Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype2.cpp Examining data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype.h Examining data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype.cpp Examining data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype2.h Examining data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.h Examining data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_line_profile_aa.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_arc.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_bezier_arc.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_vcgen_smooth_poly1.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_line_aa_basics.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_rounded_rect.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_vcgen_dash.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_trans_single_path.cpp Examining data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp Examining data/agg-2.6.1-r134+dfsg1/src/platform/BeOS/agg_platform_support.cpp Examining data/agg-2.6.1-r134+dfsg1/src/platform/AmigaOS/agg_platform_support.cpp Examining data/agg-2.6.1-r134+dfsg1/src/platform/mac/agg_platform_support.cpp Examining data/agg-2.6.1-r134+dfsg1/src/platform/mac/agg_mac_pmap.cpp Examining data/agg-2.6.1-r134+dfsg1/src/platform/sdl/agg_platform_support.cpp Examining data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp Examining data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_win32_bmp.cpp Examining data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_scale_ctrl.cpp Examining data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_spline_ctrl.cpp Examining data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_gamma_ctrl.cpp Examining data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_rbox_ctrl.cpp Examining data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_bezier_ctrl.cpp Examining data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_cbox_ctrl.cpp Examining data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_slider_ctrl.cpp Examining data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_polygon_ctrl.cpp Examining data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_gamma_spline.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_embedded_raster_fonts.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_vpgen_clip_polyline.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_color_rgba.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_vcgen_contour.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_arrowhead.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_vpgen_segmentator.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_image_filters.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_trans_double_path.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_trans_affine.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_gsv_text.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_trans_warp_magnifier.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_sqrt_tables.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_bspline.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_vpgen_clip_polygon.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_vcgen_bspline.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_vcgen_stroke.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_vcgen_markers_term.cpp Examining data/agg-2.6.1-r134+dfsg1/src/agg_curves.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/rasterizers2.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/alpha_mask.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/win32_api/pure_api/resource.h Examining data/agg-2.6.1-r134+dfsg1/examples/win32_api/pure_api/pure_api.h Examining data/agg-2.6.1-r134+dfsg1/examples/win32_api/pure_api/StdAfx.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/win32_api/pure_api/StdAfx.h Examining data/agg-2.6.1-r134+dfsg1/examples/win32_api/pure_api/pure_api.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/multi_clip.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/gouraud.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/image_resample.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/freetype_test.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/lion.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/scanline_boolean.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/circles.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/component_rendering.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/gpc_test.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/blur.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/gamma_tuner.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/gamma_ctrl.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/pixel_formats.h Examining data/agg-2.6.1-r134+dfsg1/examples/rounded_rect.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/gradients.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/image_alpha.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_renderer.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_tokenizer.h Examining data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/svg_test.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_parser.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_tokenizer.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_parser.h Examining data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_renderer.h Examining data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_exception.h Examining data/agg-2.6.1-r134+dfsg1/examples/raster_text.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/aa_test.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/image_perspective.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/image_transforms.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/pattern_resample.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/line_thickness.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/image_fltr_graph.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/perspective.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/blend_color.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/conv_stroke.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/conv_dash_marker.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/rasterizer_compound.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/trans_curve1.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/bezier_div.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/interactive_polygon.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/distortions.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/alpha_mask2.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/trans_curve1_ft.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/gradients_contour.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/line_patterns_clip.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/gamma_correction.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/trans_polar.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/simple_blur.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/lion_lens.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/image1.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/trans_curve2_ft.