Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libvisio-0.1.7/src/fuzz/vsdxfuzzer.cpp
Examining data/libvisio-0.1.7/src/fuzz/vdxfuzzer.cpp
Examining data/libvisio-0.1.7/src/fuzz/vsdfuzzer.cpp
Examining data/libvisio-0.1.7/src/lib/VSDOutputElementList.cpp
Examining data/libvisio-0.1.7/src/lib/VSDParser.h
Examining data/libvisio-0.1.7/src/lib/VSDPages.h
Examining data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp
Examining data/libvisio-0.1.7/src/lib/VSDXTheme.h
Examining data/libvisio-0.1.7/src/lib/VSDInternalStream.h
Examining data/libvisio-0.1.7/src/lib/VSDCharacterList.cpp
Examining data/libvisio-0.1.7/src/lib/VSDContentCollector.h
Examining data/libvisio-0.1.7/src/lib/VSDXMetaData.h
Examining data/libvisio-0.1.7/src/lib/VSDStencils.cpp
Examining data/libvisio-0.1.7/src/lib/VSDParser.cpp
Examining data/libvisio-0.1.7/src/lib/VSDParagraphList.h
Examining data/libvisio-0.1.7/src/lib/VSDFieldList.h
Examining data/libvisio-0.1.7/src/lib/VSDStylesCollector.h
Examining data/libvisio-0.1.7/src/lib/VSDDocumentStructure.h
Examining data/libvisio-0.1.7/src/lib/VSDStyles.cpp
Examining data/libvisio-0.1.7/src/lib/VSDGeometryList.h
Examining data/libvisio-0.1.7/src/lib/libvisio_xml.h
Examining data/libvisio-0.1.7/src/lib/VDXParser.cpp
Examining data/libvisio-0.1.7/src/lib/VSDLayerList.cpp
Examining data/libvisio-0.1.7/src/lib/VSD5Parser.cpp
Examining data/libvisio-0.1.7/src/lib/VSDXMLTokenMap.h
Examining data/libvisio-0.1.7/src/lib/VSDXTheme.cpp
Examining data/libvisio-0.1.7/src/lib/libvisio_utils.h
Examining data/libvisio-0.1.7/src/lib/VSDXParser.h
Examining data/libvisio-0.1.7/src/lib/VSDXMLTokenMap.cpp
Examining data/libvisio-0.1.7/src/lib/tokens.h
Examining data/libvisio-0.1.7/src/lib/VSDInternalStream.cpp
Examining data/libvisio-0.1.7/src/lib/VSDStyles.h
Examining data/libvisio-0.1.7/src/lib/VSDOutputElementList.h
Examining data/libvisio-0.1.7/src/lib/VSDCharacterList.h
Examining data/libvisio-0.1.7/src/lib/VSDMetaData.cpp
Examining data/libvisio-0.1.7/src/lib/VSDShapeList.h
Examining data/libvisio-0.1.7/src/lib/VSDFieldList.cpp
Examining data/libvisio-0.1.7/src/lib/VSDPages.cpp
Examining data/libvisio-0.1.7/src/lib/VSD6Parser.cpp
Examining data/libvisio-0.1.7/src/lib/VSDXMetaData.cpp
Examining data/libvisio-0.1.7/src/lib/VSDParagraphList.cpp
Examining data/libvisio-0.1.7/src/lib/VSDMetaData.h
Examining data/libvisio-0.1.7/src/lib/libvisio_utils.cpp
Examining data/libvisio-0.1.7/src/lib/VisioDocument.cpp
Examining data/libvisio-0.1.7/src/lib/VSDXParser.cpp
Examining data/libvisio-0.1.7/src/lib/VSDXMLHelper.h
Examining data/libvisio-0.1.7/src/lib/tokenhash.h
Examining data/libvisio-0.1.7/src/lib/VSDShapeList.cpp
Examining data/libvisio-0.1.7/src/lib/VSDStencils.h
Examining data/libvisio-0.1.7/src/lib/VSDTypes.h
Examining data/libvisio-0.1.7/src/lib/VSD6Parser.h
Examining data/libvisio-0.1.7/src/lib/VSDCollector.h
Examining data/libvisio-0.1.7/src/lib/VDXParser.h
Examining data/libvisio-0.1.7/src/lib/VSD5Parser.h
Examining data/libvisio-0.1.7/src/lib/VSDLayerList.h
Examining data/libvisio-0.1.7/src/lib/libvisio_xml.cpp
Examining data/libvisio-0.1.7/src/lib/VSDXMLHelper.cpp
Examining data/libvisio-0.1.7/src/lib/VSDGeometryList.cpp
Examining data/libvisio-0.1.7/src/lib/VSDXMLParserBase.cpp
Examining data/libvisio-0.1.7/src/lib/VSDXMLParserBase.h
Examining data/libvisio-0.1.7/src/lib/VSDStylesCollector.cpp
Examining data/libvisio-0.1.7/src/conv/raw/vss2raw.cpp
Examining data/libvisio-0.1.7/src/conv/raw/vsd2raw.cpp
Examining data/libvisio-0.1.7/src/conv/text/vss2text.cpp
Examining data/libvisio-0.1.7/src/conv/text/vsd2text.cpp
Examining data/libvisio-0.1.7/src/conv/svg/vsd2xhtml.cpp
Examining data/libvisio-0.1.7/src/conv/svg/vss2xhtml.cpp
Examining data/libvisio-0.1.7/src/test/VSDInternalStreamTest.cpp
Examining data/libvisio-0.1.7/src/test/xmldrawinggenerator.cpp
Examining data/libvisio-0.1.7/src/test/importtest.cpp
Examining data/libvisio-0.1.7/src/test/test.cpp
Examining data/libvisio-0.1.7/src/test/xmldrawinggenerator.h
Examining data/libvisio-0.1.7/inc/libvisio/libvisio.h
Examining data/libvisio-0.1.7/inc/libvisio/VisioDocument.h
FINAL RESULTS:
data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:341:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
stringId.sprintf("id%u", shapeId);
data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:354:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
stringId.sprintf("id%u", shapeId);
data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:447:18: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
stringId.sprintf("id%u", shapeId);
data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:537:18: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
stringId.sprintf("id%u", shapeId);
