Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pdfresurrect-0.21/main.c
Examining data/pdfresurrect-0.21/main.h
Examining data/pdfresurrect-0.21/pdf.c
Examining data/pdfresurrect-0.21/pdf.h
FINAL RESULTS:
data/pdfresurrect-0.21/main.c:40:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(EXEC_NAME " Copyright (C) 2008-2010, 2012, 2013, 2017, 2019-20 "
data/pdfresurrect-0.21/main.c:122:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_name, pdf->name);
data/pdfresurrect-0.21/main.c:125:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_name, suffix);
data/pdfresurrect-0.21/main.c:324:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dname, "%s-versions", name);
data/pdfresurrect-0.21/main.h:41:19: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define ERR(...) {fprintf(stderr, TAG" -- Error -- " __VA_ARGS__);}
data/pdfresurrect-0.21/pdf.c:149:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pdf->name, n);
data/pdfresurrect-0.21/pdf.c:410:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dst_name, "%s/%s", name, name);
data/pdfresurrect-0.21/main.c:81:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(new_fp = fopen(new_fname, "w")))
data/pdfresurrect-0.21/main.c:127:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((new_fp = fopen(new_name, "r")))
data/pdfresurrect-0.21/main.c:135:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(new_fp = fopen(new_name, "w+")))
data/pdfresurrect-0.21/main.c:275:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(name, "r")))
data/pdfresurrect-0.21/pdf.c:154:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pdf->name, "Unknown");
data/pdfresurrect-0.21/pdf.c:204:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pdf->pdf_major_version = atoi(c + strlen("%PDF-"));
data/pdfresurrect-0.21/pdf.c:205:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pdf->pdf_minor_version = atoi(c + strlen("%PDF-M."));
data/pdfresurrect-0.21/pdf.c:216:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x, *c, buf[256];
data/pdfresurrect-0.21/pdf.c:260:31: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pdf->xrefs[i].start = atol(c);
data/pdfresurrect-0.21/pdf.c:415:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(dst_name, ".summary");
data/pdfresurrect-0.21/pdf.c:416:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(dst = fopen(dst_name, "w")))
data/pdfresurrect-0.21/pdf.c:547:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *c, buf[16];
data/pdfresurrect-0.21/pdf.c:592:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c, buf[32] = {0};
data/pdfresurrect-0.21/pdf.c:608:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xref->n_entries = atoi(buf + strlen("ize "));
data/pdfresurrect-0.21/pdf.c:650:39: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xref->entries[i].offset = atol(token);
data/pdfresurrect-0.21/pdf.c:656:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xref->entries[i].gen_num = atoi(token);
data/pdfresurrect-0.21/pdf.c:662:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
obj_id = atoi(buf);
data/pdfresurrect-0.21/pdf.c:696:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch, buf[256];
data/pdfresurrect-0.21/pdf.c:786:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(daddy, creator_template, sizeof(creator_template));
data/pdfresurrect-0.21/pdf.c:806:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c, *buf, obj_id_buf[32] = {0};
data/pdfresurrect-0.21/pdf.c:951:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
obj_id = atoi(c);
data/pdfresurrect-0.21/pdf.c:1036:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/pdfresurrect-0.21/pdf.c:1046:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!(obj_id = atoi(buf)))
data/pdfresurrect-0.21/pdf.c:1162:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/pdfresurrect-0.21/pdf.c:1219:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, c, n_chars);
data/pdfresurrect-0.21/pdf.c:1242:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ascii, hex_buf[5] = {0};
data/pdfresurrect-0.21/pdf.h:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[KV_MAX_KEY_LENGTH];
data/pdfresurrect-0.21/pdf.h:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[KV_MAX_VALUE_LENGTH];
data/pdfresurrect-0.21/main.c:77:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_fname = safe_calloc(strlen(fname) + strlen(dirname) + 32);
data/pdfresurrect-0.21/main.c:77:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_fname = safe_calloc(strlen(fname) + strlen(dirname) + 32);
data/pdfresurrect-0.21/main.c:78:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(new_fname, strlen(fname) + strlen(dirname) + 32,
data/pdfresurrect-0.21/main.c:78:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(new_fname, strlen(fname) + strlen(dirname) + 32,
data/pdfresurrect-0.21/main.c:116:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(new_name = malloc(strlen(pdf->name) + strlen(suffix) + 1)))
data/pdfresurrect-0.21/main.c:116:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(new_name = malloc(strlen(pdf->name) + strlen(suffix) + 1)))
