Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/openctm-1.0.3+dfsg1/lib/compressMG1.c Examining data/openctm-1.0.3+dfsg1/lib/openctmpp.h Examining data/openctm-1.0.3+dfsg1/lib/internal.h Examining data/openctm-1.0.3+dfsg1/lib/openctm.h Examining data/openctm-1.0.3+dfsg1/lib/compressRAW.c Examining data/openctm-1.0.3+dfsg1/lib/liblzma/NameMangle.h Examining data/openctm-1.0.3+dfsg1/lib/liblzma/Alloc.c Examining data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaDec.h Examining data/openctm-1.0.3+dfsg1/lib/liblzma/LzHash.h Examining data/openctm-1.0.3+dfsg1/lib/liblzma/Types.h Examining data/openctm-1.0.3+dfsg1/lib/liblzma/LzFind.c Examining data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaLib.c Examining data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.h Examining data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaLib.h Examining data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.c Examining data/openctm-1.0.3+dfsg1/lib/liblzma/Alloc.h Examining data/openctm-1.0.3+dfsg1/lib/liblzma/LzFind.h Examining data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaDec.c Examining data/openctm-1.0.3+dfsg1/lib/compressMG2.c Examining data/openctm-1.0.3+dfsg1/lib/openctm.c Examining data/openctm-1.0.3+dfsg1/lib/stream.c Examining data/openctm-1.0.3+dfsg1/tools/ctm.cpp Examining data/openctm-1.0.3+dfsg1/tools/image.h Examining data/openctm-1.0.3+dfsg1/tools/convoptions.h Examining data/openctm-1.0.3+dfsg1/tools/obj.cpp Examining data/openctm-1.0.3+dfsg1/tools/lwo.h Examining data/openctm-1.0.3+dfsg1/tools/bin2c.cpp Examining data/openctm-1.0.3+dfsg1/tools/sysdialog_gtk.cpp Examining data/openctm-1.0.3+dfsg1/tools/dae.h Examining data/openctm-1.0.3+dfsg1/tools/off.cpp Examining data/openctm-1.0.3+dfsg1/tools/ply.h Examining data/openctm-1.0.3+dfsg1/tools/wrl.h Examining data/openctm-1.0.3+dfsg1/tools/sysdialog.h Examining data/openctm-1.0.3+dfsg1/tools/systimer.cpp Examining data/openctm-1.0.3+dfsg1/tools/convoptions.cpp Examining data/openctm-1.0.3+dfsg1/tools/ctmviewer.cpp Examining data/openctm-1.0.3+dfsg1/tools/common.h Examining data/openctm-1.0.3+dfsg1/tools/rply/rply.c Examining data/openctm-1.0.3+dfsg1/tools/rply/rply.h Examining data/openctm-1.0.3+dfsg1/tools/meshio.h Examining data/openctm-1.0.3+dfsg1/tools/sysdialog_win.cpp Examining data/openctm-1.0.3+dfsg1/tools/3ds.cpp Examining data/openctm-1.0.3+dfsg1/tools/mesh.h Examining data/openctm-1.0.3+dfsg1/tools/wrl.cpp Examining data/openctm-1.0.3+dfsg1/tools/mesh.cpp Examining data/openctm-1.0.3+dfsg1/tools/ply.cpp Examining data/openctm-1.0.3+dfsg1/tools/stl.cpp Examining data/openctm-1.0.3+dfsg1/tools/common.cpp Examining data/openctm-1.0.3+dfsg1/tools/obj.h Examining data/openctm-1.0.3+dfsg1/tools/off.h Examining data/openctm-1.0.3+dfsg1/tools/stl.h Examining data/openctm-1.0.3+dfsg1/tools/meshio.cpp Examining data/openctm-1.0.3+dfsg1/tools/lwo.cpp Examining data/openctm-1.0.3+dfsg1/tools/ctmconv.cpp Examining data/openctm-1.0.3+dfsg1/tools/icons/icon_save.h Examining data/openctm-1.0.3+dfsg1/tools/icons/icon_texture.h Examining data/openctm-1.0.3+dfsg1/tools/icons/icon_help.h Examining data/openctm-1.0.3+dfsg1/tools/icons/icon_open.h Examining data/openctm-1.0.3+dfsg1/tools/3ds.h Examining data/openctm-1.0.3+dfsg1/tools/ctmbench.cpp Examining data/openctm-1.0.3+dfsg1/tools/systimer.h Examining data/openctm-1.0.3+dfsg1/tools/dae.cpp Examining data/openctm-1.0.3+dfsg1/tools/ctm.h Examining data/openctm-1.0.3+dfsg1/tools/image.cpp FINAL RESULTS: data/openctm-1.0.3+dfsg1/lib/openctm.c:927:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(self->mFileComment, aFileComment); data/openctm-1.0.3+dfsg1/lib/openctm.c:1019:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(map->mName, aName); data/openctm-1.0.3+dfsg1/lib/openctm.c:1040:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(map->mFileName, aFileName); data/openctm-1.0.3+dfsg1/tools/rply/rply.c:421:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(element->name, name); data/openctm-1.0.3+dfsg1/tools/rply/rply.c:439:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(property->name, name); data/openctm-1.0.3+dfsg1/tools/rply/rply.c:463:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(property->name, name); data/openctm-1.0.3+dfsg1/tools/rply/rply.c:488:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new_comment, comment); data/openctm-1.0.3+dfsg1/tools/rply/rply.c:502:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new_obj_info, obj_info); data/openctm-1.0.3+dfsg1/tools/rply/rply.c:1132:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(property->name, BWORD(ply)); data/openctm-1.0.3+dfsg1/tools/rply/rply.c:1147:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(element->name, BWORD(ply)); data/openctm-1.0.3+dfsg1/tools/rply/rply.c:1171:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buffer, fmt, ap); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaDec.c:789:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->tempBuf, src, inSize); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaDec.c:877:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, p->dic + dicPos, outSizeCur); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.c:248:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, p->data, curSize); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.c:371:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isMatch[i], p->isMatch[i], sizeof(p->isMatch[i])); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.c:372:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRep0Long[i], p->isRep0Long[i], sizeof(p->isRep0Long[i])); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.c:375:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->posSlotEncoder[i], p->posSlotEncoder[i], sizeof(p->posSlotEncoder[i])); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.c:376:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRep, p->isRep, sizeof(p->isRep)); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.c:377:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRepG0, p->isRepG0, sizeof(p->isRepG0)); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.c:378:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRepG1, p->isRepG1, sizeof(p->isRepG1)); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.c:379:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRepG2, p->isRepG2, sizeof(p->isRepG2)); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.c:380:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->posEncoders, p->posEncoders, sizeof(p->posEncoders)); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.c:381:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->posAlignEncoder, p->posAlignEncoder, sizeof(p->posAlignEncoder)); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.c:382:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->reps, p->reps, sizeof(p->reps)); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.c:383:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->litProbs, p->litProbs, (0x300 << p->lclp) * sizeof(CLzmaProb)); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.c:397:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isMatch[i], p->isMatch[i], sizeof(p->isMatch[i])); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.c:398:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRep0Long[i], p->isRep0Long[i], sizeof(p->isRep0Long[i])); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.c:401:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->posSlotEncoder[i], p->posSlotEncoder[i], sizeof(p->posSlotEncoder[i])); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.c:402:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRep, p->isRep, sizeof(p->isRep)); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.c:403:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRepG0, p->isRepG0, sizeof(p->isRepG0)); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.c:404:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRepG1, p->isRepG1, sizeof(p->isRepG1)); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.c:405:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRepG2, p->isRepG2, sizeof(p->isRepG2)); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.c:406:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->posEncoders, p->posEncoders, sizeof(p->posEncoders)); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.c:407:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->posAlignEncoder, p->posAlignEncoder, sizeof(p->posAlignEncoder)); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.c:408:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->reps, p->reps, sizeof(p->reps)); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.c:409:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->litProbs, p->litProbs, (0x300 << dest->lclp) * sizeof(CLzmaProb)); data/openctm-1.0.3+dfsg1/lib/liblzma/LzmaEnc.c:2120:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->data, data, size); data/openctm-1.0.3+dfsg1/lib/openctm.c:1120:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(aFileName, "rb"); data/openctm-1.0.3+dfsg1/lib/openctm.c:1329:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(aFileName, "wb"); data/openctm-1.0.3+dfsg1/lib/stream.c:66:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; data/openctm-1.0.3+dfsg1/lib/stream.c:80:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; data/openctm-1.0.3+dfsg1/lib/stream.c:181:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char props[5]; data/openctm-1.0.3+dfsg1/lib/stream.c:260:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char * packed, outProps[5], *tmp; data/openctm-1.0.3+dfsg1/lib/stream.c:361:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char props[5]; data/openctm-1.0.3+dfsg1/lib/stream.c:437:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char * packed, outProps[5], *tmp; data/openctm-1.0.3+dfsg1/tools/3ds.cpp:74:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[2]; data/openctm-1.0.3+dfsg1/tools/3ds.cpp:82:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[2]; data/openctm-1.0.3+dfsg1/tools/3ds.cpp:91:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; data/openctm-1.0.3+dfsg1/tools/3ds.cpp:100:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; data/openctm-1.0.3+dfsg1/tools/bin2c.cpp:56:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[19]; data/openctm-1.0.3+dfsg1/tools/ctmbench.cpp:165:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). iterations = atoi(argv[1]); data/openctm-1.0.3+dfsg1/tools/ctmviewer.cpp:520:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * inFile = fopen(name.c_str(), "rb"); data/openctm-1.0.3+dfsg1/tools/ctmviewer.cpp:527:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inFile = fopen(name.c_str(), "rb"); data/openctm-1.0.3+dfsg1/tools/dae.cpp:117:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[100]; data/openctm-1.0.3+dfsg1/tools/dae.cpp:121:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). value = atoi(val); data/openctm-1.0.3+dfsg1/tools/dae.cpp:135:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). inputs.back().offset = atoi(inputElem->Attribute("offset")); data/openctm-1.0.3+dfsg1/tools/dae.cpp:263:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sources[id].stride = atoi(accessorElem->Attribute("stride")); data/openctm-1.0.3+dfsg1/tools/dae.cpp:264:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sources[id].count = atoi(accessorElem->Attribute("count")); data/openctm-1.0.3+dfsg1/tools/dae.cpp:266:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sources[id].offset = atoi(accessorElem->Attribute("offset")); data/openctm-1.0.3+dfsg1/tools/dae.cpp:268:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[100]; data/openctm-1.0.3+dfsg1/tools/dae.cpp:488:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[500]; data/openctm-1.0.3+dfsg1/tools/dae.cpp:492:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%i-%02i-%02iT%02i:%02i:%02i.%03iZ", tm.wYear, data/openctm-1.0.3+dfsg1/tools/dae.cpp:500:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%i-%02i-%02iT%02i:%02i:%02i", tm.tm_year + 1900, data/openctm-1.0.3+dfsg1/tools/image.cpp:61:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * inFile = fopen(aFileName, "rb"); data/openctm-1.0.3+dfsg1/tools/image.cpp:79:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char * scanLines[1]; data/openctm-1.0.3+dfsg1/tools/lwo.cpp:51:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[2]; data/openctm-1.0.3+dfsg1/tools/lwo.cpp:60:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; data/openctm-1.0.3+dfsg1/tools/lwo.cpp:71:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; data/openctm-1.0.3+dfsg1/tools/lwo.cpp:89:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[12]; data/openctm-1.0.3+dfsg1/tools/lwo.cpp:155:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[2]; data/openctm-1.0.3+dfsg1/tools/lwo.cpp:164:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; data/openctm-1.0.3+dfsg1/tools/lwo.cpp:175:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; data/openctm-1.0.3+dfsg1/tools/lwo.cpp:193:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[12]; data/openctm-1.0.3+dfsg1/tools/rply/rply.c:80:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[WORDSIZE]; data/openctm-1.0.3+dfsg1/tools/rply/rply.c:98:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[WORDSIZE]; data/openctm-1.0.3+dfsg1/tools/rply/rply.c:164:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFFERSIZE]; data/openctm-1.0.3+dfsg1/tools/rply/rply.c:288:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[5] = " "; data/openctm-1.0.3+dfsg1/tools/rply/rply.c:297:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(name, "rb"); data/openctm-1.0.3+dfsg1/tools/rply/rply.c:388:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(name, "wb"); data/openctm-1.0.3+dfsg1/tools/rply/rply.c:1168:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/openctm-1.0.3+dfsg1/tools/stl.cpp:48:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; data/openctm-1.0.3+dfsg1/tools/stl.cpp:57:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; data/openctm-1.0.3+dfsg1/tools/stl.cpp:128:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char comment[81]; data/openctm-1.0.3+dfsg1/tools/stl.cpp:198:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char