Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ocaml-mm-0.6.0/external/sdl/sdl_stubs.c
Examining data/ocaml-mm-0.6.0/external/oss/oss_stubs.c
Examining data/ocaml-mm-0.6.0/external/deprecated/v4l/v4l_stubs.c
Examining data/ocaml-mm-0.6.0/external/deprecated/ffmpeg/ffmpeg_stubs.c
Examining data/ocaml-mm-0.6.0/src/image_rgb.h
Examining data/ocaml-mm-0.6.0/src/image_pixel.h
Examining data/ocaml-mm-0.6.0/src/audio_c.c
Examining data/ocaml-mm-0.6.0/src/image_data.h
Examining data/ocaml-mm-0.6.0/src/image_yuv420.c
Examining data/ocaml-mm-0.6.0/src/image_yuv420.h
Examining data/ocaml-mm-0.6.0/src/image_data.c
Examining data/ocaml-mm-0.6.0/src/image_rgb.c
Examining data/ocaml-mm-0.6.0/src/image_pixel.c
FINAL RESULTS:
data/ocaml-mm-0.6.0/external/deprecated/ffmpeg/ffmpeg_stubs.c:197:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rgb.data+j*width*4, ffd->av_frame_rgb->data[0]+j*ffd->av_frame_rgb->linesize[0], width*4);
data/ocaml-mm-0.6.0/external/deprecated/ffmpeg/ffmpeg_stubs.c:369:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pict->data[0]+j*pict->linesize[0], rgb->data+j*4*rgb->width, 4*rgb->width);
data/ocaml-mm-0.6.0/external/deprecated/v4l/v4l_stubs.c:173:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, mbuf, vbuf.bytesused);
data/ocaml-mm-0.6.0/external/deprecated/v4l/v4l_stubs.c:203:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(String_val(device), O_RDONLY);
data/ocaml-mm-0.6.0/src/image_data.c:34:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, String_val(s), len);
data/ocaml-mm-0.6.0/src/image_data.c:46:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(String_val(ans), data, len);
data/ocaml-mm-0.6.0/src/image_data.c:57:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, len);
data/ocaml-mm-0.6.0/src/image_data.c:70:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst+doff, src+soff, len);
data/ocaml-mm-0.6.0/src/image_rgb.c:125:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->data, src->data, Rgb_data_size(src));
data/ocaml-mm-0.6.0/src/image_rgb.c:146:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst.data, src.data, Rgb_data_size(&src));
data/ocaml-mm-0.6.0/src/image_rgb.c:302:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, String_val(_data), datalen);
data/ocaml-mm-0.6.0/src/image_rgb.c:353:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pix[Rgb_elems_per_pixel] = Pixel(&rgb,x,y);
data/ocaml-mm-0.6.0/src/image_rgb.c:600:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(String_val(ans), bmp, 122 + 4 * len);
data/ocaml-mm-0.6.0/src/image_rgb.c:631:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(String_val(ans), bmp, 3 * len);
data/ocaml-mm-0.6.0/src/image_rgb.c:1432:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oldv, v, len * 2 * sizeof(int));
data/ocaml-mm-0.6.0/src/image_rgb.c:1647:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, width*src_stride);
data/ocaml-mm-0.6.0/external/deprecated/v4l/v4l_stubs.c:259:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, Caml_ba_data_val(data), len);
data/ocaml-mm-0.6.0/src/image_data.c:21:10: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
data = memalign(alignment, len);
data/ocaml-mm-0.6.0/src/image_data.h:3:7: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
void *memalign(size_t align, size_t size);
data/ocaml-mm-0.6.0/src/image_data.h:7:9: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
#define memalign(align,size) malloc(size+0*align)
data/ocaml-mm-0.6.0/src/image_rgb.c:123:15: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
dst->data = memalign(ALIGNMENT_BYTES, Rgb_data_size(src));
data/ocaml-mm-0.6.0/src/image_rgb.c:300:23: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
char *data = (char*)memalign(ALIGNMENT_BYTES, datalen);
ANALYSIS SUMMARY:
Hits = 22
Lines analyzed = 3633 in approximately 0.13 seconds (27677 lines/second)
Physical Source Lines of Code (SLOC) = 2713
Hits@level = [0] 9 [1] 6 [2] 16 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 31 [1+] 22 [2+] 16 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 11.4265 [1+] 8.1091 [2+] 5.89753 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.