Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/pdfresurrect-0.21/main.c Examining data/pdfresurrect-0.21/main.h Examining data/pdfresurrect-0.21/pdf.c Examining data/pdfresurrect-0.21/pdf.h FINAL RESULTS: data/pdfresurrect-0.21/main.c:40:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(EXEC_NAME " Copyright (C) 2008-2010, 2012, 2013, 2017, 2019-20 " data/pdfresurrect-0.21/main.c:122:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new_name, pdf->name); data/pdfresurrect-0.21/main.c:125:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(new_name, suffix); data/pdfresurrect-0.21/main.c:324:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dname, "%s-versions", name); data/pdfresurrect-0.21/main.h:41:19: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define ERR(...) {fprintf(stderr, TAG" -- Error -- " __VA_ARGS__);} data/pdfresurrect-0.21/pdf.c:149:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pdf->name, n); data/pdfresurrect-0.21/pdf.c:410:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dst_name, "%s/%s", name, name); data/pdfresurrect-0.21/main.c:81:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(new_fp = fopen(new_fname, "w"))) data/pdfresurrect-0.21/main.c:127:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((new_fp = fopen(new_name, "r"))) data/pdfresurrect-0.21/main.c:135:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(new_fp = fopen(new_name, "w+"))) data/pdfresurrect-0.21/main.c:275:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(fp = fopen(name, "r"))) data/pdfresurrect-0.21/pdf.c:154:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pdf->name, "Unknown"); data/pdfresurrect-0.21/pdf.c:204:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pdf->pdf_major_version = atoi(c + strlen("%PDF-")); data/pdfresurrect-0.21/pdf.c:205:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pdf->pdf_minor_version = atoi(c + strlen("%PDF-M.")); data/pdfresurrect-0.21/pdf.c:216:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char x, *c, buf[256]; data/pdfresurrect-0.21/pdf.c:260:31: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pdf->xrefs[i].start = atol(c); data/pdfresurrect-0.21/pdf.c:415:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(dst_name, ".summary"); data/pdfresurrect-0.21/pdf.c:416:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(dst = fopen(dst_name, "w"))) data/pdfresurrect-0.21/pdf.c:547:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *c, buf[16]; data/pdfresurrect-0.21/pdf.c:592:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c, buf[32] = {0}; data/pdfresurrect-0.21/pdf.c:608:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xref->n_entries = atoi(buf + strlen("ize ")); data/pdfresurrect-0.21/pdf.c:650:39: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xref->entries[i].offset = atol(token); data/pdfresurrect-0.21/pdf.c:656:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xref->entries[i].gen_num = atoi(token); data/pdfresurrect-0.21/pdf.c:662:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). obj_id = atoi(buf); data/pdfresurrect-0.21/pdf.c:696:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch, buf[256]; data/pdfresurrect-0.21/pdf.c:786:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(daddy, creator_template, sizeof(creator_template)); data/pdfresurrect-0.21/pdf.c:806:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c, *buf, obj_id_buf[32] = {0}; data/pdfresurrect-0.21/pdf.c:951:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). obj_id = atoi(c); data/pdfresurrect-0.21/pdf.c:1036:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/pdfresurrect-0.21/pdf.c:1046:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (!(obj_id = atoi(buf))) data/pdfresurrect-0.21/pdf.c:1162:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[32]; data/pdfresurrect-0.21/pdf.c:1219:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, c, n_chars); data/pdfresurrect-0.21/pdf.c:1242:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ascii, hex_buf[5] = {0}; data/pdfresurrect-0.21/pdf.h:46:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[KV_MAX_KEY_LENGTH]; data/pdfresurrect-0.21/pdf.h:47:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[KV_MAX_VALUE_LENGTH]; data/pdfresurrect-0.21/main.c:77:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_fname = safe_calloc(strlen(fname) + strlen(dirname) + 32); data/pdfresurrect-0.21/main.c:77:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_fname = safe_calloc(strlen(fname) + strlen(dirname) + 32); data/pdfresurrect-0.21/main.c:78:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(new_fname, strlen(fname) + strlen(dirname) + 32, data/pdfresurrect-0.21/main.c:78:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(new_fname, strlen(fname) + strlen(dirname) + 32, data/pdfresurrect-0.21/main.c:116:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(new_name = malloc(strlen(pdf->name) + strlen(suffix) + 1))) data/pdfresurrect-0.21/main.c:116:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(new_name = malloc(strlen(pdf->name) + strlen(suffix) + 1))) data/pdfresurrect-0.21/main.c:145:18: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((ch = fgetc(fp)) != EOF) data/pdfresurrect-0.21/main.c:323:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dname = safe_calloc(strlen(name) + 16); data/pdfresurrect-0.21/pdf.c:148:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pdf->name = safe_calloc(strlen(n) + 1); data/pdfresurrect-0.21/pdf.c:153:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pdf->name = safe_calloc(strlen("Unknown") + 1); data/pdfresurrect-0.21/pdf.c:185:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int is_pdf = c && ((c - header+strlen("%PDF-M.m")) < 1024); data/pdfresurrect-0.21/pdf.c:204:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pdf->pdf_major_version = atoi(c + strlen("%PDF-")); data/pdfresurrect-0.21/pdf.c:205:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pdf->pdf_minor_version = atoi(c + strlen("%PDF-M.")); data/pdfresurrect-0.21/pdf.c:244:33: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (SAFE_F(fp, ((x = fgetc(fp)) != 'f'))) data/pdfresurrect-0.21/pdf.c:382:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). obj_sz += strlen("endobj") + 1; data/pdfresurrect-0.21/pdf.c:409:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dst_name = safe_calloc(strlen(name) * 2 + 16); data/pdfresurrect-0.21/pdf.c:559:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(buf, "xref", strlen("xref")) == 0) data/pdfresurrect-0.21/pdf.c:602:23: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (SAFE_F(fp, (fgetc(fp) == '/' && fgetc(fp) == 'S'))) data/pdfresurrect-0.21/pdf.c:602:43: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (SAFE_F(fp, (fgetc(fp) == '/' && fgetc(fp) == 'S'))) data/pdfresurrect-0.21/pdf.c:608:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xref->n_entries = atoi(buf + strlen("ize ")); data/pdfresurrect-0.21/pdf.c:613:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fseek(fp, xref->start + strlen("xref"), SEEK_SET); data/pdfresurrect-0.21/pdf.c:618:13: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(fp); data/pdfresurrect-0.21/pdf.c:620:15: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(fp); data/pdfresurrect-0.21/pdf.c:628:17: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(fp); data/pdfresurrect-0.21/pdf.c:641:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf) > 17) data/pdfresurrect-0.21/pdf.c:712:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(buf, "trailer", strlen("trailer")) == 0) data/pdfresurrect-0.21/pdf.c:725:30: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (SAFE_F(fp, ((ch = fgetc(fp)) != 'x'))) data/pdfresurrect-0.21/pdf.c:820:28: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (SAFE_F(fp, (fgetc(fp) != 't'))) data/pdfresurrect-0.21/pdf.c:825:33: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (SAFE_F(fp, ((c = fgetc(fp)) != '>'))) data/pdfresurrect-0.21/pdf.c:827:28: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (fgetc(fp) == 'I') && ((fgetc(fp) == 'n'))))) data/pdfresurrect-0.21/pdf.c:827:51: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (fgetc(fp) == 'I') && ((fgetc(fp) == 'n'))))) data/pdfresurrect-0.21/pdf.c:833:41: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (SAFE_F(fp, (!isspace(c = fgetc(fp)) && (c != '>')))) data/pdfresurrect-0.21/pdf.c:839:40: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (SAFE_F(fp, (isspace(c = fgetc(fp)) && (c != '>')))) data/pdfresurrect-0.21/pdf.c:849:41: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). SAFE_F(fp, (!isspace(c = fgetc(fp)) && (c != '>')))) data/pdfresurrect-0.21/pdf.c:932:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c += strlen(info[i].key); data/pdfresurrect-0.21/pdf.c:1004:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(info[i].value, start, length); data/pdfresurrect-0.21/pdf.c:1020:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(info[i].value, ascii, val_str_len); data/pdfresurrect-0.21/pdf.c:1131:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *(c + strlen("endobj") + 1) = '\0'; data/pdfresurrect-0.21/pdf.c:1133:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). obj_sz += strlen("endobj") + 1; data/pdfresurrect-0.21/pdf.c:1183:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (isdigit(*(c + strlen("/Type")))) data/pdfresurrect-0.21/pdf.c:1199:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c += strlen("/Type"); data/pdfresurrect-0.21/pdf.c:1250:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ascii, str, str_len + 1); data/pdfresurrect-0.21/pdf.c:1294:17: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = fgetc(fp)) != EOF) ANALYSIS SUMMARY: Hits = 78 Lines analyzed = 1847 in approximately 0.07 seconds (28361 lines/second) Physical Source Lines of Code (SLOC) = 1215 Hits@level = [0] 23 [1] 43 [2] 28 [3] 0 [4] 7 [5] 0 Hits@level+ = [0+] 101 [1+] 78 [2+] 35 [3+] 7 [4+] 7 [5+] 0 Hits/KSLOC@level+ = [0+] 83.1276 [1+] 64.1975 [2+] 28.8066 [3+] 5.76132 [4+] 5.76132 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.