Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/yorick-z-1.2.0+cvs20080115/ypng.c
Examining data/yorick-z-1.2.0+cvs20080115/spng.c
Examining data/yorick-z-1.2.0+cvs20080115/yjpeg.c
Examining data/yorick-z-1.2.0+cvs20080115/yavcodec.h
Examining data/yorick-z-1.2.0+cvs20080115/spng.h
Examining data/yorick-z-1.2.0+cvs20080115/ympeg.c
Examining data/yorick-z-1.2.0+cvs20080115/yzlib.c
FINAL RESULTS:
data/yorick-z-1.2.0+cvs20080115/spng.c:587:9: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(k, info->keytxt[i+i], PNG_KEYWORD_MAX_LENGTH);
data/yorick-z-1.2.0+cvs20080115/spng.c:294:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (key && info->purpose) strcpy(info->purpose, key);
data/yorick-z-1.2.0+cvs20080115/spng.c:295:32: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (unit && info->punit) strcpy(info->punit, unit);
data/yorick-z-1.2.0+cvs20080115/spng.c:133:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rb");
data/yorick-z-1.2.0+cvs20080115/spng.c:427:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "wb");
data/yorick-z-1.2.0+cvs20080115/spng.c:537:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p0[20], p1[20], p2[20], p3[20];
data/yorick-z-1.2.0+cvs20080115/spng.c:539:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *params[4];
data/yorick-z-1.2.0+cvs20080115/spng.c:544:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(params[0], "%.10e", info->p[0]);
data/yorick-z-1.2.0+cvs20080115/spng.c:545:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(params[1], "%.10e", info->p[1]);
data/yorick-z-1.2.0+cvs20080115/spng.c:546:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (np>2) sprintf(params[2], "%.10e", info->p[2]);
data/yorick-z-1.2.0+cvs20080115/spng.c:547:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (np>3) sprintf(params[3], "%.10e", info->p[3]);
data/yorick-z-1.2.0+cvs20080115/spng.c:581:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char k[PNG_KEYWORD_MAX_LENGTH+1];
data/yorick-z-1.2.0+cvs20080115/spng.h:59:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[96]; /* error or first warning message */
data/yorick-z-1.2.0+cvs20080115/yjpeg.c:39:43: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file = (filename && filename[0])? fopen(filename, "rb") : 0;
data/yorick-z-1.2.0+cvs20080115/yjpeg.c:153:43: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file = (filename && filename[0])? fopen(filename, "wb") : 0;
data/yorick-z-1.2.0+cvs20080115/yjpeg.c:204:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[16+JMSG_LENGTH_MAX];
data/yorick-z-1.2.0+cvs20080115/yjpeg.c:206:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg, "jpeg_read: ");
data/yorick-z-1.2.0+cvs20080115/yjpeg.c:210:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg, "jpeg_write: ");
data/yorick-z-1.2.0+cvs20080115/ympeg.c:133:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = (name && name[0])? fopen(name, "w") : 0;
data/yorick-z-1.2.0+cvs20080115/yzlib.c:240:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char junk[4];
data/yorick-z-1.2.0+cvs20080115/yzlib.c:375:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char junk[4];
data/yorick-z-1.2.0+cvs20080115/spng.c:285:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenk = key? strlen(key) : 0;
data/yorick-z-1.2.0+cvs20080115/spng.c:286:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenu = unit? strlen(unit) : 0;
data/yorick-z-1.2.0+cvs20080115/spng.c:362:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(info->keytxt[i+i], ptext[i].key, len);
data/yorick-z-1.2.0+cvs20080115/spng.c:370:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(info->keytxt[i+i+1], ptext[i].text, len);
data/yorick-z-1.2.0+cvs20080115/spng.c:588:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = info->keytxt[i+i+1]? strlen(info->keytxt[i+i+1]) : 0;
data/yorick-z-1.2.0+cvs20080115/spng.c:663:28: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
if (!id->info->msg[0]) strncat(id->info->msg, msg, 95);
data/yorick-z-1.2.0+cvs20080115/spng.c:674:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(id->info->msg, msg, 95);
data/yorick-z-1.2.0+cvs20080115/yjpeg.c:186:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jpeg_write_marker(&jpeg, JPEG_COM, (JOCTET *)com[i], strlen(com[i])+1);
ANALYSIS SUMMARY:
Hits = 29
Lines analyzed = 2530 in approximately 0.10 seconds (26226 lines/second)
Physical Source Lines of Code (SLOC) = 2004
Hits@level = [0] 0 [1] 8 [2] 18 [3] 0 [4] 2 [5] 1
Hits@level+ = [0+] 29 [1+] 29 [2+] 21 [3+] 3 [4+] 3 [5+] 1
Hits/KSLOC@level+ = [0+] 14.4711 [1+] 14.4711 [2+] 10.479 [3+] 1.49701 [4+] 1.49701 [5+] 0.499002
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.