Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/orthanc-wsi-0.7/Applications/ApplicationToolbox.cpp
Examining data/orthanc-wsi-0.7/Applications/ApplicationToolbox.h
Examining data/orthanc-wsi-0.7/Applications/DicomToTiff.cpp
Examining data/orthanc-wsi-0.7/Applications/Dicomizer.cpp
Examining data/orthanc-wsi-0.7/Framework/Algorithms/PyramidReader.cpp
Examining data/orthanc-wsi-0.7/Framework/Algorithms/PyramidReader.h
Examining data/orthanc-wsi-0.7/Framework/Algorithms/ReconstructPyramidCommand.cpp
Examining data/orthanc-wsi-0.7/Framework/Algorithms/ReconstructPyramidCommand.h
Examining data/orthanc-wsi-0.7/Framework/Algorithms/TranscodeTileCommand.cpp
Examining data/orthanc-wsi-0.7/Framework/Algorithms/TranscodeTileCommand.h
Examining data/orthanc-wsi-0.7/Framework/DicomToolbox.cpp
Examining data/orthanc-wsi-0.7/Framework/DicomToolbox.h
Examining data/orthanc-wsi-0.7/Framework/DicomizerParameters.cpp
Examining data/orthanc-wsi-0.7/Framework/DicomizerParameters.h
Examining data/orthanc-wsi-0.7/Framework/Enumerations.cpp
Examining data/orthanc-wsi-0.7/Framework/Enumerations.h
Examining data/orthanc-wsi-0.7/Framework/ImageToolbox.cpp
Examining data/orthanc-wsi-0.7/Framework/ImageToolbox.h
Examining data/orthanc-wsi-0.7/Framework/ImagedVolumeParameters.cpp
Examining data/orthanc-wsi-0.7/Framework/ImagedVolumeParameters.h
Examining data/orthanc-wsi-0.7/Framework/Inputs/DecodedTiledPyramid.cpp
Examining data/orthanc-wsi-0.7/Framework/Inputs/DecodedTiledPyramid.h
Examining data/orthanc-wsi-0.7/Framework/Inputs/DicomPyramid.cpp
Examining data/orthanc-wsi-0.7/Framework/Inputs/DicomPyramid.h
Examining data/orthanc-wsi-0.7/Framework/Inputs/DicomPyramidInstance.cpp
Examining data/orthanc-wsi-0.7/Framework/Inputs/DicomPyramidInstance.h
Examining data/orthanc-wsi-0.7/Framework/Inputs/DicomPyramidLevel.cpp
Examining data/orthanc-wsi-0.7/Framework/Inputs/DicomPyramidLevel.h
Examining data/orthanc-wsi-0.7/Framework/Inputs/HierarchicalTiff.cpp
Examining data/orthanc-wsi-0.7/Framework/Inputs/HierarchicalTiff.h
Examining data/orthanc-wsi-0.7/Framework/Inputs/ITiledPyramid.h
Examining data/orthanc-wsi-0.7/Framework/Inputs/OpenSlideLibrary.cpp
Examining data/orthanc-wsi-0.7/Framework/Inputs/OpenSlideLibrary.h
Examining data/orthanc-wsi-0.7/Framework/Inputs/OpenSlidePyramid.cpp
Examining data/orthanc-wsi-0.7/Framework/Inputs/OpenSlidePyramid.h
Examining data/orthanc-wsi-0.7/Framework/Inputs/PyramidWithRawTiles.cpp
Examining data/orthanc-wsi-0.7/Framework/Inputs/PyramidWithRawTiles.h
Examining data/orthanc-wsi-0.7/Framework/Inputs/SingleLevelDecodedPyramid.cpp
Examining data/orthanc-wsi-0.7/Framework/Inputs/SingleLevelDecodedPyramid.h
Examining data/orthanc-wsi-0.7/Framework/Inputs/TiledJpegImage.h
Examining data/orthanc-wsi-0.7/Framework/Inputs/TiledPngImage.h
Examining data/orthanc-wsi-0.7/Framework/Inputs/TiledPyramidStatistics.cpp
Examining data/orthanc-wsi-0.7/Framework/Inputs/TiledPyramidStatistics.h
Examining data/orthanc-wsi-0.7/Framework/Jpeg2000Reader.cpp
Examining data/orthanc-wsi-0.7/Framework/Jpeg2000Reader.h
Examining data/orthanc-wsi-0.7/Framework/Jpeg2000Writer.cpp
Examining data/orthanc-wsi-0.7/Framework/Jpeg2000Writer.h
Examining data/orthanc-wsi-0.7/Framework/MultiThreading/BagOfTasks.h
Examining data/orthanc-wsi-0.7/Framework/MultiThreading/BagOfTasksProcessor.cpp
Examining data/orthanc-wsi-0.7/Framework/MultiThreading/BagOfTasksProcessor.h
Examining data/orthanc-wsi-0.7/Framework/MultiThreading/ICommand.h
Examining data/orthanc-wsi-0.7/Framework/Outputs/DicomPyramidWriter.cpp
Examining data/orthanc-wsi-0.7/Framework/Outputs/DicomPyramidWriter.h
Examining data/orthanc-wsi-0.7/Framework/Outputs/HierarchicalTiffWriter.cpp
Examining data/orthanc-wsi-0.7/Framework/Outputs/HierarchicalTiffWriter.h
Examining data/orthanc-wsi-0.7/Framework/Outputs/IPyramidWriter.h
Examining data/orthanc-wsi-0.7/Framework/Outputs/InMemoryTiledImage.cpp
Examining data/orthanc-wsi-0.7/Framework/Outputs/InMemoryTiledImage.h
Examining data/orthanc-wsi-0.7/Framework/Outputs/MultiframeDicomWriter.cpp
Examining data/orthanc-wsi-0.7/Framework/Outputs/MultiframeDicomWriter.h
Examining data/orthanc-wsi-0.7/Framework/Outputs/PyramidWriterBase.cpp
Examining data/orthanc-wsi-0.7/Framework/Outputs/PyramidWriterBase.h
Examining data/orthanc-wsi-0.7/Framework/Outputs/TruncatedPyramidWriter.cpp
Examining data/orthanc-wsi-0.7/Framework/Outputs/TruncatedPyramidWriter.h
Examining data/orthanc-wsi-0.7/Framework/PrecompiledHeadersWSI.cpp
