Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/movit-1.6.3/widgets.cpp Examining data/movit-1.6.3/ycbcr_422interleaved_input.h Examining data/movit-1.6.3/test_util.h Examining data/movit-1.6.3/mix_effect.cpp Examining data/movit-1.6.3/luma_mix_effect.h Examining data/movit-1.6.3/gamma_expansion_effect.cpp Examining data/movit-1.6.3/diffusion_effect.cpp Examining data/movit-1.6.3/gamma_compression_effect.h Examining data/movit-1.6.3/resize_effect.h Examining data/movit-1.6.3/gamma_expansion_effect_test.cpp Examining data/movit-1.6.3/padding_effect.h Examining data/movit-1.6.3/complex_modulate_effect_test.cpp Examining data/movit-1.6.3/ycbcr_conversion_effect.h Examining data/movit-1.6.3/mix_effect.h Examining data/movit-1.6.3/gamma_expansion_effect.h Examining data/movit-1.6.3/deinterlace_effect.h Examining data/movit-1.6.3/flat_input.h Examining data/movit-1.6.3/overlay_effect.h Examining data/movit-1.6.3/dither_effect_test.cpp Examining data/movit-1.6.3/mix_effect_test.cpp Examining data/movit-1.6.3/effect_util.cpp Examining data/movit-1.6.3/test_util.cpp Examining data/movit-1.6.3/vignette_effect.cpp Examining data/movit-1.6.3/init.cpp Examining data/movit-1.6.3/complex_modulate_effect.cpp Examining data/movit-1.6.3/colorspace_conversion_effect.cpp Examining data/movit-1.6.3/overlay_effect_test.cpp Examining data/movit-1.6.3/colorspace_conversion_effect_test.cpp Examining data/movit-1.6.3/luma_mix_effect_test.cpp Examining data/movit-1.6.3/vignette_effect_test.cpp Examining data/movit-1.6.3/lift_gamma_gain_effect_test.cpp Examining data/movit-1.6.3/slice_effect_test.cpp Examining data/movit-1.6.3/diffusion_effect_test.cpp Examining data/movit-1.6.3/flat_input_test.cpp Examining data/movit-1.6.3/ycbcr_input_test.cpp Examining data/movit-1.6.3/fp16.h Examining data/movit-1.6.3/ycbcr_input.h Examining data/movit-1.6.3/resample_effect_test.cpp Examining data/movit-1.6.3/image_format.h Examining data/movit-1.6.3/gtest_sdl_main.cpp Examining data/movit-1.6.3/mirror_effect.h Examining data/movit-1.6.3/ycbcr_conversion_effect_test.cpp Examining data/movit-1.6.3/overlay_effect.cpp Examining data/movit-1.6.3/saturation_effect.h Examining data/movit-1.6.3/effect_chain.cpp Examining data/movit-1.6.3/dither_effect.h Examining data/movit-1.6.3/fft_pass_effect.cpp Examining data/movit-1.6.3/input.h Examining data/movit-1.6.3/ycbcr.h Examining data/movit-1.6.3/dither_effect.cpp Examining data/movit-1.6.3/version.h Examining data/movit-1.6.3/lift_gamma_gain_effect.h Examining data/movit-1.6.3/saturation_effect_test.cpp Examining data/movit-1.6.3/fft_input.cpp Examining data/movit-1.6.3/deconvolution_sharpen_effect_test.cpp Examining data/movit-1.6.3/multiply_effect.cpp Examining data/movit-1.6.3/fft_pass_effect.h Examining data/movit-1.6.3/deinterlace_effect.cpp Examining data/movit-1.6.3/resample_effect.cpp Examining data/movit-1.6.3/diffusion_effect.h Examining data/movit-1.6.3/resource_pool.cpp Examining data/movit-1.6.3/widgets.h Examining data/movit-1.6.3/alpha_multiplication_effect.h Examining data/movit-1.6.3/unsharp_mask_effect_test.cpp Examining data/movit-1.6.3/resource_pool.h Examining data/movit-1.6.3/flat_input.cpp Examining data/movit-1.6.3/resample_effect.h Examining data/movit-1.6.3/fft_convolution_effect_test.cpp Examining data/movit-1.6.3/padding_effect_test.cpp Examining data/movit-1.6.3/blur_effect.cpp Examining data/movit-1.6.3/fft_pass_effect_test.cpp Examining data/movit-1.6.3/fft_input.h Examining data/movit-1.6.3/util.h Examining data/movit-1.6.3/unsharp_mask_effect.h Examining data/movit-1.6.3/alpha_division_effect_test.cpp Examining data/movit-1.6.3/deinterlace_effect_test.cpp Examining data/movit-1.6.3/deconvolution_sharpen_effect.cpp Examining data/movit-1.6.3/alpha_division_effect.h Examining data/movit-1.6.3/sandbox_effect.cpp Examining data/movit-1.6.3/complex_modulate_effect.h Examining data/movit-1.6.3/demo.cpp Examining data/movit-1.6.3/white_balance_effect.cpp Examining data/movit-1.6.3/ycbcr.cpp Examining data/movit-1.6.3/luma_mix_effect.cpp Examining data/movit-1.6.3/effect.h Examining data/movit-1.6.3/white_balance_effect_test.cpp Examining data/movit-1.6.3/d65.h Examining data/movit-1.6.3/white_balance_effect.h Examining data/movit-1.6.3/ycbcr_input.cpp Examining data/movit-1.6.3/ycbcr_422interleaved_input_test.cpp Examining data/movit-1.6.3/lift_gamma_gain_effect.cpp Examining data/movit-1.6.3/effect_chain.h Examining data/movit-1.6.3/effect_util.h Examining data/movit-1.6.3/colorspace_conversion_effect.h Examining data/movit-1.6.3/fp16_test.cpp Examining data/movit-1.6.3/multiply_effect.h Examining data/movit-1.6.3/effect.cpp Examining data/movit-1.6.3/ycbcr_conversion_effect.cpp Examining data/movit-1.6.3/alpha_multiplication_effect.cpp Examining data/movit-1.6.3/gamma_compression_effect_test.cpp Examining data/movit-1.6.3/saturation_effect.cpp Examining data/movit-1.6.3/deconvolution_sharpen_effect.h Examining data/movit-1.6.3/alpha_multiplication_effect_test.cpp Examining data/movit-1.6.3/blur_effect.h Examining