Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/octave-dicom-0.4.0/src/_gendicomdict.cpp
Examining data/octave-dicom-0.4.0/src/dicomanon.cpp
Examining data/octave-dicom-0.4.0/src/dicomdict.cpp
Examining data/octave-dicom-0.4.0/src/dicomdict.h
Examining data/octave-dicom-0.4.0/src/dicomdisp.cpp
Examining data/octave-dicom-0.4.0/src/dicominfo.cpp
Examining data/octave-dicom-0.4.0/src/dicomlookup.cpp
Examining data/octave-dicom-0.4.0/src/dicomread.cpp
Examining data/octave-dicom-0.4.0/src/dicomuid.cpp
Examining data/octave-dicom-0.4.0/src/dicomwrite.cpp
Examining data/octave-dicom-0.4.0/src/undef-ah-octave.h
Examining data/octave-dicom-0.4.0/src/isdicom.cpp
FINAL RESULTS:
data/octave-dicom-0.4.0/src/dicomdisp.cpp:48:16: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define error printf
data/octave-dicom-0.4.0/src/dicominfo.cpp:68:21: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define error printf
data/octave-dicom-0.4.0/src/_gendicomdict.cpp:76:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dic.open("octavedicom.dic"); //TODO: check for IO problems
data/octave-dicom-0.4.0/src/dicomdict.cpp:341:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tgroup[4+1] ;
data/octave-dicom-0.4.0/src/dicomdict.cpp:342:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char telem[4+1] ;
data/octave-dicom-0.4.0/src/dicomdict.cpp:343:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tvr[8+1] ;
data/octave-dicom-0.4.0/src/dicomdict.cpp:344:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[128+1] ;
data/octave-dicom-0.4.0/src/dicomdict.cpp:345:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tvm[8+1] ;
data/octave-dicom-0.4.0/src/dicomdisp.cpp:189:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fallbackVarname[64];
data/octave-dicom-0.4.0/src/dicomdisp.cpp:262:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strValBuf[strValBufLen+1];
data/octave-dicom-0.4.0/src/dicomdisp.cpp:272:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (strValBuf, bv->GetPointer(), len);
data/octave-dicom-0.4.0/src/dicominfo.cpp:165:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dicom_truncate_numchar = atoi (argex.substr (9).c_str ());
data/octave-dicom-0.4.0/src/dicominfo.cpp:201:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dateStr[TIME_STR_LEN+1];
data/octave-dicom-0.4.0/src/dicominfo.cpp:276:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val, elem->GetByteValue()->GetPointer(), sizeof(valueType));
data/octave-dicom-0.4.0/src/dicominfo.cpp:350:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fallbackVarname[64];
data/octave-dicom-0.4.0/src/dicominfo.cpp:403:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strValBuf[strValBufLen+1];
data/octave-dicom-0.4.0/src/dicominfo.cpp:429:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*ov = (int32_t)atoi(strVal);
data/octave-dicom-0.4.0/src/dicominfo.cpp:467:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/octave-dicom-0.4.0/src/dicominfo.cpp:522:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/octave-dicom-0.4.0/src/dicominfo.cpp:584:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char monthStr[4];
data/octave-dicom-0.4.0/src/dicominfo.cpp:587:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0: strcpy(monthStr,"Jan"); break;
data/octave-dicom-0.4.0/src/dicominfo.cpp:588:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 1: strcpy(monthStr,"Feb"); break;
data/octave-dicom-0.4.0/src/dicominfo.cpp:589:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 2: strcpy(monthStr,"Mar"); break;
data/octave-dicom-0.4.0/src/dicominfo.cpp:590:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 3: strcpy(monthStr,"Apr"); break;
data/octave-dicom-0.4.0/src/dicominfo.cpp:591:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 4: strcpy(monthStr,"May"); break;
data/octave-dicom-0.4.0/src/dicominfo.cpp:592:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 5: strcpy(monthStr,"Jun"); break;
data/octave-dicom-0.4.0/src/dicominfo.cpp:593:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 6: strcpy(monthStr,"Jul"); break;
data/octave-dicom-0.4.0/src/dicominfo.cpp:594:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 7: strcpy(monthStr,"Aug"); break;
data/octave-dicom-0.4.0/src/dicominfo.cpp:595:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 8: strcpy(monthStr,"Sep"); break;
data/octave-dicom-0.4.0/src/dicominfo.cpp:596:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 9: strcpy(monthStr,"Oct"); break;
data/octave-dicom-0.4.0/src/dicominfo.cpp:597:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 10: strcpy(monthStr,"Nov"); break;
data/octave-dicom-0.4.0/src/dicominfo.cpp:598:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 11: strcpy(monthStr,"Dec"); break;
data/octave-dicom-0.4.0/src/dicominfo.cpp:647:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (d, bv->GetPointer(), len);
data/octave-dicom-0.4.0/src/dicomwrite.cpp:152:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufc, bv->GetPointer(), bv->GetLength());
data/octave-dicom-0.4.0/src/dicomwrite.cpp:344:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/octave-dicom-0.4.0/src/dicomwrite.cpp:383:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/octave-dicom-0.4.0/src/dicomwrite.cpp:467:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, data.fortran_vec(), data.numel()*sizeof(uint8_t));
data/octave-dicom-0.4.0/src/dicomwrite.cpp:475:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, data.fortran_vec(), data.numel()*sizeof(uint16_t));
data/octave-dicom-0.4.0/src/dicomwrite.cpp:483:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, data.fortran_vec(), data.numel()*sizeof(uint32_t));
data/octave-dicom-0.4.0/src/dicomwrite.cpp:491:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, data.fortran_vec(), data.numel()*sizeof(int8_t));
data/octave-dicom-0.4.0/src/dicomwrite.cpp:499:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, data.fortran_vec(), data.numel()*sizeof(int16_t));
data/octave-dicom-0.4.0/src/dicomwrite.cpp:507:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, data.fortran_vec(), data.numel()*sizeof(int32_t));
data/octave-dicom-0.4.0/src/_gendicomdict.cpp:100:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dictEntry.GetName()) == 0)
data/octave-dicom-0.4.0/src/_gendicomdict.cpp:135:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len=strlen(s);
data/octave-dicom-0.4.0/src/dicomdict.cpp:348:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(line.c_str(), "(%4s,%4s) %8s %128s %8s", tgroup, telem, tvr, key, tvm ) != 5)
data/octave-dicom-0.4.0/src/dicomdisp.cpp:280:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
<< ( ((int)strlen(strValBuf)>dicom_truncate_numchar) ? "..." : "")
data/octave-dicom-0.4.0/src/dicominfo.cpp:414:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
<< ( ((int)strlen(strVal)>dicom_truncate_numchar) ? "..." : "") << ']' << std::endl;
data/octave-dicom-0.4.0/src/dicominfo.cpp:661:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len=strlen(s);
data/octave-dicom-0.4.0/src/dicomwrite.cpp:385:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(buf);
data/octave-dicom-0.4.0/src/dicomwrite.cpp:394:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
de->SetByteValue ( buf, gdcm::VL((uint32_t)strlen(buf)) );
ANALYSIS SUMMARY:
Hits = 50
Lines analyzed = 3138 in approximately 0.10 seconds (31867 lines/second)
Physical Source Lines of Code (SLOC) = 2083
Hits@level = [0] 8 [1] 8 [2] 40 [3] 0 [4] 2 [5] 0
Hits@level+ = [0+] 58 [1+] 50 [2+] 42 [3+] 2 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 27.8445 [1+] 24.0038 [2+] 20.1632 [3+] 0.960154 [4+] 0.960154 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.