Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/librevenge-0.0.4/src/lib/librevenge_internal.h
Examining data/librevenge-0.0.4/src/lib/RVNGMemoryStream.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGTextTextGenerator.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGOLEStream.h
Examining data/librevenge-0.0.4/src/lib/RVNGStreamImplementation.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGDirectoryStream.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGOLEStream.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGHTMLTextGenerator.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGProperty.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGRawGeneratorBase.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGRawGeneratorBase.h
Examining data/librevenge-0.0.4/src/lib/RVNGRawDrawingGenerator.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGSVGPresentationGenerator.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGStringVector.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGPropertyListVector.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGTextSpreadsheetGenerator.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGHTMLTextTextStyle.h
Examining data/librevenge-0.0.4/src/lib/RVNGHTMLTextTableStyle.h
Examining data/librevenge-0.0.4/src/lib/RVNGHTMLTextTextStyle.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGString.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGPropertyList.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGRawTextGenerator.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGMemoryStream.h
Examining data/librevenge-0.0.4/src/lib/RVNGSVGDrawingGenerator.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGBinaryData.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGTextPresentationGenerator.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGRawPresentationGenerator.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGTextDrawingGenerator.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGHTMLTextTableStyle.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGCSVSpreadsheetGenerator.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGRawSpreadsheetGenerator.cpp
Examining data/librevenge-0.0.4/src/lib/RVNGZipStream.h
Examining data/librevenge-0.0.4/src/test/RVNGBinaryDataTest.cpp
Examining data/librevenge-0.0.4/src/test/RVNGFileInfo.cpp
Examining data/librevenge-0.0.4/src/test/RVNGStringTest.cpp
Examining data/librevenge-0.0.4/src/test/RVNGStreamTest.cpp
Examining data/librevenge-0.0.4/src/test/RVNGOLEStreamTest.cpp
Examining data/librevenge-0.0.4/src/test/test.cpp
Examining data/librevenge-0.0.4/src/test/RVNGStringIterTest.cpp
Examining data/librevenge-0.0.4/src/test/RVNGDirectoryStreamTest.cpp
Examining data/librevenge-0.0.4/inc/librevenge/librevenge-api.h
Examining data/librevenge-0.0.4/inc/librevenge/RVNGSVGDrawingGenerator.h
Examining data/librevenge-0.0.4/inc/librevenge/RVNGBinaryData.h
Examining data/librevenge-0.0.4/inc/librevenge/RVNGDrawingInterface.h
Examining data/librevenge-0.0.4/inc/librevenge/RVNGString.h
Examining data/librevenge-0.0.4/inc/librevenge/RVNGTextInterface.h
Examining data/librevenge-0.0.4/inc/librevenge/RVNGPresentationInterface.h
Examining data/librevenge-0.0.4/inc/librevenge/RVNGStringVector.h
Examining data/librevenge-0.0.4/inc/librevenge/RVNGProperty.h
Examining data/librevenge-0.0.4/inc/librevenge/RVNGPropertyList.h
Examining data/librevenge-0.0.4/inc/librevenge/librevenge.h
Examining data/librevenge-0.0.4/inc/librevenge/RVNGPropertyListVector.h