data/movit-1.6.3/glow_effect.cpp Examining data/movit-1.6.3/ycbcr_422interleaved_input.cpp Examining data/movit-1.6.3/mirror_effect.cpp Examining data/movit-1.6.3/padding_effect.cpp Examining data/movit-1.6.3/fft_convolution_effect.cpp Examining data/movit-1.6.3/vignette_effect.h Examining data/movit-1.6.3/unsharp_mask_effect.cpp Examining data/movit-1.6.3/fft_convolution_effect.h Examining data/movit-1.6.3/gamma_compression_effect.cpp Examining data/movit-1.6.3/slice_effect.h Examining data/movit-1.6.3/effect_chain_test.cpp Examining data/movit-1.6.3/defs.h Examining data/movit-1.6.3/glow_effect_test.cpp Examining data/movit-1.6.3/resize_effect.cpp Examining data/movit-1.6.3/glow_effect.h Examining data/movit-1.6.3/blur_effect_test.cpp Examining data/movit-1.6.3/init.h Examining data/movit-1.6.3/sandbox_effect.h Examining data/movit-1.6.3/slice_effect.cpp Examining data/movit-1.6.3/alpha_division_effect.cpp Examining data/movit-1.6.3/util.cpp FINAL RESULTS: data/movit-1.6.3/resource_pool.cpp:720:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "chain-%03d.%s", compiled_shader_num++, suffix.c_str()); data/movit-1.6.3/deconvolution_sharpen_effect_test.cpp:173:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(1234); data/movit-1.6.3/fft_pass_effect_test.cpp:128:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(12345); data/movit-1.6.3/fft_pass_effect_test.cpp:162:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(1234); data/movit-1.6.3/fft_pass_effect_test.cpp:215:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(1234); data/movit-1.6.3/fft_pass_effect_test.cpp:244:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(1235); data/movit-1.6.3/fft_pass_effect_test.cpp:279:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(1236); data/movit-1.6.3/fft_pass_effect_test.cpp:319:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(1234); data/movit-1.6.3/blur_effect.cpp:132:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/movit-1.6.3/blur_effect.cpp:133:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "#define DIRECTION_VERTICAL %d\n#define NUM_TAPS %d\n", data/movit-1.6.3/deconvolution_sharpen_effect.cpp:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/movit-1.6.3/deconvolution_sharpen_effect.cpp:52:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "#define R %u\n", R); data/movit-1.6.3/deinterlace_effect.cpp:33:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/movit-1.6.3/deinterlace_effect.cpp:169:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/movit-1.6.3/demo.cpp:40:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char result[WIDTH * HEIGHT * 4]; data/movit-1.6.3/demo.cpp:137:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(filename, "wb"); data/movit-1.6.3/demo.cpp:295:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/movit-1.6.3/demo.cpp:296:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(filename, "frame%05d.png", frame); data/movit-1.6.3/dither_effect.cpp:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/movit-1.6.3/dither_effect.cpp:54:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "#define NEED_EXPLICIT_ROUND %d\n", (movit_num_wrongly_rounded > 0)); data/movit-1.6.3/dither_effect_test.cpp:26:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char expected_data[size * size] = { data/movit-1.6.3/dither_effect_test.cpp:32:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out_data[size * size]; data/movit-1.6.3/dither_effect_test.cpp:53:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out_data[size]; data/movit-1.6.3/effect.cpp:29:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params_ivec2[key], values, sizeof(int) * 2); data/movit-1.6.3/effect.cpp:47:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params_vec2[key], values, sizeof(float) * 2); data/movit-1.6.3/effect.cpp:56:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params_vec3[key], values, sizeof(float) * 3); data/movit-1.6.3/effect.cpp:65:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params_vec4[key], values, sizeof(float) * 4); data/movit-1.6.3/effect_chain.cpp:344:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/movit-1.6.3/effect_chain.cpp:377:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char effect_id[256]; data/movit-1.6.3/effect_chain.cpp:378:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(effect_id, "in%u", i); data/movit-1.6.3/effect_chain.cpp:406:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char effect_id[256]; data/movit-1.6.3/effect_chain.cpp:407:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(effect_id, "eff%u", i); data/movit-1.6.3/effect_chain.cpp:419:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/movit-1.6.3/effect_chain.cpp:420:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "#define INPUT%d", j + 1); data/movit-1.6.3/effect_chain.cpp:451:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/movit-1.6.3/effect_chain.cpp:452:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "#undef INPUT%d\n", j + 