data/pdfresurrect-0.21/main.c:145:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = fgetc(fp)) != EOF)
data/pdfresurrect-0.21/main.c:323:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dname = safe_calloc(strlen(name) + 16);
data/pdfresurrect-0.21/pdf.c:148:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pdf->name = safe_calloc(strlen(n) + 1);
data/pdfresurrect-0.21/pdf.c:153:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pdf->name = safe_calloc(strlen("Unknown") + 1);
data/pdfresurrect-0.21/pdf.c:185:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int is_pdf = c && ((c - header+strlen("%PDF-M.m")) < 1024);
data/pdfresurrect-0.21/pdf.c:204:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pdf->pdf_major_version = atoi(c + strlen("%PDF-"));
data/pdfresurrect-0.21/pdf.c:205:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pdf->pdf_minor_version = atoi(c + strlen("%PDF-M."));
data/pdfresurrect-0.21/pdf.c:244:33: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (SAFE_F(fp, ((x = fgetc(fp)) != 'f')))
data/pdfresurrect-0.21/pdf.c:382:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
obj_sz += strlen("endobj") + 1;
data/pdfresurrect-0.21/pdf.c:409:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dst_name = safe_calloc(strlen(name) * 2 + 16);
data/pdfresurrect-0.21/pdf.c:559:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(buf, "xref", strlen("xref")) == 0)
data/pdfresurrect-0.21/pdf.c:602:23: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (SAFE_F(fp, (fgetc(fp) == '/' && fgetc(fp) == 'S')))
data/pdfresurrect-0.21/pdf.c:602:43: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (SAFE_F(fp, (fgetc(fp) == '/' && fgetc(fp) == 'S')))
data/pdfresurrect-0.21/pdf.c:608:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xref->n_entries = atoi(buf + strlen("ize "));
data/pdfresurrect-0.21/pdf.c:613:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fseek(fp, xref->start + strlen("xref"), SEEK_SET);
data/pdfresurrect-0.21/pdf.c:618:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/pdfresurrect-0.21/pdf.c:620:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/pdfresurrect-0.21/pdf.c:628:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/pdfresurrect-0.21/pdf.c:641:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) > 17)
data/pdfresurrect-0.21/pdf.c:712:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(buf, "trailer", strlen("trailer")) == 0)
data/pdfresurrect-0.21/pdf.c:725:30: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (SAFE_F(fp, ((ch = fgetc(fp)) != 'x')))
data/pdfresurrect-0.21/pdf.c:820:28: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (SAFE_F(fp, (fgetc(fp) != 't')))
data/pdfresurrect-0.21/pdf.c:825:33: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (SAFE_F(fp, ((c = fgetc(fp)) != '>')))
data/pdfresurrect-0.21/pdf.c:827:28: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(fgetc(fp) == 'I') && ((fgetc(fp) == 'n')))))
data/pdfresurrect-0.21/pdf.c:827:51: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(fgetc(fp) == 'I') && ((fgetc(fp) == 'n')))))
data/pdfresurrect-0.21/pdf.c:833:41: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (SAFE_F(fp, (!isspace(c = fgetc(fp)) && (c != '>'))))
data/pdfresurrect-0.21/pdf.c:839:40: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (SAFE_F(fp, (isspace(c = fgetc(fp)) && (c != '>'))))
data/pdfresurrect-0.21/pdf.c:849:41: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SAFE_F(fp, (!isspace(c = fgetc(fp)) && (c != '>'))))
data/pdfresurrect-0.21/pdf.c:932:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c += strlen(info[i].key);
data/pdfresurrect-0.21/pdf.c:1004:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(info[i].value, start, length);
data/pdfresurrect-0.21/pdf.c:1020:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(info[i].value, ascii, val_str_len);
data/pdfresurrect-0.21/pdf.c:1131:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(c + strlen("endobj") + 1) = '\0';
data/pdfresurrect-0.21/pdf.c:1133:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
obj_sz += strlen("endobj") + 1;
data/pdfresurrect-0.21/pdf.c:1183:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (isdigit(*(c + strlen("/Type"))))
data/pdfresurrect-0.21/pdf.c:1199:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c += strlen("/Type");
data/pdfresurrect-0.21/pdf.c:1250:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ascii, str, str_len + 1);
data/pdfresurrect-0.21/pdf.c:1294:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(fp)) != EOF)
ANALYSIS SUMMARY:
Hits = 78
Lines analyzed = 1847 in approximately 0.07 seconds (28361 lines/second)
Physical Source Lines of Code (SLOC) = 1215
Hits@level = [0] 23 [1] 43 [2] 28 [3] 0 [4] 7 [5] 0
Hits@level+ = [0+] 101 [1+] 78 [2+] 35 [3+] 7 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 83.1276 [1+] 64.1975 [2+] 28.8066 [3+] 5.76132 [4+] 5.76132 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.