Examining data/librevenge-0.0.4/inc/librevenge/RVNGSpreadsheetInterface.h
Examining data/librevenge-0.0.4/inc/librevenge-stream/librevenge-stream-api.h
Examining data/librevenge-0.0.4/inc/librevenge-stream/librevenge-stream.h
Examining data/librevenge-0.0.4/inc/librevenge-stream/RVNGStreamImplementation.h
Examining data/librevenge-0.0.4/inc/librevenge-stream/RVNGDirectoryStream.h
Examining data/librevenge-0.0.4/inc/librevenge-stream/RVNGStream.h
Examining data/librevenge-0.0.4/inc/librevenge-generators/RVNGRawTextGenerator.h
Examining data/librevenge-0.0.4/inc/librevenge-generators/RVNGTextTextGenerator.h
Examining data/librevenge-0.0.4/inc/librevenge-generators/RVNGHTMLTextGenerator.h
Examining data/librevenge-0.0.4/inc/librevenge-generators/RVNGRawDrawingGenerator.h
Examining data/librevenge-0.0.4/inc/librevenge-generators/RVNGCSVSpreadsheetGenerator.h
Examining data/librevenge-0.0.4/inc/librevenge-generators/RVNGSVGPresentationGenerator.h
Examining data/librevenge-0.0.4/inc/librevenge-generators/RVNGRawSpreadsheetGenerator.h
Examining data/librevenge-0.0.4/inc/librevenge-generators/RVNGRawPresentationGenerator.h
Examining data/librevenge-0.0.4/inc/librevenge-generators/librevenge-generators.h
Examining data/librevenge-0.0.4/inc/librevenge-generators/RVNGTextDrawingGenerator.h
Examining data/librevenge-0.0.4/inc/librevenge-generators/librevenge-generators-api.h
Examining data/librevenge-0.0.4/inc/librevenge-generators/RVNGTextSpreadsheetGenerator.h
Examining data/librevenge-0.0.4/inc/librevenge-generators/RVNGTextPresentationGenerator.h
FINAL RESULTS:
data/librevenge-0.0.4/inc/librevenge/RVNGString.h:76:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
void sprintf(const char *format, ...) REVENGE_ATTRIBUTE_PRINTF(2, 3);
data/librevenge-0.0.4/inc/librevenge/librevenge-api.h:39:66: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define REVENGE_ATTRIBUTE_PRINTF(fmt, arg) __attribute__((format(printf, fmt, arg)))
data/librevenge-0.0.4/src/lib/RVNGProperty.cpp:39:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
tempString.sprintf("0.0000");
data/librevenge-0.0.4/src/lib/RVNGProperty.cpp:41:14: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
tempString.sprintf("%.4f", value);
data/librevenge-0.0.4/src/lib/RVNGProperty.cpp:281:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("%d", m_val);
data/librevenge-0.0.4/src/lib/RVNGProperty.cpp:393:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("%i*", getInt());
data/librevenge-0.0.4/src/lib/RVNGRawGeneratorBase.cpp:53:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, args);
data/librevenge-0.0.4/src/lib/RVNGRawGeneratorBase.cpp:64:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, args);
data/librevenge-0.0.4/src/lib/RVNGRawGeneratorBase.cpp:77:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, args);
data/librevenge-0.0.4/src/lib/RVNGSVGDrawingGenerator.cpp:772:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
layer.sprintf("Layer%d", m_pImpl->m_layerId++);
data/librevenge-0.0.4/src/lib/RVNGSVGDrawingGenerator.cpp:793:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
group.sprintf("Group%d", m_pImpl->m_groupId++);
data/librevenge-0.0.4/src/lib/RVNGSVGPresentationGenerator.cpp:575:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
layer.sprintf("Layer%d", m_impl->m_layerId++);
data/librevenge-0.0.4/src/lib/RVNGString.cpp:32:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/librevenge-0.0.4/src/lib/RVNGString.cpp:179:18: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
void RVNGString::sprintf(const char *format, ...)