Examining data/orthanc-wsi-0.7/Framework/PrecompiledHeadersWSI.h
Examining data/orthanc-wsi-0.7/Framework/Targets/FolderTarget.cpp
Examining data/orthanc-wsi-0.7/Framework/Targets/FolderTarget.h
Examining data/orthanc-wsi-0.7/Framework/Targets/IFileTarget.h
Examining data/orthanc-wsi-0.7/Framework/Targets/OrthancTarget.cpp
Examining data/orthanc-wsi-0.7/Framework/Targets/OrthancTarget.h
Examining data/orthanc-wsi-0.7/Resources/Graveyard/Hello.cpp
Examining data/orthanc-wsi-0.7/Resources/Orthanc/Sdk-1.0.0/orthanc/OrthancCPlugin.h
Examining data/orthanc-wsi-0.7/ViewerPlugin/DicomPyramidCache.cpp
Examining data/orthanc-wsi-0.7/ViewerPlugin/DicomPyramidCache.h
Examining data/orthanc-wsi-0.7/ViewerPlugin/Plugin.cpp
FINAL RESULTS:
data/orthanc-wsi-0.7/Framework/Targets/FolderTarget.cpp:39:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(&path[0], pattern_.c_str(), count_);
data/orthanc-wsi-0.7/Resources/Orthanc/Sdk-1.0.0/orthanc/OrthancCPlugin.h:1051:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf
data/orthanc-wsi-0.7/ViewerPlugin/Plugin.cpp:81:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "Accessing whole-slide pyramid of series %s", seriesId.c_str());
data/orthanc-wsi-0.7/ViewerPlugin/Plugin.cpp:138:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "Accessing tile in series %s: (%d,%d) at level %d", seriesId.c_str(), tileX, tileY, level);
data/orthanc-wsi-0.7/ViewerPlugin/Plugin.cpp:234:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "New instance has been added to series %s, invalidating it", resourceId);
data/orthanc-wsi-0.7/ViewerPlugin/Plugin.cpp:298:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(info, "Your version of Orthanc (%s) must be above %d.%d.%d to run this plugin",
data/orthanc-wsi-0.7/Framework/ImageToolbox.cpp:192:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&target[i * pitch], source.GetConstRow(i), pitch);
data/orthanc-wsi-0.7/Framework/Inputs/HierarchicalTiff.cpp:331:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tile[0], &headers[0], headers.size());
data/orthanc-wsi-0.7/Framework/Inputs/HierarchicalTiff.cpp:332:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tile[0] + headers.size(), &raw[2], raw.size() - 2);
data/orthanc-wsi-0.7/Framework/Jpeg2000Reader.cpp:188:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target, that.buffer_ + that.position_, size);
data/orthanc-wsi-0.7/Framework/Outputs/MultiframeDicomWriter.cpp:134:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target, pixelData.c_str(), pixelData.size());
data/orthanc-wsi-0.7/Framework/Outputs/MultiframeDicomWriter.cpp:264:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uid[100];
data/orthanc-wsi-0.7/ViewerPlugin/Plugin.cpp:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/orthanc-wsi-0.7/ViewerPlugin/Plugin.cpp:137:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/orthanc-wsi-0.7/ViewerPlugin/Plugin.cpp:233:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/orthanc-wsi-0.7/ViewerPlugin/Plugin.cpp:297:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[1024];
data/orthanc-wsi-0.7/ViewerPlugin/Plugin.cpp:321:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[1024];
data/orthanc-wsi-0.7/ViewerPlugin/Plugin.cpp:322:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(info, "The whole-slide imaging plugin will use at most %u threads to transcode the tiles", threads);
data/orthanc-wsi-0.7/Framework/Inputs/HierarchicalTiff.cpp:305:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != static_cast<tsize_t>(sizes[index]))
data/orthanc-wsi-0.7/Resources/Orthanc/Sdk-1.0.0/orthanc/OrthancCPlugin.h:2248:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
OrthancPluginStorageRead read;
data/orthanc-wsi-0.7/Resources/Orthanc/Sdk-1.0.0/orthanc/OrthancCPlugin.h:2270:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
OrthancPluginStorageRead read,
data/orthanc-wsi-0.7/Resources/Orthanc/Sdk-1.0.0/orthanc/OrthancCPlugin.h:2275:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
params.read = read;
ANALYSIS SUMMARY:
Hits = 22
Lines analyzed = 16342 in approximately 0.38 seconds (43334 lines/second)
Physical Source Lines of Code (SLOC) = 10375
Hits@level = [0] 4 [1] 4 [2] 12 [3] 0 [4] 6 [5] 0
Hits@level+ = [0+] 26 [1+] 22 [2+] 18 [3+] 6 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 2.50602 [1+] 2.12048 [2+] 1.73494 [3+] 0.578313 [4+] 0.578313 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.