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/make_arrows.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/trans_curve2.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/rasterizers.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/gradient_focal.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/alpha_gradient.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/pattern_fill.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/agg2d_demo.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/make_gb_poly.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/image_filters2.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/compositing.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/idea.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/compositing2.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/image_filters.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/interactive_polygon.h Examining data/agg-2.6.1-r134+dfsg1/examples/gouraud_mesh.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/parse_lion.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/bspline.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/aa_demo.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/scanline_boolean2.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/pattern_perspective.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/graph_test.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/polymorphic_renderer.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/lion_outline.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/truetype_test.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/alpha_mask3.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/line_patterns.cpp Examining data/agg-2.6.1-r134+dfsg1/examples/conv_contour.cpp Examining data/agg-2.6.1-r134+dfsg1/include/agg_math_stroke.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_renderer_outline_image.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_scanline_storage_bin.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_vpgen_segmentator.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_bspline.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_marker.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_pattern_rgb.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_interpolator_persp.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_concat.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_clip_polyline.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_pattern_filters_rgba.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_renderer_outline_aa.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_allocator.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_basics.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_pixfmt_transposer.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_interpolator_adaptor.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_renderer_mclip.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_rasterizer_sl_clip.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_dash.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_pixfmt_amask_adaptor.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_pixfmt_gray.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_renderer_markers.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_scanline_u.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_pixfmt_base.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_line_aa_basics.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_gsv_text.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_gradient_lut.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_image_filter_rgba.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_dda_line.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_gamma_functions.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_curve.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_vcgen_bspline.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_bounding_rect.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_vcgen_stroke.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_scanline_bin.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_transform.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_simul_eq.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_config.h Examining data/agg-2.6.1-r134+dfsg1/include/platform/agg_platform_support.h Examining data/agg-2.6.1-r134+dfsg1/include/platform/mac/agg_mac_pmap.h Examining data/agg-2.6.1-r134+dfsg1/include/platform/win32/agg_win32_bmp.h Examining data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_spline_ctrl.h Examining data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_slider_ctrl.h Examining data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_rbox_ctrl.h Examining data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_polygon_ctrl.h Examining data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_ctrl.h Examining data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_gamma_ctrl.h Examining data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_bezier_ctrl.h Examining data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_scale_ctrl.h Examining data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_cbox_ctrl.h Examining data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_gamma_spline.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_bitset_iterator.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_stroke.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_contour.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_path_length.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_math.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_gouraud_rgba.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_trans_affine.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_image_filter.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_color_gray.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_unclose_polygon.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_marker_adaptor.h Examining data/agg-2.6.1-r134+dfsg1/include/util/agg_color_conv_rgb16.h Examining data/agg-2.6.1-r134+dfsg1/include/util/agg_color_conv.h Examining data/agg-2.6.1-r134+dfsg1/include/util/agg_color_conv_rgb8.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_image_filter_gray.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_shorten_path.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_clip_liang_barsky.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_trans_single_path.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_scanline_storage_aa.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_rendering_buffer_dynarow.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_rasterizer_outline_aa.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_smooth_poly1.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_rasterizer_scanline_aa_nogamma.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_rasterizer_scanline_aa.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_renderer_primitives.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_vertex_sequence.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_bspline.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_path_storage_integer.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_subdiv_adaptor.