Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pxljr-1.4+repack0/i_compress.c
Examining data/pxljr-1.4+repack0/i_exit.c
Examining data/pxljr-1.4+repack0/i_init.c
Examining data/pxljr-1.4+repack0/i_job_footer.c
Examining data/pxljr-1.4+repack0/i_job_header.c
Examining data/pxljr-1.4+repack0/i_job_info.h
Examining data/pxljr-1.4+repack0/i_main.c
Examining data/pxljr-1.4+repack0/i_page_footer.c
Examining data/pxljr-1.4+repack0/i_page_header.c
Examining data/pxljr-1.4+repack0/i_status.c
Examining data/pxljr-1.4+repack0/i_stripe.c
Examining data/pxljr-1.4+repack0/i_write.c
Examining data/pxljr-1.4+repack0/jccolor.c
Examining data/pxljr-1.4+repack0/jdatadbf.c
Examining data/pxljr-1.4+repack0/jinclude.h
Examining data/pxljr-1.4+repack0/jpeg_jcs.h
Examining data/pxljr-1.4+repack0/jpegint.h
Examining data/pxljr-1.4+repack0/mode12.h
Examining data/pxljr-1.4+repack0/mode12color.c
Examining data/pxljr-1.4+repack0/mode12gray.c
Examining data/pxljr-1.4+repack0/pxl_jpeg.c
Examining data/pxljr-1.4+repack0/pxl_jpeg_header.h
Examining data/pxljr-1.4+repack0/pxl_macros.h
Examining data/pxljr-1.4+repack0/pxl_mediasize.c
Examining data/pxljr-1.4+repack0/pxl_mediasize.h
FINAL RESULTS:
data/pxljr-1.4+repack0/mode12color.c:162:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (GHOSTPCL_DEBUG) fprintf(stderr, (pixel_src == eeNewPixel ? " have_pixels " : " no_pixels "));
data/pxljr-1.4+repack0/mode12gray.c:158:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (GHOSTPCL_DEBUG) fprintf(stderr, (pixel_src == eeNewPixel ? " have_pixels " : " no_pixels "));
data/pxljr-1.4+repack0/i_job_footer.c:38:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[256];
data/pxljr-1.4+repack0/i_job_footer.c:43:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "%c",
data/pxljr-1.4+repack0/i_job_footer.c:46:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "\x01b%%-12345X@PJL EOJ\x00a");
data/pxljr-1.4+repack0/i_job_footer.c:47:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "\x01b%%-12345X");
data/pxljr-1.4+repack0/i_job_header.c:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[256];
data/pxljr-1.4+repack0/i_job_header.c:62:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "\x01b%%-12345X@PJL SET STRINGCODESET=UTF8\x00a");
data/pxljr-1.4+repack0/i_job_header.c:66:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "@PJL SET PLANESINUSE=1\x00a");
data/pxljr-1.4+repack0/i_job_header.c:69:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "@PJL SET COPIES=%d\x00a",job_info->copies);
data/pxljr-1.4+repack0/i_job_header.c:71:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "@PJL SET DUPLEX=ON\x00d\x00a");
data/pxljr-1.4+repack0/i_job_header.c:73:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "@PJL SET BINDING=SHORTEDGE\x00d\x00a");
data/pxljr-1.4+repack0/i_job_header.c:75:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "@PJL SET BINDING=LONGEDGE\x00d\x00a");
data/pxljr-1.4+repack0/i_job_header.c:78:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "@PJL SET DUPLEX=OFF\x00d\x00a");
data/pxljr-1.4+repack0/i_job_header.c:80:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "@PJL SET RESOLUTION=600\x00a");
data/pxljr-1.4+repack0/i_job_header.c:81:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "@PJL SET TIMEOUT=90\x00a");
data/pxljr-1.4+repack0/i_job_header.c:82:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "@PJL ENTER LANGUAGE=PCLXL\x00a");
data/pxljr-1.4+repack0/i_job_header.c:83:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, ") HP-PCL XL;3;0;Comment, PCL-XL JetReady generator\x00a");
data/pxljr-1.4+repack0/i_job_header.c:86:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c",
data/pxljr-1.4+repack0/i_job_info.h:60:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cached_color[3];
data/pxljr-1.4+repack0/i_main.c:97:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val_buf, param_list, size);
data/pxljr-1.4+repack0/i_main.c:132:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val_buf, val, size);
data/pxljr-1.4+repack0/i_main.c:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/pxljr-1.4+repack0/i_main.c:156:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, val, i);
data/pxljr-1.4+repack0/i_main.c:165:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, val + i + 1, size - i - 1);
data/pxljr-1.4+repack0/i_main.c:211:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pl->key, key, key_len + 1);
data/pxljr-1.4+repack0/i_main.c:220:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pl->value, value, value_size);
data/pxljr-1.4+repack0/i_main.c:267:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/pxljr-1.4+repack0/i_main.c:276:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val_buf, curs->value, curs->value_size);
data/pxljr-1.4+repack0/i_main.c:288:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%gx%g", printable[off + 0], printable[off + 1]);
data/pxljr-1.4+repack0/i_main.c:315:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val_buf, val, size);
data/pxljr-1.4+repack0/i_main.c:326:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/pxljr-1.4+repack0/i_main.c:332:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, value, value_size);
