Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-1.1.7RC3/gmagickpixel_methods.c
Examining data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-1.1.7RC3/gmagick.c
Examining data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-1.1.7RC3/php_gmagick_helpers.h
Examining data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-1.1.7RC3/php_gmagick_macros.h
Examining data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-1.1.7RC3/gmagickdraw_methods.c
Examining data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-1.1.7RC3/gmagick_helpers.c
Examining data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-1.1.7RC3/php_gmagick.h
Examining data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-1.1.7RC3/gmagick_methods.c
Examining data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-2.0.5RC1/gmagickpixel_methods.c
Examining data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-2.0.5RC1/gmagick.c
Examining data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-2.0.5RC1/php_gmagick_helpers.h
Examining data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-2.0.5RC1/php_gmagick_macros.h
Examining data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-2.0.5RC1/gmagickdraw_methods.c
Examining data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-2.0.5RC1/gmagick_helpers.c
Examining data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-2.0.5RC1/php_gmagick.h
Examining data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-2.0.5RC1/gmagick_methods.c
FINAL RESULTS:
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-1.1.7RC3/gmagick.c:1208:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gmagick_object_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-1.1.7RC3/gmagick.c:1209:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gmagickdraw_object_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-1.1.7RC3/gmagick.c:1210:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gmagickpixel_object_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-1.1.7RC3/gmagick_methods.c:3459:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xc_str[MAX_BUFFER_SIZE];
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-1.1.7RC3/gmagick_methods.c:3718:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GMAGICK_FREE_MEMORY(char *, fonts[i]);
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-1.1.7RC3/gmagick_methods.c:3745:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GMAGICK_FREE_MEMORY(char *, supported_formats[i]);
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-2.0.5RC1/gmagick.c:1684:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gmagick_object_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-2.0.5RC1/gmagick.c:1692:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gmagickdraw_object_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-2.0.5RC1/gmagick.c:1700:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gmagickpixel_object_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-2.0.5RC1/gmagick_methods.c:3473:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xc_str[MAX_BUFFER_SIZE];
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-2.0.5RC1/gmagick_methods.c:3738:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GMAGICK_FREE_MEMORY(char *, fonts[i]);
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-2.0.5RC1/gmagick_methods.c:3765:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GMAGICK_FREE_MEMORY(char *, supported_formats[i]);
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-1.1.7RC3/gmagick.c:946:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
PHP_MALIAS(gmagick, read, readimage, gmagick_readimage_args, ZEND_ACC_PUBLIC)
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-1.1.7RC3/gmagick_methods.c:191:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename_len = strlen(filename);
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-1.1.7RC3/php_gmagick_macros.h:78:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (description && strlen(description) == 0) { \
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-1.1.7RC3/php_gmagick_macros.h:208:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(description) == 0) { \
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-1.1.7RC3/php_gmagick_macros.h:260:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > MAXPATHLEN) { \
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-1.1.7RC3/php_gmagick_macros.h:271:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > MAXPATHLEN) { \
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-2.0.5RC1/gmagick.c:1072:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
PHP_MALIAS(gmagick, read, readimage, gmagick_readimage_args, ZEND_ACC_PUBLIC)
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-2.0.5RC1/gmagick_helpers.c:457:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pz_x = zend_hash_str_find(sub_array, "x", strlen("x"));
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-2.0.5RC1/gmagick_helpers.c:466:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pz_y = zend_hash_str_find(sub_array, "y", strlen("y"));
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-2.0.5RC1/gmagick_methods.c:192:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename_len = strlen(filename);
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-2.0.5RC1/php_gmagick_macros.h:87:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (description && strlen(description) == 0) { \
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-2.0.5RC1/php_gmagick_macros.h:217:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(description) == 0) { \
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-2.0.5RC1/php_gmagick_macros.h:267:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > MAXPATHLEN) { \
data/php-gmagick-2.0.5~rc1+1.1.7~rc3/gmagick-2.0.5RC1/php_gmagick_macros.h:278:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > MAXPATHLEN) { \
ANALYSIS SUMMARY:
Hits = 26
Lines analyzed = 21070 in approximately 0.48 seconds (44031 lines/second)
Physical Source Lines of Code (SLOC) = 13843
Hits@level = [0] 2 [1] 14 [2] 12 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 28 [1+] 26 [2+] 12 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 2.02268 [1+] 1.87821 [2+] 0.866864 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.