Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/rasterview-1.7.1/RasterDisplay.h Examining data/rasterview-1.7.1/RasterView.cxx Examining data/rasterview-1.7.1/RasterView.h Examining data/rasterview-1.7.1/error.c Examining data/rasterview-1.7.1/main.cxx Examining data/rasterview-1.7.1/raster.c Examining data/rasterview-1.7.1/raster.h Examining data/rasterview-1.7.1/testcie.c Examining data/rasterview-1.7.1/RasterDisplay.cxx FINAL RESULTS: data/rasterview-1.7.1/RasterView.cxx:1190:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(s, sizeof(s), "%s - " VERSION, base); data/rasterview-1.7.1/error.c:68:11: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. bytes = vsnprintf(s, sizeof(s), f, ap); data/rasterview-1.7.1/RasterDisplay.cxx:564:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(D, inptr, (size_t)W * bpp); data/rasterview-1.7.1/RasterDisplay.cxx:622:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[256], // Key string data/rasterview-1.7.1/RasterDisplay.cxx:656:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bytes[sizeof(int)]; data/rasterview-1.7.1/RasterDisplay.cxx:1240:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[256], // Key string data/rasterview-1.7.1/RasterDisplay.cxx:3403:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(colors, line, w * 3); data/rasterview-1.7.1/RasterDisplay.cxx:3404:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pixels, line, w * 3); data/rasterview-1.7.1/RasterDisplay.cxx:4737:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(colors, line, w); data/rasterview-1.7.1/RasterDisplay.cxx:4738:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pixels, line, w); data/rasterview-1.7.1/RasterView.cxx:178:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(view->pixel_, " -/=/0/1/2/3/4 to zoom"); data/rasterview-1.7.1/RasterView.cxx:181:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(view->pixel_, " "); data/rasterview-1.7.1/RasterView.cxx:190:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(ptr, " :"); data/rasterview-1.7.1/RasterView.cxx:308:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). view->display_->page(atoi(view->page_input_->value())); data/rasterview-1.7.1/RasterView.cxx:533:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[1024]; // Line buffer data/rasterview-1.7.1/RasterView.cxx:955:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[255]; data/rasterview-1.7.1/RasterView.cxx:1023:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[1]; // Argument data/rasterview-1.7.1/RasterView.cxx:1168:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[1024]; // String data/rasterview-1.7.1/RasterView.h:38:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pixel_[1024]; // Current pixel value data/rasterview-1.7.1/error.c:61:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[2048]; /* Message string */ data/rasterview-1.7.1/error.c:114:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf->current, s, (size_t)bytes); data/rasterview-1.7.1/raster.c:576:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char header[8]; /* File header */ data/rasterview-1.7.1/raster.c:676:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(h, &(r->header), sizeof(cups_page_header_t)); data/rasterview-1.7.1/raster.c:719:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(h, &(r->header), sizeof(cups_page_header2_t)); data/rasterview-1.7.1/raster.c:919:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, temp - r->bpp, r->bpp); data/rasterview-1.7.1/raster.c:961:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, ptr, (size_t)bytes); data/rasterview-1.7.1/raster.c:972:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, r->pcurrent, (size_t)bytes); data/rasterview-1.7.1/raster.c:1028:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(r->header), h, sizeof(cups_page_header_t)); data/rasterview-1.7.1/raster.c:1120:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, sizeof(fh.cupsReal) + sizeof(fh.cupsString)); data/rasterview-1.7.1/raster.c:1137:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char appleheader[32]; /* Raw page header */ data/rasterview-1.7.1/raster.c:1224:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(r->header), h, sizeof(cups_page_header2_t)); data/rasterview-1.7.1/raster.c:1310:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char appleheader[32]; /* Raw page header */ data/rasterview-1.7.1/raster.c:1513:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->pcurrent, p, (size_t)bytes); data/rasterview-1.7.1/raster.c:1623:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char appleheader[32]; /* Raw header */ data/rasterview-1.7.1/raster.c:1876:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, r->bufptr, (size_t)count); data/rasterview-1.7.1/raster.c:2060:28: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. cf = (_cups_copyfunc_t)memcpy; data/rasterview-1.7.1/raster.h:249:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char MediaClass[64]; /* MediaClass string */ data/rasterview-1.7.1/raster.h:250:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char MediaColor[64]; /* MediaColor string */ data/rasterview-1.7.1/raster.h:251:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char MediaType[64]; /* MediaType string */ data/rasterview-1.7.1/raster.h:252:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char OutputType[64]; /* OutputType string */ data/rasterview-1.7.1/raster.h:298:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char MediaClass[64]; /* MediaClass string */ data/rasterview-1.7.1/raster.h:299:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char MediaColor[64]; /* MediaColor string */ data/rasterview-1.7.1/raster.h:300:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char MediaType[64]; /* MediaType string */ data/rasterview-1.7.1/raster.h:301:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char OutputType[64]; /* OutputType string */ data/rasterview-1.7.1/raster.h:353:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cupsString[16][64]; /* User-defined string values @since CUPS 1.2/macOS 10.5@ */ data/rasterview-1.7.1/raster.h:354:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cupsMarkerType[64]; /* Ink/toner type @since CUPS 1.2/macOS 10.5@ */ data/rasterview-1.7.1/raster.h:355:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cupsRenderingIntent[64];/* Color rendering intent @since CUPS 1.2/macOS 10.5@ */ data/rasterview-1.7.1/raster.h:356:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cupsPageSizeName[64]; /* PageSize name @since CUPS 1.2/macOS 10.5@ */ data/rasterview-1.7.1/testcie.c:430:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rgbval[3], data/rasterview-1.7.1/testcie.c:438:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rgb[3]; data/rasterview-1.7.1/RasterView.cxx:187:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen(ptr); data/rasterview-1.7.1/raster.c:1061:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(fh.MediaClass, "PwgRaster", sizeof(fh.MediaClass) - 1); data/rasterview-1.7.1/raster.c:1063:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fh.MediaColor, r->header.MediaColor, sizeof(fh.MediaColor) - 1); data/rasterview-1.7.1/raster.c:1064:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fh.MediaType, r->header.MediaType, sizeof(fh.MediaType) - 1); data/rasterview-1.7.1/raster.c:1065:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fh.OutputType, r->header.OutputType, sizeof(fh.OutputType) - 1); data/rasterview-1.7.1/raster.c:1123:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fh.cupsRenderingIntent, r->header.cupsRenderingIntent, data/rasterview-1.7.1/raster.c:1125:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fh.cupsPageSizeName, r->header.cupsPageSizeName, data/rasterview-1.7.1/raster.c:1256:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(fh.MediaClass, "PwgRaster", sizeof(fh.MediaClass) - 1); data/rasterview-1.7.1/raster.c:1257:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fh.MediaColor, r->header.MediaColor, sizeof(fh.MediaColor) - 1); data/rasterview-1.7.1/raster.c:1258:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fh.MediaType, r->header.MediaType, sizeof(fh.MediaType) - 1); data/rasterview-1.7.1/raster.c:1259:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fh.OutputType, r->header.OutputType, sizeof(fh.OutputType) - 1); data/rasterview-1.7.1/raster.c:1260:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fh.cupsRenderingIntent, r->header.cupsRenderingIntent, data/rasterview-1.7.1/raster.c:1262:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fh.cupsPageSizeName, r->header.cupsPageSizeName, data/rasterview-1.7.1/raster.c:1651:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(r->header.MediaClass, "PwgRaster", sizeof(r->header.MediaClass) - 1); data/rasterview-1.7.1/raster.c:2176:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((count = read(fd, buf, (unsigned)bytes)) < 0) data/rasterview-1.7.1/raster.c:2178:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((count = read(fd, buf, bytes)) < 0) ANALYSIS SUMMARY: Hits = 66 Lines analyzed = 10669 in approximately 0.24 seconds (44427 lines/second) Physical Source Lines of Code (SLOC) = 7888 Hits@level = [0] 158 [1] 16 [2] 48 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 224 [1+] 66 [2+] 50 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 28.3976 [1+] 8.36714 [2+] 6.33874 [3+] 0.25355 [4+] 0.25355 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.