Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libvisio-0.1.7/src/fuzz/vsdxfuzzer.cpp Examining data/libvisio-0.1.7/src/fuzz/vdxfuzzer.cpp Examining data/libvisio-0.1.7/src/fuzz/vsdfuzzer.cpp Examining data/libvisio-0.1.7/src/lib/VSDOutputElementList.cpp Examining data/libvisio-0.1.7/src/lib/VSDParser.h Examining data/libvisio-0.1.7/src/lib/VSDPages.h Examining data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp Examining data/libvisio-0.1.7/src/lib/VSDXTheme.h Examining data/libvisio-0.1.7/src/lib/VSDInternalStream.h Examining data/libvisio-0.1.7/src/lib/VSDCharacterList.cpp Examining data/libvisio-0.1.7/src/lib/VSDContentCollector.h Examining data/libvisio-0.1.7/src/lib/VSDXMetaData.h Examining data/libvisio-0.1.7/src/lib/VSDStencils.cpp Examining data/libvisio-0.1.7/src/lib/VSDParser.cpp Examining data/libvisio-0.1.7/src/lib/VSDParagraphList.h Examining data/libvisio-0.1.7/src/lib/VSDFieldList.h Examining data/libvisio-0.1.7/src/lib/VSDStylesCollector.h Examining data/libvisio-0.1.7/src/lib/VSDDocumentStructure.h Examining data/libvisio-0.1.7/src/lib/VSDStyles.cpp Examining data/libvisio-0.1.7/src/lib/VSDGeometryList.h Examining data/libvisio-0.1.7/src/lib/libvisio_xml.h Examining data/libvisio-0.1.7/src/lib/VDXParser.cpp Examining data/libvisio-0.1.7/src/lib/VSDLayerList.cpp Examining data/libvisio-0.1.7/src/lib/VSD5Parser.cpp Examining data/libvisio-0.1.7/src/lib/VSDXMLTokenMap.h Examining data/libvisio-0.1.7/src/lib/VSDXTheme.cpp Examining data/libvisio-0.1.7/src/lib/libvisio_utils.h Examining data/libvisio-0.1.7/src/lib/VSDXParser.h Examining data/libvisio-0.1.7/src/lib/VSDXMLTokenMap.cpp Examining data/libvisio-0.1.7/src/lib/tokens.h Examining data/libvisio-0.1.7/src/lib/VSDInternalStream.cpp Examining data/libvisio-0.1.7/src/lib/VSDStyles.h Examining data/libvisio-0.1.7/src/lib/VSDOutputElementList.h Examining data/libvisio-0.1.7/src/lib/VSDCharacterList.h Examining data/libvisio-0.1.7/src/lib/VSDMetaData.cpp Examining data/libvisio-0.1.7/src/lib/VSDShapeList.h Examining data/libvisio-0.1.7/src/lib/VSDFieldList.cpp Examining data/libvisio-0.1.7/src/lib/VSDPages.cpp Examining data/libvisio-0.1.7/src/lib/VSD6Parser.cpp Examining data/libvisio-0.1.7/src/lib/VSDXMetaData.cpp Examining data/libvisio-0.1.7/src/lib/VSDParagraphList.cpp Examining data/libvisio-0.1.7/src/lib/VSDMetaData.h Examining data/libvisio-0.1.7/src/lib/libvisio_utils.cpp Examining data/libvisio-0.1.7/src/lib/VisioDocument.cpp Examining data/libvisio-0.1.7/src/lib/VSDXParser.cpp Examining data/libvisio-0.1.7/src/lib/VSDXMLHelper.h Examining data/libvisio-0.1.7/src/lib/tokenhash.h Examining data/libvisio-0.1.7/src/lib/VSDShapeList.cpp Examining data/libvisio-0.1.7/src/lib/VSDStencils.h Examining data/libvisio-0.1.7/src/lib/VSDTypes.h Examining data/libvisio-0.1.7/src/lib/VSD6Parser.h Examining data/libvisio-0.1.7/src/lib/VSDCollector.h Examining data/libvisio-0.1.7/src/lib/VDXParser.h Examining data/libvisio-0.1.7/src/lib/VSD5Parser.h Examining data/libvisio-0.1.7/src/lib/VSDLayerList.h Examining data/libvisio-0.1.7/src/lib/libvisio_xml.cpp Examining data/libvisio-0.1.7/src/lib/VSDXMLHelper.cpp Examining data/libvisio-0.1.7/src/lib/VSDGeometryList.cpp Examining data/libvisio-0.1.7/src/lib/VSDXMLParserBase.cpp Examining data/libvisio-0.1.7/src/lib/VSDXMLParserBase.h Examining data/libvisio-0.1.7/src/lib/VSDStylesCollector.cpp Examining data/libvisio-0.1.7/src/conv/raw/vss2raw.cpp Examining data/libvisio-0.1.7/src/conv/raw/vsd2raw.cpp Examining data/libvisio-0.1.7/src/conv/text/vss2text.cpp Examining data/libvisio-0.1.7/src/conv/text/vsd2text.cpp Examining data/libvisio-0.1.7/src/conv/svg/vsd2xhtml.cpp Examining data/libvisio-0.1.7/src/conv/svg/vss2xhtml.cpp Examining data/libvisio-0.1.7/src/test/VSDInternalStreamTest.cpp Examining data/libvisio-0.1.7/src/test/xmldrawinggenerator.cpp Examining data/libvisio-0.1.7/src/test/importtest.cpp Examining data/libvisio-0.1.7/src/test/test.cpp Examining data/libvisio-0.1.7/src/test/xmldrawinggenerator.h Examining data/libvisio-0.1.7/inc/libvisio/libvisio.h Examining data/libvisio-0.1.7/inc/libvisio/VisioDocument.h FINAL RESULTS: data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:341:16: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. stringId.sprintf("id%u", shapeId); data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:354:16: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. stringId.sprintf("id%u", shapeId); data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:447:18: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. stringId.sprintf("id%u", shapeId); data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:537:18: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. stringId.sprintf("id%u", shapeId); data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:1797:16: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. filename.sprintf("binarydump%08u.bmp", bitmapId++); data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:1800:16: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. filename.sprintf("binarydump%08u.jpeg", bitmapId++); data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:1803:16: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. filename.sprintf("binarydump%08u.gif", bitmapId++); data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:1806:16: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. filename.sprintf("binarydump%08u.tiff", bitmapId++); data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:1809:16: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. filename.sprintf("binarydump%08u.png", bitmapId++); data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:1812:16: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. filename.sprintf("binarydump%08u.bin", bitmapId++); data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:1821:16: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. filename.sprintf("binarydump%08u.emf", bitmapId++); data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:1823:16: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. filename.sprintf("binarydump%08u.wmf", bitmapId++); data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:1826:14: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. filename.sprintf("binarydump%08u.ole", bitmapId++); data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:1828:14: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. filename.sprintf("binarydump%08u.bin", bitmapId++); data/libvisio-0.1.7/src/lib/VSDFieldList.cpp:78:16: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. tempString.sprintf(format, 0.0, postfix); data/libvisio-0.1.7/src/lib/VSDFieldList.cpp:80:16: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. tempString.sprintf(format, value, postfix); data/libvisio-0.1.7/src/lib/VSDXTheme.cpp:237:14: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. typeFace.sprintf("%s", (const char *)sTypeFace.get()); data/libvisio-0.1.7/src/lib/libvisio_utils.cpp:106:11: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sColour.sprintf("#%.2x%.2x%.2x", c.r, c.g, c.b); data/libvisio-0.1.7/src/lib/libvisio_utils.cpp:150:8: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. std::vfprintf(stderr, format, args); data/libvisio-0.1.7/src/lib/libvisio_utils.h:32:62: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define VSD_ATTRIBUTE_PRINTF(fmt, arg) __attribute__((format(printf, fmt, arg))) data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:774:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmpBuffer[0], m_currentText.m_data.getDataBuffer(), m_currentText.m_data.size()); data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:1830:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(filename.cstr(), "wb"); data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:2845:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmpData[0], data.getDataBuffer(), data.size()); data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:3822:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmpData[0], layerMem.m_data.getDataBuffer(), layerMem.m_data.size()); data/libvisio-0.1.7/src/lib/VSDFieldList.cpp:60:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MAX_BUFFER]; data/libvisio-0.1.7/src/lib/VSDInternalStream.cpp:32:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[4096] = { 0 }; data/libvisio-0.1.7/src/lib/VSDMetaData.cpp:116:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char FMTID0[37]; data/libvisio-0.1.7/src/lib/VSDMetaData.cpp:117:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(FMTID0, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", data1, data2, data3, data/libvisio-0.1.7/src/lib/VSDMetaData.cpp:338:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MAX_BUFFER]; data/libvisio-0.1.7/src/lib/libvisio_utils.cpp:138:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char outbuf[U8_MAX_LENGTH+1]; data/libvisio-0.1.7/src/lib/libvisio_xml.cpp:48:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, tmpBuffer, tmpNumBytesRead); data/libvisio-0.1.7/src/lib/VSD6Parser.cpp:73:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const unsigned char *tmpBuffer = input->read(m_header.dataLength - 8, numBytesRead); data/libvisio-0.1.7/src/lib/VSD6Parser.cpp:95:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const unsigned char *tmpBuffer = input->read(textLength, numBytesRead); data/libvisio-0.1.7/src/lib/VSD6Parser.cpp:211:47: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const unsigned char *tmpBuffer = input->read(numBytes, numBytesRead); data/libvisio-0.1.7/src/lib/VSD6Parser.cpp:316:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const unsigned char *tmpBuffer = input->read(m_header.dataLength, numBytesRead); data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:876:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen(textIt()) == 