data/librevenge-0.0.4/src/lib/RVNGString.cpp:190:17: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int outsize = vsnprintf(buf, size_t(bufsize), format, args);
data/librevenge-0.0.4/src/lib/RVNGTextTextGenerator.cpp:52:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
mark.sprintf("%d", nextNote);
data/librevenge-0.0.4/src/lib/RVNGTextTextGenerator.cpp:58:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
mark.sprintf("%d", nextNote);
data/librevenge-0.0.4/src/lib/librevenge_internal.h:31:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define RVNG_DEBUG_MSG(M) printf M
data/librevenge-0.0.4/src/lib/RVNGCSVSpreadsheetGenerator.cpp:426:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/librevenge-0.0.4/src/lib/RVNGHTMLTextGenerator.cpp:365:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char const *wpdMetaFields[9]=
data/librevenge-0.0.4/src/lib/RVNGHTMLTextGenerator.cpp:370:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char const *metaFields[9]=
data/librevenge-0.0.4/src/lib/RVNGOLEStream.cpp:113:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_magic[8]; // signature, or magic identifier
data/librevenge-0.0.4/src/lib/RVNGOLEStream.cpp:794:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, s_ole_magic, 8); // ole signature
data/librevenge-0.0.4/src/lib/RVNGOLEStream.cpp:1292:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+bytes, buf, numBytesRead);
data/librevenge-0.0.4/src/lib/RVNGOLEStream.cpp:1342:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + bytes, &tmpBuf[offset], p);
data/librevenge-0.0.4/src/lib/RVNGOLEStream.cpp:1514:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m_data[wPos], &buffer[0], wSize);
data/librevenge-0.0.4/src/lib/RVNGOLEStream.cpp:1581:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &m_data[size_t(pos)], count);
data/librevenge-0.0.4/src/lib/RVNGOLEStream.cpp:1608:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+totalbytes, &buf[offset], count);
data/librevenge-0.0.4/src/lib/RVNGOLEStream.cpp:1630:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+totalbytes, &buf[offset], count);
data/librevenge-0.0.4/src/lib/RVNGStreamImplementation.cpp:100:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buffer[0], data, dataSize);
data/librevenge-0.0.4/src/lib/RVNGStreamImplementation.cpp:111:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
d->file = fopen(filename, "rb");
data/librevenge-0.0.4/src/lib/RVNGString.cpp:41:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char librvng_utf8_skip_data[256] =
data/librevenge-0.0.4/src/lib/RVNGString.cpp:184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char firstBuffer[FIRST_BUF_SIZE];
data/librevenge-0.0.4/src/test/RVNGStreamTest.cpp:62:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(TMP_FILENAME, "w");
data/librevenge-0.0.4/inc/librevenge-stream/RVNGDirectoryStream.h:78:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual const unsigned char *read(unsigned long numBytes, unsigned long &numBytesRead);
data/librevenge-0.0.4/inc/librevenge-stream/RVNGStream.h:69:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual const unsigned char *read(unsigned long numBytes, unsigned long &numBytesRead) = 0;
data/librevenge-0.0.4/inc/librevenge-stream/RVNGStreamImplementation.h:38:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *read(unsigned long numBytes, unsigned long &numBytesRead);
data/librevenge-0.0.4/inc/librevenge-stream/RVNGStreamImplementation.h:64:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *read(unsigned long numBytes, unsigned long &numBytesRead);
data/librevenge-0.0.4/src/lib/RVNGDirectoryStream.cpp:202:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *RVNGDirectoryStream::read(const unsigned long, unsigned long &numBytesRead)
data/librevenge-0.0.4/src/lib/RVNGMemoryStream.cpp:38:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *RVNGMemoryInputStream::read(unsigned long numBytes, unsigned long &numBytesRead)
data/librevenge-0.0.4/src/lib/RVNGMemoryStream.h:57:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *read(unsigned long numBytes, unsigned long &numBytesRead);
data/librevenge-0.0.4/src/lib/RVNGOLEStream.cpp:704:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned long read(unsigned char *data, unsigned long maxlen)
data/librevenge-0.0.4/src/lib/RVNGOLEStream.cpp:1184:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *buf = m_input->read(512, numBytesRead);
data/librevenge-0.0.4/src/lib/RVNGOLEStream.cpp:1291:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *buf = m_input->read(p, numBytesRead);
data/librevenge-0.0.4/src/lib/RVNGOLEStream.cpp:1703:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ok = leafStream.read(&buffer[0], sz) == sz;
data/librevenge-0.0.4/src/lib/RVNGOLEStream.cpp:1802:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned long librevenge::Stream::read(unsigned char *data, unsigned long maxlen)
data/librevenge-0.0.4/src/lib/RVNGOLEStream.cpp:1804:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return m_io ? m_io->read(data, maxlen) : 0;
data/librevenge-0.0.4/src/lib/RVNGOLEStream.h:115:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned long read(unsigned char *data, unsigned long maxlen);
data/librevenge-0.0.4/src/lib/RVNGStreamImplementation.cpp:147:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *RVNGFileStream::read(unsigned long numBytes, unsigned long &numBytesRead)
data/librevenge-0.0.4/src/lib/RVNGStreamImplementation.cpp:363:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmpLength = tmpStream.read(&buf[0], tmpStream.size());