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_image_filters.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_interpolator_linear.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_interpolator_trans.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_ellipse.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_gouraud_gray.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_vpgen_clip_polyline.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_vcgen_contour.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_ellipse_bresenham.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_pixfmt_rgb_packed.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_pixfmt_rgb.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_renderer_scanline.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_arc.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_glyph_raster_bin.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_rasterizer_cells_aa.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_vcgen_vertex_sequence.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_rasterizer_outline.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_shorten_path.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_vpgen_clip_polygon.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_path_storage.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_trans_bilinear.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_gouraud.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_renderer_base.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_pattern_rgba.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_clip_polygon.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_solid.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_image_filter_rgb.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_gamma_lut.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_rendering_buffer.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_converter.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_pattern_gray.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_alpha_mask_u8.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_gradient.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_embedded_raster_fonts.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_scanline_boolean_algebra.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_renderer_raster_text.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_bezier_arc.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_trans_viewport.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_trans_warp_magnifier.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_gradient_alpha.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_vcgen_markers_term.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_image_accessors.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_trans_perspective.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_segmentator.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_rasterizer_compound_aa.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_font_cache_manager2.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_color_rgba.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_gradient_image.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_rounded_rect.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_trans_double_path.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_adaptor_vcgen.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_font_cache_manager.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_adaptor_vpgen.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_blur.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_curves.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_pixfmt_rgba.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_arrowhead.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_vcgen_smooth_poly1.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_gradient_contour.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_scanline_p.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_array.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_close_polygon.h Examining data/agg-2.6.1-r134+dfsg1/include/agg_vcgen_dash.h FINAL RESULTS: data/agg-2.6.1-r134+dfsg1/examples/agg2d_demo.cpp:396:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s%s. Download http://www.antigrain.com/%s%s\n" data/agg-2.6.1-r134+dfsg1/examples/agg2d_demo.cpp:402:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s%s", img_name, app.img_ext()); data/agg-2.6.1-r134+dfsg1/examples/compositing.cpp:354:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s%s. Download http://www.antigrain.com/%s%s\n" data/agg-2.6.1-r134+dfsg1/examples/compositing.cpp:360:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s%s", img_name, app.img_ext()); data/agg-2.6.1-r134+dfsg1/examples/distortions.cpp:689:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s%s. Download http://www.antigrain.com/%s%s\n" data/agg-2.6.1-r134+dfsg1/examples/distortions.cpp:695:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s%s", img_name, app.img_ext()); data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:538:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s. Download http://www.antigrain.com/%s\n" data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:544:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s", fname); data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:512:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s. Download http://www.antigrain.com/%s\n" data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:518:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s", fname); data/agg-2.6.1-r134+dfsg1/examples/image1.cpp:164:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s%s. Download http://www.antigrain.com/%s%s\n" data/agg-2.6.1-r134+dfsg1/examples/image1.cpp:170:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s%s", img_name, app.img_ext()); data/agg-2.6.1-r134+dfsg1/examples/image_alpha.cpp:232:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s%s. Download http://www.antigrain.com/%s%s\n" data/agg-2.6.1-r134+dfsg1/examples/image_alpha.cpp:238:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s%s", img_name, app.img_ext()); data/agg-2.6.1-r134+dfsg1/examples/image_filters.cpp:399:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s%s. Download http://www.antigrain.com/%s%s\n" data/agg-2.6.1-r134+dfsg1/examples/image_filters.cpp:405:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s%s", img_name, app.img_ext()); data/agg-2.6.1-r134+dfsg1/examples/image_perspective.cpp:283:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s%s. Download http://www.antigrain.com/%s%s\n" data/agg-2.6.1-r134+dfsg1/examples/image_perspective.cpp:289:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s%s", img_name, app.img_ext()); data/agg-2.6.1-r134+dfsg1/examples/image_resample.cpp:347:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s%s. Download http://www.antigrain.com/%s%s\n" data/agg-2.6.1-r134+dfsg1/examples/image_resample.cpp:353:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s%s", img_name, app.img_ext()); data/agg-2.6.1-r134+dfsg1/examples/image_transforms.cpp:433:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s%s. Download