comment[80]; data/openctm-1.0.3+dfsg1/tools/sysdialog_win.cpp:93:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileNameBuf[1000]; data/openctm-1.0.3+dfsg1/tools/sysdialog_win.cpp:119:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&filterBuf[pos], name.c_str(), name.size()); data/openctm-1.0.3+dfsg1/tools/sysdialog_win.cpp:121:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&filterBuf[pos], pattern.c_str(), pattern.size()); data/openctm-1.0.3+dfsg1/tools/sysdialog_win.cpp:154:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileNameBuf[1000]; data/openctm-1.0.3+dfsg1/tools/sysdialog_win.cpp:181:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&filterBuf[pos], name.c_str(), name.size()); data/openctm-1.0.3+dfsg1/tools/sysdialog_win.cpp:183:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&filterBuf[pos], pattern.c_str(), pattern.size()); data/openctm-1.0.3+dfsg1/lib/openctm.c:916:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(aFileComment); data/openctm-1.0.3+dfsg1/lib/openctm.c:1008:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(aName); data/openctm-1.0.3+dfsg1/lib/openctm.c:1027:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(aFileName); data/openctm-1.0.3+dfsg1/lib/stream.c:158:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(aValue); data/openctm-1.0.3+dfsg1/tools/3ds.cpp:75:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). aStream.read((char *) buf, 2); data/openctm-1.0.3+dfsg1/tools/3ds.cpp:92:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). aStream.read((char *) buf, 4); data/openctm-1.0.3+dfsg1/tools/bin2c.cpp:57:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). f.read((char *) buf, 19); data/openctm-1.0.3+dfsg1/tools/lwo.cpp:52:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). aStream.read((char *) buf, 2); data/openctm-1.0.3+dfsg1/tools/lwo.cpp:61:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). aStream.read((char *) buf, 4); data/openctm-1.0.3+dfsg1/tools/lwo.cpp:72:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). aStream.read((char *) buf, 4); data/openctm-1.0.3+dfsg1/tools/lwo.cpp:91:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). aStream.read((char *) buf, 12); data/openctm-1.0.3+dfsg1/tools/lwo.cpp:119:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). aStream.read((char *) &result[0], aCount); data/openctm-1.0.3+dfsg1/tools/lwo.cpp:219:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(aString); data/openctm-1.0.3+dfsg1/tools/lwo.cpp:226:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(aString) + 1; data/openctm-1.0.3+dfsg1/tools/rply/rply.c:414:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(name && strlen(name) < WORDSIZE && ninstances >= 0); data/openctm-1.0.3+dfsg1/tools/rply/rply.c:415:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) >= WORDSIZE || ninstances < 0) { data/openctm-1.0.3+dfsg1/tools/rply/rply.c:430:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(name && strlen(name) < WORDSIZE); data/openctm-1.0.3+dfsg1/tools/rply/rply.c:432:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) >= WORDSIZE || type >= PLY_LIST) { data/openctm-1.0.3+dfsg1/tools/rply/rply.c:449:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(name && strlen(name) < WORDSIZE); data/openctm-1.0.3+dfsg1/tools/rply/rply.c:450:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) >= WORDSIZE) { data/openctm-1.0.3+dfsg1/tools/rply/rply.c:480:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(ply && comment && strlen(comment) < LINESIZE); data/openctm-1.0.3+dfsg1/tools/rply/rply.c:481:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!comment || strlen(comment) >= LINESIZE) { data/openctm-1.0.3+dfsg1/tools/rply/rply.c:494:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(ply && obj_info && strlen(obj_info) < LINESIZE); data/openctm-1.0.3+dfsg1/tools/rply/rply.c:495:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!obj_info || strlen(obj_info) >= LINESIZE) { data/openctm-1.0.3+dfsg1/tools/rply/rply.c:833:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(BLINE(ply)) >= WORDSIZE) { data/openctm-1.0.3+dfsg1/tools/rply/rply.c:886:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(BLINE(ply)) >= LINESIZE) { data/openctm-1.0.3+dfsg1/tools/stl.cpp:49:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). aStream.read((char *) buf, 4); data/openctm-1.0.3+dfsg1/tools/stl.cpp:129:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). f.read(comment, 80); data/openctm-1.0.3+dfsg1/tools/wrl.cpp:64:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). mStream->read(mBuffer, mBufSize); ANALYSIS SUMMARY: Hits = 119 Lines analyzed = 20777 in approximately 0.54 seconds (38130 lines/second) Physical Source Lines of Code (SLOC) = 14441 Hits@level = [0] 55 [1] 29 [2] 79 [3] 0 [4] 11 [5] 0 Hits@level+ = [0+] 174 [1+] 119 [2+] 90 [3+] 11 [4+] 11 [5+] 0 Hits/KSLOC@level+ = [0+] 12.049 [1+] 8.24043 [2+] 6.23226 [3+] 0.76172 [4+] 0.76172 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.