Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/aaphoto-0.45/aaresize.c
Examining data/aaphoto-0.45/aargb.c
Examining data/aaphoto-0.45/aaphoto.c
Examining data/aaphoto-0.45/aaio.c
FINAL RESULTS:
data/aaphoto-0.45/aaio.c:354:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fhandle = fopen(file_name, "rb");
data/aaphoto-0.45/aaio.c:369:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fpath [max_char];
data/aaphoto-0.45/aaio.c:370:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname [max_char];
data/aaphoto-0.45/aaio.c:371:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fext [max_char];
data/aaphoto-0.45/aaio.c:454:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fext[max_char];
data/aaphoto-0.45/aaio.c:455:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fextl[max_char];
data/aaphoto-0.45/aaio.c:512:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name_new [max_char];
data/aaphoto-0.45/aaio.c:647:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fhandle = fopen(file_name, "rb");
data/aaphoto-0.45/aaio.c:784:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fhandle = fopen(file_name, "wb+");
data/aaphoto-0.45/aaio.c:816:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fhandle = fopen(file_name, "rb+");
data/aaphoto-0.45/aaio.c:857:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fhandle = fopen(file_name, "rb");
data/aaphoto-0.45/aaio.c:1195:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fhandle = fopen(file_name, "wb");
data/aaphoto-0.45/aaio.c:1232:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sig[8];
data/aaphoto-0.45/aaio.c:1237:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fhandle = fopen(file_name, "rb");
data/aaphoto-0.45/aaio.c:1596:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fhandle = fopen(file_name, "wb");
data/aaphoto-0.45/aaio.c:1665:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((infile = fopen(file_name, "rb")) == NULL) { return 1; }
data/aaphoto-0.45/aaio.c:1775:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((outfile = fopen(file_name, "a+b")) == NULL) { return 1; } }
data/aaphoto-0.45/aaio.c:1777:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((outfile = fopen(file_name, "wb")) == NULL) { return 1; } }
data/aaphoto-0.45/aaio.c:1880:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fhandle = fopen(file_name, "rb");
data/aaphoto-0.45/aaphoto.c:217:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opt_output_path [max_char];
data/aaphoto-0.45/aaphoto.c:459:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name_new [max_char];
data/aaphoto-0.45/aaphoto.c:718:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num [8+1];
data/aaphoto-0.45/aaphoto.c:739:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num [8+1];
data/aaphoto-0.45/aaphoto.c:777:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num [8+1];
data/aaphoto-0.45/aaphoto.c:804:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num [8+1];
data/aaphoto-0.45/aaphoto.c:848:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num [16+1];
data/aaphoto-0.45/aaphoto.c:881:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num [16+1] = "";
data/aaphoto-0.45/aaphoto.c:1018:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tt[max_char];
data/aaphoto-0.45/aaio.c:663:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch1 = fgetc(fhandle);
data/aaphoto-0.45/aaio.c:664:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch2 = fgetc(fhandle);
data/aaphoto-0.45/aaio.c:678:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch1 = fgetc(fhandle);
data/aaphoto-0.45/aaio.c:679:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch2 = fgetc(fhandle);
data/aaphoto-0.45/aaio.c:690:23: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch1 = fgetc(fhandle);
data/aaphoto-0.45/aaio.c:691:23: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch2 = fgetc(fhandle);
data/aaphoto-0.45/aaio.c:704:23: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch1 = fgetc(fhandle);
data/aaphoto-0.45/aaio.c:705:23: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch2 = fgetc(fhandle);
data/aaphoto-0.45/aaio.c:710:23: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch1 = fgetc(fhandle);
data/aaphoto-0.45/aaio.c:711:23: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch2 = fgetc(fhandle);
data/aaphoto-0.45/aaio.c:716:23: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch1 = fgetc(fhandle);
data/aaphoto-0.45/aaio.c:717:23: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch2 = fgetc(fhandle);
data/aaphoto-0.45/aaio.c:725:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch1 = fgetc(fhandle);
data/aaphoto-0.45/aaio.c:726:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch2 = fgetc(fhandle);
ANALYSIS SUMMARY:
Hits = 42
Lines analyzed = 5487 in approximately 0.16 seconds (33959 lines/second)
Physical Source Lines of Code (SLOC) = 3423
Hits@level = [0] 11 [1] 14 [2] 28 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 53 [1+] 42 [2+] 28 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 15.4835 [1+] 12.2699 [2+] 8.17996 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.