stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pngcheck-2.3.0/pngcheck.c
Examining data/pngcheck-2.3.0/gpl/pngsplit.c
Examining data/pngcheck-2.3.0/gpl/png-fix-IDAT-windowsize.c

FINAL RESULTS:

data/pngcheck-2.3.0/gpl/pngsplit.c:441:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(outname+baselen, ".%04lu.%s", num, chunkstr(chunktyp));
data/pngcheck-2.3.0/pngcheck.c:2927:11:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
          printf(verbose? "\n" : ":\n");
data/pngcheck-2.3.0/gpl/png-fix-IDAT-windowsize.c:209:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char outname[FNMAX];
data/pngcheck-2.3.0/gpl/png-fix-IDAT-windowsize.c:226:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((infile = fopen(filename, "rb")) == NULL) {
data/pngcheck-2.3.0/gpl/png-fix-IDAT-windowsize.c:246:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(outname+fnlen-4, "-fixed.png");
data/pngcheck-2.3.0/gpl/png-fix-IDAT-windowsize.c:248:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(outname+fnlen, "-fixed.png");
data/pngcheck-2.3.0/gpl/png-fix-IDAT-windowsize.c:250:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if ((outfile = fopen(outname, "rb")) != NULL) {
data/pngcheck-2.3.0/gpl/png-fix-IDAT-windowsize.c:571:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((outfile = fopen(outname, "wb")) == NULL) {
data/pngcheck-2.3.0/gpl/png-fix-IDAT-windowsize.c:635:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char str[5];
data/pngcheck-2.3.0/gpl/pngsplit.c:269:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((infile = fopen(filename, "rb")) == NULL) {
data/pngcheck-2.3.0/gpl/pngsplit.c:392:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char str[5];
data/pngcheck-2.3.0/gpl/pngsplit.c:425:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char outname[FNMAX];
data/pngcheck-2.3.0/gpl/pngsplit.c:439:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(outname+baselen, ".0000.sig");
data/pngcheck-2.3.0/gpl/pngsplit.c:445:28:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if ((outfile = fopen(outname, "rb")) != NULL) {
data/pngcheck-2.3.0/gpl/pngsplit.c:454:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if ((outfile = fopen(outname, "wb")) == NULL) {
data/pngcheck-2.3.0/pngcheck.c:689:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      } else if ((fp = fopen(fname, "rb")) == NULL) {
data/pngcheck-2.3.0/pngcheck.c:1020:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char chunkid[5] = {'\0', '\0', '\0', '\0', '\0'};
data/pngcheck-2.3.0/pngcheck.c:4734:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[1024], *szdot;
data/pngcheck-2.3.0/pngcheck.c:4744:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(szdot, "-%d", ipng);
data/pngcheck-2.3.0/pngcheck.c:4747:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(name, "PNG%d", ipng);
data/pngcheck-2.3.0/pngcheck.c:4753:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(szdot, ".png");
data/pngcheck-2.3.0/pngcheck.c:4754:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fpOut = fopen(name, "wb");
data/pngcheck-2.3.0/gpl/png-fix-IDAT-windowsize.c:236:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    fnlen = strlen(filename);
data/pngcheck-2.3.0/gpl/png-fix-IDAT-windowsize.c:244:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(outname, filename, fnlen);
data/pngcheck-2.3.0/gpl/pngsplit.c:275:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    fnlen = strlen(filename);
data/pngcheck-2.3.0/gpl/pngsplit.c:436:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(outname, basename, baselen);
data/pngcheck-2.3.0/pngcheck.c:844:14:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if ((c = fgetc(fp)) == EOF) {
data/pngcheck-2.3.0/pngcheck.c:1127:15:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((c = fgetc(fp)) != EOF) {
data/pngcheck-2.3.0/pngcheck.c:4739:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(name, fname, 1024-20);
data/pngcheck-2.3.0/pngcheck.c:4743:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    szdot = name + strlen(name);
data/pngcheck-2.3.0/pngcheck.c:4752:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    szdot += strlen(szdot);
data/pngcheck-2.3.0/pngcheck.c:4797:10:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ch = getc(fp);
data/pngcheck-2.3.0/pngcheck.c:4799:17:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if ((ch = getc(fp)) == good_PNG_magic[1] &&
data/pngcheck-2.3.0/pngcheck.c:4800:17:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          (ch = getc(fp)) == good_PNG_magic[2] &&
data/pngcheck-2.3.0/pngcheck.c:4801:17:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          (ch = getc(fp)) == good_PNG_magic[3] &&
data/pngcheck-2.3.0/pngcheck.c:4802:17:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          (ch = getc(fp)) == good_PNG_magic[4] &&
data/pngcheck-2.3.0/pngcheck.c:4803:17:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          (ch = getc(fp)) == good_PNG_magic[5] &&
data/pngcheck-2.3.0/pngcheck.c:4804:17:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          (ch = getc(fp)) == good_PNG_magic[6] &&
data/pngcheck-2.3.0/pngcheck.c:4805:17:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          (ch = getc(fp)) == good_PNG_magic[7])

ANALYSIS SUMMARY:

Hits = 39
Lines analyzed = 6254 in approximately 0.24 seconds (25894 lines/second)
Physical Source Lines of Code (SLOC) = 4931
Hits@level = [0] 677 [1]  17 [2]  20 [3]   0 [4]   2 [5]   0
Hits@level+ = [0+] 716 [1+]  39 [2+]  22 [3+]   2 [4+]   2 [5+]   0
Hits/KSLOC@level+ = [0+] 145.204 [1+] 7.90915 [2+] 4.46157 [3+] 0.405597 [4+] 0.405597 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.