1); data/movit-1.6.3/effect_chain.cpp:872:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(filename, "w"); data/movit-1.6.3/effect_chain.cpp:904:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char from_node_id[256]; data/movit-1.6.3/effect_chain.cpp:908:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char to_node_id[256]; data/movit-1.6.3/effect_chain.cpp:1468:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/movit-1.6.3/effect_chain.cpp:1469:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(filename, "step5-colorspacefix-iter%u.dot", ++colorspace_propagation_pass); data/movit-1.6.3/effect_chain.cpp:1550:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/movit-1.6.3/effect_chain.cpp:1551:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(filename, "step%u-alphafix-iter%u.dot", step, ++alpha_propagation_pass); data/movit-1.6.3/effect_chain.cpp:1689:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/movit-1.6.3/effect_chain.cpp:1690:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(filename, "step%u-gammafix-iter%u.dot", step, ++gamma_propagation_pass); data/movit-1.6.3/effect_chain.cpp:1744:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/movit-1.6.3/effect_chain.cpp:1745:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(filename, "step%u-gammafix-iter%u.dot", step, ++gamma_propagation_pass); data/movit-1.6.3/effect_chain_test.cpp:371:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[256]; data/movit-1.6.3/fft_pass_effect.cpp:40:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/movit-1.6.3/fft_pass_effect.cpp:41:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "#define DIRECTION_VERTICAL %d\n", (direction == VERTICAL)); data/movit-1.6.3/fft_pass_effect.h:67:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/movit-1.6.3/flat_input.cpp:180:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/movit-1.6.3/flat_input.cpp:181:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "#define FIXUP_SWAP_RB %d\n#define FIXUP_RED_TO_GRAYSCALE %d\n", data/movit-1.6.3/flat_input_test.cpp:98:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[4 * size] = { data/movit-1.6.3/init.cpp:251:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out_data[512 * 4]; data/movit-1.6.3/overlay_effect.cpp:16:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/movit-1.6.3/resample_effect.cpp:473:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/movit-1.6.3/resample_effect.cpp:474:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "#define DIRECTION_VERTICAL %d\n", (direction == VERTICAL)); data/movit-1.6.3/resource_pool.cpp:134:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/movit-1.6.3/resource_pool.cpp:719:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/movit-1.6.3/resource_pool.cpp:721:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(filename, "w"); data/movit-1.6.3/slice_effect.cpp:30:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/movit-1.6.3/slice_effect.cpp:31:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "#define DIRECTION_VERTICAL %d\n", (direction == VERTICAL)); data/movit-1.6.3/util.cpp:91:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(full_pathname.c_str(), "r"); data/movit-1.6.3/util.cpp:166:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/movit-1.6.3/widgets.cpp:164:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char hsv_pix[HSV_WHEEL_SIZE * HSV_WHEEL_SIZE * 4]; data/movit-1.6.3/ycbcr_422interleaved_input.cpp:124:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/movit-1.6.3/ycbcr_422interleaved_input.cpp:125:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "#define CB_CR_OFFSETS_EQUAL %d\n", data/movit-1.6.3/ycbcr_422interleaved_input_test.cpp:26:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uyvy[width * height * 2] = { data/movit-1.6.3/ycbcr_422interleaved_input_test.cpp:102:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uyvy[width * height * 2] = { data/movit-1.6.3/ycbcr_422interleaved_input_test.cpp:148:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uyvy[width * height * 2] = { data/movit-1.6.3/ycbcr_422interleaved_input_test.cpp:207:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uyvy[width * height * 2] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:23:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char y[width * height] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:26:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cb[width * height] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:29:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cr[width * height] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:32:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char expected_data[width * height * 4] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:41:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out_data[width * height * 4]; data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:79:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char y[width * height] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:82:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cb[width * height] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:85:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cr[width * height] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:88:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char expected_data[width * height * 4] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:97:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out_data[width * height * 4]; data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:134:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char y[width * height] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:137:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cb[width * height] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:140:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cr[width * height] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:143:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char expected_data[width * height * 4] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:153:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out_data[width * height * 4]; data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:200:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char y[width * height] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:203:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cb[width * height] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:206:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cr[width * height] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:210:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out_y[width * height], out_cb[width * height], out_cr[width * height]; data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:249:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char y[width * height] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:252:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cb[width * height] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:255:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cr[width * height] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:262:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char expected_y[width * height * 4] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:272:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char expected_cbcr[width * height * 4] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:280:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out_y[width * height * 4], out_cbcr[width * height * 4]; data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:318:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char y[width * height] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:321:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cb[width * height] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:324:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cr[width * height] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:327:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char expected_ycbcr[width * height * 4] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:335:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char expected_rgba[width * height * 4] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:343:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out_ycbcr[width * height * 4]; data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:344:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out_rgba[width * height * 4]; data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:390:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char y[width * height] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:393:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cb[width * height] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:396:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cr[width * height] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:399:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char expected_ycbcr[width * height * 4] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:407:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char expected_rgba[width * height * 4] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:415:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out_ycbcr[width * height * 4]; data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:416:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out_y[width * height * 4]; data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:417:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out_cbcr[width * height * 4]; data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:418:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out_rgba[width * height * 4]; data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:474:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char y[width * height] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:477:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cb[width * height] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:480:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cr[width * height] = { data/movit-1.6.3/ycbcr_conversion_effect_test.cpp:484:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out_y[width * height], out_cb[width * height], out_cr[width * height]; data/movit-1.6.3/ycbcr_input.cpp:180:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/movit-1.6.3/ycbcr_input.h:199:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char *pixel_data[3]; data/movit-1.6.3/ycbcr_input_test.cpp:26:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char y[width * height] = { data/movit-1.6.3/ycbcr_input_test.cpp:29:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cb[width * height] = { data/movit-1.6.3/ycbcr_input_test.cpp:32:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cr[width * height] = { data/movit-1.6.3/ycbcr_input_test.cpp:79:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[width * height * 3] = { data/movit-1.6.3/ycbcr_input_test.cpp:130:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char y[width * height] = { data/movit-1.6.3/ycbcr_input_test.cpp:133:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cb[width * height] = { data/movit-1.6.3/ycbcr_input_test.cpp:136:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cr[width * height] = { data/movit-1.6.3/ycbcr_input_test.cpp:184:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char y[width * height] = { data/movit-1.6.3/ycbcr_input_test.cpp:187:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cb[width * height] = { data/movit-1.6.3/ycbcr_input_test.cpp:190:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cr[width * height] = { data/movit-1.6.3/ycbcr_input_test.cpp:240:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char y[width * height] = { data/movit-1.6.3/ycbcr_input_test.cpp:243:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cb[width * height] = { data/movit-1.6.3/ycbcr_input_test.cpp:246:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cr[width * height] = { data/movit-1.6.3/ycbcr_input_test.cpp:295:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char y[width * height] = { data/movit-1.6.3/ycbcr_input_test.cpp:298:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cb[width * height] = { data/movit-1.6.3/ycbcr_input_test.cpp:301:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cr[width * height] = { data/movit-1.6.3/ycbcr_input_test.cpp:366:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char y[width * height] = { data/movit-1.6.3/ycbcr_input_test.cpp:372:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cb[(width/2) * (height/2)] = { data/movit-1.6.3/ycbcr_input_test.cpp:376:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cr[(width/2) * (height/2)] = { data/movit-1.6.3/ycbcr_input_test.cpp:428:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char y[width * height] = { data/movit-1.6.3/ycbcr_input_test.cpp:434:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cb[(width/2) * (height/2)] = { data/movit-1.6.3/ycbcr_input_test.cpp:438:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cr[(width/2) * (height/2)] = { data/movit-1.6.3/ycbcr_input_test.cpp:491:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char y[width * height] = { data/movit-1.6.3/ycbcr_input_test.cpp:497:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cb[(width/2) * height] = { data/movit-1.6.3/ycbcr_input_test.cpp:503:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cr[(width/2) * height] = { data/movit-1.6.3/ycbcr_input_test.cpp:564:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[width * height * 3] = { data/movit-1.6.3/ycbcr_input_test.cpp:622:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char y[width * height] = { data/movit-1.6.3/ycbcr_input_test.cpp:625:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cb_cr[width * height * 2] = { data/movit-1.6.3/ycbcr_input_test.cpp:676:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char y[width * height] = { data/movit-1.6.3/ycbcr_input_test.cpp:679:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cb[width * height] = { data/movit-1.6.3/ycbcr_input_test.cpp:682:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cr[width * height] = { data/movit-1.6.3/ycbcr_input_test.cpp:1079:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ycbcr_data[width * height * 3]; data/movit-1.6.3/effect_chain.cpp:291:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pos += strlen("PREFIX("); data/movit-1.6.3/util.cpp:153:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(info_log) > 0) { ANALYSIS SUMMARY: Hits = 153 Lines analyzed = 23480 in approximately 0.63 seconds (37513 lines/second) Physical Source Lines of Code (SLOC) = 16502 Hits@level = [0] 73 [1] 2 [2] 143 [3] 7 [4] 1 [5] 0 Hits@level+ = [0+] 226 [1+] 153 [2+] 151 [3+] 8 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 13.6953 [1+] 9.2716 [2+] 9.15041 [3+] 0.48479 [4+] 0.0605987 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.