data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:1797:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
filename.sprintf("binarydump%08u.bmp", bitmapId++);
data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:1800:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
filename.sprintf("binarydump%08u.jpeg", bitmapId++);
data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:1803:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
filename.sprintf("binarydump%08u.gif", bitmapId++);
data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:1806:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
filename.sprintf("binarydump%08u.tiff", bitmapId++);
data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:1809:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
filename.sprintf("binarydump%08u.png", bitmapId++);
data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:1812:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
filename.sprintf("binarydump%08u.bin", bitmapId++);
data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:1821:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
filename.sprintf("binarydump%08u.emf", bitmapId++);
data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:1823:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
filename.sprintf("binarydump%08u.wmf", bitmapId++);
data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:1826:14: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
filename.sprintf("binarydump%08u.ole", bitmapId++);
data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:1828:14: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
filename.sprintf("binarydump%08u.bin", bitmapId++);
data/libvisio-0.1.7/src/lib/VSDFieldList.cpp:78:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
tempString.sprintf(format, 0.0, postfix);
data/libvisio-0.1.7/src/lib/VSDFieldList.cpp:80:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
tempString.sprintf(format, value, postfix);
data/libvisio-0.1.7/src/lib/VSDXTheme.cpp:237:14: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
typeFace.sprintf("%s", (const char *)sTypeFace.get());
data/libvisio-0.1.7/src/lib/libvisio_utils.cpp:106:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sColour.sprintf("#%.2x%.2x%.2x", c.r, c.g, c.b);
data/libvisio-0.1.7/src/lib/libvisio_utils.cpp:150:8: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
std::vfprintf(stderr, format, args);
data/libvisio-0.1.7/src/lib/libvisio_utils.h:32:62: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define VSD_ATTRIBUTE_PRINTF(fmt, arg) __attribute__((format(printf, fmt, arg)))
data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:774:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmpBuffer[0], m_currentText.m_data.getDataBuffer(), m_currentText.m_data.size());
data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:1830:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename.cstr(), "wb");
data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:2845:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmpData[0], data.getDataBuffer(), data.size());
data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:3822:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmpData[0], layerMem.m_data.getDataBuffer(), layerMem.m_data.size());
data/libvisio-0.1.7/src/lib/VSDFieldList.cpp:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX_BUFFER];
data/libvisio-0.1.7/src/lib/VSDInternalStream.cpp:32:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[4096] = { 0 };
data/libvisio-0.1.7/src/lib/VSDMetaData.cpp:116:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FMTID0[37];
data/libvisio-0.1.7/src/lib/VSDMetaData.cpp:117:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(FMTID0, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", data1, data2, data3,
data/libvisio-0.1.7/src/lib/VSDMetaData.cpp:338:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX_BUFFER];
data/libvisio-0.1.7/src/lib/libvisio_utils.cpp:138:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char outbuf[U8_MAX_LENGTH+1];
data/libvisio-0.1.7/src/lib/libvisio_xml.cpp:48:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, tmpBuffer, tmpNumBytesRead);
data/libvisio-0.1.7/src/lib/VSD6Parser.cpp:73:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *tmpBuffer = input->read(m_header.dataLength - 8, numBytesRead);
data/libvisio-0.1.7/src/lib/VSD6Parser.cpp:95:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *tmpBuffer = input->read(textLength, numBytesRead);
data/libvisio-0.1.7/src/lib/VSD6Parser.cpp:211:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *tmpBuffer = input->read(numBytes, numBytesRead);