data/pxljr-1.4+repack0/i_main.c:398:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (result, curs->value, curs->value_size);
data/pxljr-1.4+repack0/i_main.c:435:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
job_info->outfile = fdopen (atoi (fn), "w");
data/pxljr-1.4+repack0/i_main.c:440:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
job_info->outfile = fopen (fn, "w");
data/pxljr-1.4+repack0/i_main.c:538:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
job_info->copies = atoi(s);
data/pxljr-1.4+repack0/i_main.c:595:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int quality = atoi(s);
data/pxljr-1.4+repack0/i_main.c:808:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr_row_current, ptr_row_prev, bytes_per_row_padded); /* repeat last line */
data/pxljr-1.4+repack0/i_page_footer.c:38:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[256];
data/pxljr-1.4+repack0/i_page_footer.c:44:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c",
data/pxljr-1.4+repack0/i_page_footer.c:49:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "%c",
data/pxljr-1.4+repack0/i_page_header.c:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[256];
data/pxljr-1.4+repack0/i_page_header.c:55:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c",
data/pxljr-1.4+repack0/i_page_header.c:64:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[8];
data/pxljr-1.4+repack0/i_page_header.c:68:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &x, 4);
data/pxljr-1.4+repack0/i_page_header.c:69:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + 4 , &y, 4);
data/pxljr-1.4+repack0/i_page_header.c:70:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c",
data/pxljr-1.4+repack0/i_page_header.c:79:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "%c%c%c%c%c%c%c%c",
data/pxljr-1.4+repack0/i_page_header.c:83:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "%c%c%c%c%c%c%c%c",
data/pxljr-1.4+repack0/i_page_header.c:89:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "%c%c%c%c%c",
data/pxljr-1.4+repack0/i_page_header.c:95:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "%c%c%c%c%c",
data/pxljr-1.4+repack0/i_page_header.c:100:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c",
data/pxljr-1.4+repack0/i_page_header.c:119:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[4] = {uint32_conv(job_info->cinfo->quant_tbl_ptrs[i]->quantval[j])};
data/pxljr-1.4+repack0/i_stripe.c:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[256];
data/pxljr-1.4+repack0/i_stripe.c:45:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c",
data/pxljr-1.4+repack0/i_stripe.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[256];
data/pxljr-1.4+repack0/i_stripe.c:71:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "%c%c",
data/pxljr-1.4+repack0/i_stripe.c:74:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ts += sprintf(ts, "%c%c%c%c", uint32_conv(*(job_info->buffersize) - 2));
data/pxljr-1.4+repack0/jinclude.h:62:32: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define MEMCOPY(dest,src,size) bcopy((const void *)(src), (void *)(dest), (size_t)(size))
data/pxljr-1.4+repack0/jinclude.h:68:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define MEMCOPY(dest,src,size) memcpy((void *)(dest), (const void *)(src), (size_t)(size))
data/pxljr-1.4+repack0/mode12color.c:92:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rle[PIXELWIDTH];
data/pxljr-1.4+repack0/mode12color.c:97:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rle, diff_start, PIXELWIDTH);
data/pxljr-1.4+repack0/mode12color.c:111:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cached_color, rle, PIXELWIDTH);
data/pxljr-1.4+repack0/mode12color.c:116:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cached_color, rle, PIXELWIDTH);
data/pxljr-1.4+repack0/mode12color.c:167:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cached_color, diff_start, PIXELWIDTH);
data/pxljr-1.4+repack0/i_main.c:91:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int size = strlen (param_list);
data/pxljr-1.4+repack0/i_main.c:128:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int size = strlen (val);
data/pxljr-1.4+repack0/i_main.c:197:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int key_len = strlen (key);
data/pxljr-1.4+repack0/i_main.c:310:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int size = strlen (val);
data/pxljr-1.4+repack0/i_main.c:356:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
code = set_param (ppl, "Dpi", s, strlen (s));
data/pxljr-1.4+repack0/i_main.c:484:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
code = i_parse_wxh (s, strlen(s), &width, &height);
ANALYSIS SUMMARY:
Hits = 72
Lines analyzed = 3501 in approximately 0.14 seconds (25463 lines/second)
Physical Source Lines of Code (SLOC) = 1968
Hits@level = [0] 46 [1] 6 [2] 64 [3] 0 [4] 2 [5] 0
Hits@level+ = [0+] 118 [1+] 72 [2+] 66 [3+] 2 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 59.9593 [1+] 36.5854 [2+] 33.5366 [3+] 1.01626 [4+] 1.01626 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.