3 && data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:3634:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const auto last = first + strlen(formatString); data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:3827:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const auto last = first + strlen(first); data/libvisio-0.1.7/src/lib/VSDInternalStream.cpp:21:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const unsigned char *tmpBuffer = input->read(size, tmpNumBytesRead); data/libvisio-0.1.7/src/lib/VSDInternalStream.cpp:78:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const unsigned char *VSDInternalStream::read(unsigned long numBytes, unsigned long &numBytesRead) data/libvisio-0.1.7/src/lib/VSDInternalStream.h:48:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const unsigned char *read(unsigned long numBytes, unsigned long &numBytesRead) override; data/libvisio-0.1.7/src/lib/VSDParser.cpp:768:40: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const unsigned char *buffer = input->read(m_header.dataLength, tmpBytesRead); data/libvisio-0.1.7/src/lib/VSDParser.cpp:786:40: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const unsigned char *buffer = input->read(m_header.dataLength, tmpBytesRead); data/libvisio-0.1.7/src/lib/VSDParser.cpp:1072:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const unsigned char *tmpBuffer = input->read(textLength*2, numBytesRead); data/libvisio-0.1.7/src/lib/VSDParser.cpp:1909:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const unsigned char *tmpBuffer = input->read(m_header.dataLength - 8, numBytesRead); data/libvisio-0.1.7/src/lib/VSDParser.cpp:2039:47: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const unsigned char *tmpBuffer = input->read(numBytes, numBytesRead); data/libvisio-0.1.7/src/lib/VSDParser.cpp:2148:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const unsigned char *tmpBuffer = input->read(m_header.dataLength, numBytesRead); data/libvisio-0.1.7/src/lib/VSDXMLParserBase.cpp:1981:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const auto last = first + strlen(first); data/libvisio-0.1.7/src/lib/VSDXMLParserBase.cpp:2034:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const auto last = first + strlen(first); data/libvisio-0.1.7/src/lib/VSDXMLParserBase.cpp:2248:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const auto last = first + strlen(first); data/libvisio-0.1.7/src/lib/VSDXParser.cpp:543:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const unsigned char *buffer = stream->read(VSDX_DATA_READ_SIZE, numBytesRead); data/libvisio-0.1.7/src/lib/VisioDocument.cpp:39:40: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const unsigned char *buffer = input->read(VSD_NUM_ELEMENTS(magic), numBytesRead); data/libvisio-0.1.7/src/lib/VisioDocument.cpp:41:36: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. && std::equal(magic, magic + VSD_NUM_ELEMENTS(magic), buffer); data/libvisio-0.1.7/src/lib/libvisio_utils.cpp:24:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uint8_t const *p = input->read(sizeof(uint8_t), numBytesRead); data/libvisio-0.1.7/src/lib/libvisio_utils.cpp:40:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uint8_t const *p = input->read(sizeof(uint16_t), numBytesRead); data/libvisio-0.1.7/src/lib/libvisio_utils.cpp:61:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uint8_t const *p = input->read(sizeof(uint32_t), numBytesRead); data/libvisio-0.1.7/src/lib/libvisio_utils.cpp:82:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uint8_t const *p = input->read(sizeof(uint64_t), numBytesRead); data/libvisio-0.1.7/src/lib/libvisio_xml.cpp:45:45: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const unsigned char *tmpBuffer = input->read(len, tmpNumBytesRead); data/libvisio-0.1.7/src/test/VSDInternalStreamTest.cpp:58:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const unsigned char *s = strm.read(1, readBytes); data/libvisio-0.1.7/src/test/VSDInternalStreamTest.cpp:70:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const unsigned char *s = strm.read(sizeof(data), readBytes); data/libvisio-0.1.7/src/test/VSDInternalStreamTest.cpp:72:23: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. CPPUNIT_ASSERT(std::equal(data, data + sizeof(data), s)); data/libvisio-0.1.7/src/test/importtest.cpp:112:45: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const unsigned char *const bytes = input->read(4, numBytesRead); ANALYSIS SUMMARY: Hits = 62 Lines analyzed = 24497 in approximately 0.61 seconds (39893 lines/second) Physical Source Lines of Code (SLOC) = 20849 Hits@level = [0] 75 [1] 31 [2] 11 [3] 0 [4] 20 [5] 0 Hits@level+ = [0+] 137 [1+] 62 [2+] 31 [3+] 20 [4+] 20 [5+] 0 Hits/KSLOC@level+ = [0+] 6.57106 [1+] 2.97376 [2+] 1.48688 [3+] 0.959279 [4+] 0.959279 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.