data/libvisio-0.1.7/src/lib/VSD6Parser.cpp:316:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *tmpBuffer = input->read(m_header.dataLength, numBytesRead);
data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:876:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(textIt()) == 3 &&
data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:3634:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const auto last = first + strlen(formatString);
data/libvisio-0.1.7/src/lib/VSDContentCollector.cpp:3827:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const auto last = first + strlen(first);
data/libvisio-0.1.7/src/lib/VSDInternalStream.cpp:21:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *tmpBuffer = input->read(size, tmpNumBytesRead);
data/libvisio-0.1.7/src/lib/VSDInternalStream.cpp:78:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *VSDInternalStream::read(unsigned long numBytes, unsigned long &numBytesRead)
data/libvisio-0.1.7/src/lib/VSDInternalStream.h:48:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *read(unsigned long numBytes, unsigned long &numBytesRead) override;
data/libvisio-0.1.7/src/lib/VSDParser.cpp:768:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *buffer = input->read(m_header.dataLength, tmpBytesRead);
data/libvisio-0.1.7/src/lib/VSDParser.cpp:786:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *buffer = input->read(m_header.dataLength, tmpBytesRead);
data/libvisio-0.1.7/src/lib/VSDParser.cpp:1072:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *tmpBuffer = input->read(textLength*2, numBytesRead);
data/libvisio-0.1.7/src/lib/VSDParser.cpp:1909:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *tmpBuffer = input->read(m_header.dataLength - 8, numBytesRead);
data/libvisio-0.1.7/src/lib/VSDParser.cpp:2039:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *tmpBuffer = input->read(numBytes, numBytesRead);
data/libvisio-0.1.7/src/lib/VSDParser.cpp:2148:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *tmpBuffer = input->read(m_header.dataLength, numBytesRead);
data/libvisio-0.1.7/src/lib/VSDXMLParserBase.cpp:1981:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const auto last = first + strlen(first);
data/libvisio-0.1.7/src/lib/VSDXMLParserBase.cpp:2034:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const auto last = first + strlen(first);
data/libvisio-0.1.7/src/lib/VSDXMLParserBase.cpp:2248:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const auto last = first + strlen(first);
data/libvisio-0.1.7/src/lib/VSDXParser.cpp:543:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *buffer = stream->read(VSDX_DATA_READ_SIZE, numBytesRead);
data/libvisio-0.1.7/src/lib/VisioDocument.cpp:39:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *buffer = input->read(VSD_NUM_ELEMENTS(magic), numBytesRead);
data/libvisio-0.1.7/src/lib/VisioDocument.cpp:41:36: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
&& std::equal(magic, magic + VSD_NUM_ELEMENTS(magic), buffer);
data/libvisio-0.1.7/src/lib/libvisio_utils.cpp:24:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t const *p = input->read(sizeof(uint8_t), numBytesRead);
data/libvisio-0.1.7/src/lib/libvisio_utils.cpp:40:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t const *p = input->read(sizeof(uint16_t), numBytesRead);
data/libvisio-0.1.7/src/lib/libvisio_utils.cpp:61:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t const *p = input->read(sizeof(uint32_t), numBytesRead);
data/libvisio-0.1.7/src/lib/libvisio_utils.cpp:82:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t const *p = input->read(sizeof(uint64_t), numBytesRead);
data/libvisio-0.1.7/src/lib/libvisio_xml.cpp:45:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *tmpBuffer = input->read(len, tmpNumBytesRead);
data/libvisio-0.1.7/src/test/VSDInternalStreamTest.cpp:58:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *s = strm.read(1, readBytes);
data/libvisio-0.1.7/src/test/VSDInternalStreamTest.cpp:70:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *s = strm.read(sizeof(data), readBytes);
data/libvisio-0.1.7/src/test/VSDInternalStreamTest.cpp:72:23: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
CPPUNIT_ASSERT(std::equal(data, data + sizeof(data), s));
data/libvisio-0.1.7/src/test/importtest.cpp:112:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *const bytes = input->read(4, numBytesRead);
ANALYSIS SUMMARY:
Hits = 62
Lines analyzed = 24497 in approximately 0.61 seconds (39893 lines/second)
Physical Source Lines of Code (SLOC) = 20849
Hits@level = [0] 75 [1] 31 [2] 11 [3] 0 [4] 20 [5] 0
Hits@level+ = [0+] 137 [1+] 62 [2+] 31 [3+] 20 [4+] 20 [5+] 0
Hits/KSLOC@level+ = [0+] 6.57106 [1+] 2.97376 [2+] 1.48688 [3+] 0.959279 [4+] 0.959279 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.