & 0x0f;
data/libraw-0.20.2/src/metadata/pentax.cpp:432:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(ifp);
data/libraw-0.20.2/src/metadata/pentax.cpp:435:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
wb_ind = getc(ifp);
data/libraw-0.20.2/src/metadata/pentax.cpp:445:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ilm.Lens, " ");
data/libraw-0.20.2/src/metadata/sony.cpp:478:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ilm.LensFeatures_pre, "E");
data/libraw-0.20.2/src/metadata/sony.cpp:1061:56: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FORC4 imSony.FileFormat = imSony.FileFormat * 10 + fgetc(ifp);
data/libraw-0.20.2/src/metadata/sony.cpp:1547:34: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imSony.AFAreaModeSetting = fgetc(ifp);
data/libraw-0.20.2/src/metadata/sony.cpp:1571:32: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imSony.AFPointSelected = fgetc(ifp);
data/libraw-0.20.2/src/metadata/sony.cpp:1590:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imSony.AFTracking = fgetc(ifp);
data/libraw-0.20.2/src/metadata/sony.cpp:1623:35: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imSony.numInPixelShiftGroup = fgetc(ifp);
data/libraw-0.20.2/src/metadata/sony.cpp:1624:38: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
imSony.nShotsInPixelShiftGroup = fgetc(ifp);
data/libraw-0.20.2/src/metadata/tiff.cpp:233:24: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ilm.LensID = fgetc(ifp);
data/libraw-0.20.2/src/metadata/tiff.cpp:245:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
utmp = (fgetc(ifp) << 8) | fgetc(ifp);
data/libraw-0.20.2/src/metadata/tiff.cpp:245:38: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
utmp = (fgetc(ifp) << 8) | fgetc(ifp);
data/libraw-0.20.2/src/metadata/tiff.cpp:335:57: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((type != LIBRAW_EXIFTAG_TYPE_UNDEFINED) || (fgetc(ifp) != 0xff) || (fgetc(ifp) != 0xd8))
data/libraw-0.20.2/src/metadata/tiff.cpp:335:81: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((type != LIBRAW_EXIFTAG_TYPE_UNDEFINED) || (fgetc(ifp) != 0xff) || (fgetc(ifp) != 0xd8))
data/libraw-0.20.2/src/metadata/tiff.cpp:609:39: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FORC(36)((char *)xtrans)[c] = fgetc(ifp) & 3;
data/libraw-0.20.2/src/metadata/tiff.cpp:617:33: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FORC(36) xtrans[0][c] = fgetc(ifp) & 3;
data/libraw-0.20.2/src/metadata/tiff.cpp:879:48: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FORC4 dng_version = (dng_version << 8) + fgetc(ifp);
data/libraw-0.20.2/src/metadata/tiff.cpp:888:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(make, imgdata.color.UniqueCameraModel,
data/libraw-0.20.2/src/preprocessing/ext_preprocess.cpp:81:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(fp) != 'P' || fgetc(fp) != '5')
data/libraw-0.20.2/src/preprocessing/ext_preprocess.cpp:81:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(fp) != 'P' || fgetc(fp) != '5')
data/libraw-0.20.2/src/preprocessing/ext_preprocess.cpp:83:35: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!error && nd < 3 && (c = fgetc(fp)) != EOF)
data/libraw-0.20.2/src/tables/colordata.cpp:1704:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned l = strlen(table[i].prefix);
data/libraw-0.20.2/src/utils/open.cpp:982:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ID.input->read(C.profile, C.profile_length, 1);
data/libraw-0.20.2/src/utils/read_utils.cpp:97:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
u.c[i ^ rev] = fgetc(ifp);
data/libraw-0.20.2/src/utils/read_utils.cpp:100:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return fgetc(ifp);
data/libraw-0.20.2/src/utils/utils_dcraw.cpp:76:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncasecmp(c, needle, strlen(needle)))
data/libraw-0.20.2/src/utils/utils_libraw.cpp:92:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(list[i]) < 10)
data/libraw-0.20.2/src/utils/utils_libraw.cpp:94:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *string = (char *)malloc(strlen(list[i]) + 1);
data/libraw-0.20.2/src/utils/utils_libraw.cpp:145:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(table[index].t_make, start, sizeof(table[index].t_make) - 1);
data/libraw-0.20.2/src/utils/utils_libraw.cpp:148:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(table[index].t_model, start, sizeof(table[index].t_model) - 1);
data/libraw-0.20.2/src/utils/utils_libraw.cpp:572:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int r = fp->read(buf, len, 1);
data/libraw-0.20.2/src/write/file_write.cpp:72:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(th->t_desc, desc, 512);
data/libraw-0.20.2/src/write/file_write.cpp:73:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(th->t_make, make, 64);
data/libraw-0.20.2/src/write/file_write.cpp:74:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(th->t_model, model, 64);
data/libraw-0.20.2/src/write/file_write.cpp:79:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(th->t_artist, artist, 64);
data/libraw-0.20.2/src/x3f/x3f_parse_process.cpp:244:49: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
libraw_internal_data.internal_data.input->read(buf, 2048, 1);
data/libraw-0.20.2/src/x3f/x3f_utils_patched.cpp:64:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->read(str, 1, 2);
data/libraw-0.20.2/src/x3f/x3f_utils_patched.cpp:76:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->read(str, 1, 4);
data/libraw-0.20.2/src/x3f/x3f_utils_patched.cpp:129:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define GETN(_v, _s) PUT_GET_N(_v, _s, I->input.file, read)
ANALYSIS SUMMARY:
Hits = 770
Lines analyzed = 59225 in approximately 1.80 seconds (32859 lines/second)
Physical Source Lines of Code (SLOC) = 51892
Hits@level = [0] 624 [1] 225 [2] 445 [3] 0 [4] 92 [5] 8
Hits@level+ = [0+] 1394 [1+] 770 [2+] 545 [3+] 100 [4+] 100 [5+] 8
Hits/KSLOC@level+ = [0+] 26.8635 [1+] 14.8385 [2+] 10.5026 [3+] 1.92708 [4+] 1.92708 [5+] 0.154166
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.