data/librevenge-0.0.4/src/lib/RVNGStreamImplementation.cpp:392:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *RVNGStringStream::read(unsigned long numBytes, unsigned long &numBytesRead)
data/librevenge-0.0.4/src/lib/RVNGStreamImplementation.cpp:540:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmpLength = tmpStream.read(&buf[0], tmpStream.size());
data/librevenge-0.0.4/src/lib/RVNGString.cpp:234:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_stringImpl->appendEscapedXML(s, std::strlen(s));
data/librevenge-0.0.4/src/lib/RVNGString.cpp:346:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int curCharLength = m_curChar ? int(unsigned(std::strlen(m_curChar))) : 0;
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:112:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *ret = input->read(2, numBytesRead);
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:121:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *ret = input->read(4, numBytesRead);
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:152:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned long read;
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:153:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *data=input->read((unsigned long) end.comment_size, read);
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:153:76: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *data=input->read((unsigned long) end.comment_size, read);
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:154:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!data || read!=(unsigned long) end.comment_size)
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:201:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned long read;
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:202:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *data=input->read((unsigned long) entry.filename_size, read);
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:202:79: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *data=input->read((unsigned long) entry.filename_size, read);
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:203:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!data || read!=(unsigned long) entry.filename_size)
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:210:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned long read;
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:211:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *data=input->read((unsigned long) entry.extra_field_size, read);
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:211:82: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *data=input->read((unsigned long) entry.extra_field_size, read);
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:212:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!data || read!=(unsigned long) entry.extra_field_size)
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:219:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned long read;
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:220:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *data=input->read((unsigned long) entry.file_comment_size, read);
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:220:83: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *data=input->read((unsigned long) entry.file_comment_size, read);
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:221:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!data || read!=(unsigned long) entry.file_comment_size)
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:259:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned long read;
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:260:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *data=input->read((unsigned long) header.filename_size, read);
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:260:80: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *data=input->read((unsigned long) header.filename_size, read);
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:261:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!data || read!=(unsigned long) header.filename_size)
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:268:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned long read;
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:269:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *data=input->read((unsigned long) header.extra_field_size, read);
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:269:83: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *data=input->read((unsigned long) header.extra_field_size, read);
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:270:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!data || read!=(unsigned long) header.extra_field_size)
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:317:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
input->read((unsigned long) toCheck, numBytesRead);
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:346:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t name_size = strlen(name);
data/librevenge-0.0.4/src/lib/RVNGZipStream.cpp:434:69: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned char *compressedData = const_cast<unsigned char *>(input->read(entry.compressed_size, numBytesRead));
data/librevenge-0.0.4/src/test/RVNGBinaryDataTest.cpp:29:12: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
using std::equal;
data/librevenge-0.0.4/src/test/RVNGBinaryDataTest.cpp:30:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
using std::strlen;
data/librevenge-0.0.4/src/test/RVNGBinaryDataTest.cpp:40:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(str);
data/librevenge-0.0.4/src/test/RVNGBinaryDataTest.cpp:47:9: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal(str, str + len, reinterpret_cast<const char *>(binaryData.getDataBuffer()));
data/librevenge-0.0.4/src/test/RVNGBinaryDataTest.cpp:79:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const RVNGBinaryData data(reinterpret_cast<const unsigned char *>(plain), strlen(plain));
data/librevenge-0.0.4/src/test/RVNGBinaryDataTest.cpp:130:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
CPPUNIT_ASSERT(equal(input, input + len, data.getDataBuffer()));
data/librevenge-0.0.4/src/test/RVNGBinaryDataTest.cpp:136:18: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
CPPUNIT_ASSERT(equal(input, input + len, copy.getDataBuffer()));
data/librevenge-0.0.4/src/test/RVNGBinaryDataTest.cpp:141:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
CPPUNIT_ASSERT(equal(input, input + len, data.getDataBuffer()));
data/librevenge-0.0.4/src/test/RVNGBinaryDataTest.cpp:150:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
CPPUNIT_ASSERT(equal(input, input + len, assign.getDataBuffer()));
data/librevenge-0.0.4/src/test/RVNGBinaryDataTest.cpp:176:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
CPPUNIT_ASSERT(equal(input, input + len, data2.getDataBuffer()));
data/librevenge-0.0.4/src/test/RVNGBinaryDataTest.cpp:225:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CPPUNIT_ASSERT(NULL == input->read(0, numBytesRead));
data/librevenge-0.0.4/src/test/RVNGBinaryDataTest.cpp:228:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CPPUNIT_ASSERT(NULL != input->read(1, numBytesRead));
data/librevenge-0.0.4/src/test/RVNGBinaryDataTest.cpp:232:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CPPUNIT_ASSERT(NULL != input->read(50, numBytesRead));
data/librevenge-0.0.4/src/test/RVNGDirectoryStreamTest.cpp:188:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CPPUNIT_ASSERT(0 == dir.read(1, numBytesRead));
data/librevenge-0.0.4/src/test/RVNGOLEStreamTest.cpp:74:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *const bytes = input->read(static_cast<unsigned long>(end), readBytes);
data/librevenge-0.0.4/src/test/RVNGStreamTest.cpp:83:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CPPUNIT_ASSERT(NULL == input->read(0, numBytesRead));
data/librevenge-0.0.4/src/test/RVNGStreamTest.cpp:86:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CPPUNIT_ASSERT(NULL != input->read(1, numBytesRead));
data/librevenge-0.0.4/src/test/RVNGStreamTest.cpp:90:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CPPUNIT_ASSERT(NULL != input->read(50, numBytesRead));
data/librevenge-0.0.4/src/test/RVNGStreamTest.cpp:124:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CPPUNIT_ASSERT(NULL == input->read(0, numBytesRead));
data/librevenge-0.0.4/src/test/RVNGStreamTest.cpp:127:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CPPUNIT_ASSERT(NULL != input->read(1, numBytesRead));
data/librevenge-0.0.4/src/test/RVNGStreamTest.cpp:131:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CPPUNIT_ASSERT(NULL != input->read(50, numBytesRead));
data/librevenge-0.0.4/src/test/RVNGStringTest.cpp:33:12: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
using std::equal;
data/librevenge-0.0.4/src/test/RVNGStringTest.cpp:35:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
using std::strlen;
data/librevenge-0.0.4/src/test/RVNGStringTest.cpp:42:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(expected);
data/librevenge-0.0.4/src/test/RVNGStringTest.cpp:50:18: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
CPPUNIT_ASSERT(equal(expected, expected + len, str.cstr()));
data/librevenge-0.0.4/src/test/RVNGStringTest.cpp:59:18: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
CPPUNIT_ASSERT(equal(expected, expected + len, str.cstr()));
data/librevenge-0.0.4/src/test/RVNGStringTest.cpp:67:18: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
CPPUNIT_ASSERT(equal(expected, expected + len, str.cstr()));
data/librevenge-0.0.4/src/test/RVNGStringTest.cpp:75:18: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
CPPUNIT_ASSERT(equal(expected, expected + len, str.cstr()));
data/librevenge-0.0.4/src/test/RVNGStringTest.cpp:123:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
CPPUNIT_ASSERT(equal(input, input + len, str.cstr()));
data/librevenge-0.0.4/src/test/RVNGStringTest.cpp:129:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
CPPUNIT_ASSERT(equal(input, input + len, copy.cstr()));
data/librevenge-0.0.4/src/test/RVNGStringTest.cpp:136:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
CPPUNIT_ASSERT(equal(input, input + len, assign.cstr()));
data/librevenge-0.0.4/src/test/RVNGStringTest.cpp:143:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
CPPUNIT_ASSERT(equal(input, input + len, assign.cstr()));
data/librevenge-0.0.4/src/test/RVNGStringTest.cpp:169:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
CPPUNIT_ASSERT(equal(input, input + len, str2.cstr()));
ANALYSIS SUMMARY:
Hits = 116
Lines analyzed = 19144 in approximately 0.55 seconds (34566 lines/second)
Physical Source Lines of Code (SLOC) = 13109
Hits@level = [0] 18 [1] 82 [2] 16 [3] 0 [4] 18 [5] 0
Hits@level+ = [0+] 134 [1+] 116 [2+] 34 [3+] 18 [4+] 18 [5+] 0
Hits/KSLOC@level+ = [0+] 10.222 [1+] 8.84888 [2+] 2.59364 [3+] 1.3731 [4+] 1.3731 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.