http://www.antigrain.com/%s%s\n" data/agg-2.6.1-r134+dfsg1/examples/image_transforms.cpp:439:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s%s", img_name, app.img_ext()); data/agg-2.6.1-r134+dfsg1/examples/line_patterns.cpp:316:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "There must be files 1%s...9%s\n" data/agg-2.6.1-r134+dfsg1/examples/line_patterns_clip.cpp:340:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "There must be file 1%s\n", app.img_ext()); data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:175:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if(pos) strcpy(buf, buf + pos); data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:803:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: '%s'. Download http://www.antigrain.com/%s\n", data/agg-2.6.1-r134+dfsg1/examples/pattern_perspective.cpp:274:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s%s. Download http://www.antigrain.com/%s%s\n" data/agg-2.6.1-r134+dfsg1/examples/pattern_perspective.cpp:280:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s%s", img_name, app.img_ext()); data/agg-2.6.1-r134+dfsg1/examples/pattern_resample.cpp:375:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s%s. Download http://www.antigrain.com/%s%s\n" data/agg-2.6.1-r134+dfsg1/examples/pattern_resample.cpp:381:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "File not found: %s%s", img_name, app.img_ext()); data/agg-2.6.1-r134+dfsg1/examples/raster_text.cpp:123:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, fonts[i].name); data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_exception.h:49:17: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(m_msg, fmt, arg); data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_exception.h:57:23: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if(m_msg) strcpy(m_msg, exc.m_msg); data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_parser.cpp:233:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msg, "Couldn't open file %s", fname); data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_parser.cpp:244:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msg, data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_parser.cpp:448:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(c.name, str); data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype.cpp:656:26: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). std::strcpy(m_face_names[m_num_faces], font_name); data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype.cpp:842:18: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. std::sprintf(m_signature, data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype.cpp:868:22: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). std::strcat(m_signature, buf); data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype2.cpp:753:18: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). std::strcpy(m_face_name, m_ft_face->family_name); data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype2.cpp:759:18: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. std::sprintf( m_face_name, "%s %s", m_ft_face->family_name, m_ft_face->style_name ); data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.cpp:450:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(m_typeface, typeface_); data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.cpp:505:26: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). std::strcpy(m_font_names[m_num_fonts], m_signature); data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.cpp:563:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(m_signature, data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.cpp:592:22: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). std::strcat(m_signature, buf); data/agg-2.6.1-r134+dfsg1/include/agg_font_cache_manager.h:64:18: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). std::strcpy(m_font_signature, font_signature); data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_rbox_ctrl.cpp:62:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&m_items[m_num_items][0], text); data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_slider_ctrl.cpp:165:17: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, m_label, value()); data/agg-2.6.1-r134+dfsg1/src/platform/BeOS/agg_platform_support.cpp:640:42: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. std::sprintf(fAppPath, "%s", path.Path()); data/agg-2.6.1-r134+dfsg1/src/platform/BeOS/agg_platform_support.cpp:735:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). std::strcpy(m_caption, cap); data/agg-2.6.1-r134+dfsg1/src/platform/BeOS/agg_platform_support.cpp:796:14: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. std::sprintf(m_specific->fFilePath, "%s/%s", m_specific->fAppPath, file_name); data/agg-2.6.1-r134+dfsg1/src/platform/BeOS/agg_platform_support.cpp:807:18: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. std::sprintf(path, "%s/%s%s", m_specific->fAppPath, file, img_ext()); data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:507:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). std::strcpy(m_caption, cap); data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1142:18: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). std::strcpy(buf, file); data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1372:18: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). std::strcpy(buf, file); data/agg-2.6.1-r134+dfsg1/src/platform/mac/agg_platform_support.cpp:465:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). std::strcpy(m_caption, cap); data/agg-2.6.1-r134+dfsg1/src/platform/mac/agg_platform_support.cpp:640:18: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). std::strcpy(fn, file); data/agg-2.6.1-r134+dfsg1/src/platform/mac/agg_platform_support.cpp:663:18: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). std::strcpy(fn, file); data/agg-2.6.1-r134+dfsg1/src/platform/sdl/agg_platform_support.cpp:237:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). std::strcpy(m_caption, cap); data/agg-2.6.1-r134+dfsg1/src/platform/sdl/agg_platform_support.cpp:551:18: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). std::strcpy(fn, file); data/agg-2.6.1-r134+dfsg1/src/platform/sdl/agg_platform_support.cpp:613:18: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). std::strcpy(fn, file); data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:765:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). std::strcpy(m_caption, cap); data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:1303:18: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). std::strcpy(fn, file); data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:1322:18: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). std::strcpy(fn, file); data/agg-2.6.1-r134+dfsg1/examples/aa_test.cpp:445:9: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(123); data/agg-2.6.1-r134+dfsg1/examples/alpha_gradient.cpp:95:9: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(1234); data/agg-2.6.1-r134+dfsg1/examples/alpha_mask2.cpp:206:9: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(1432); data/agg-2.6.1-r134+dfsg1/examples/gouraud_mesh.cpp:77:19: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. static double random(double v1, double v2) data/agg-2.6.1-r134+dfsg1/examples/gouraud_mesh.cpp:158:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. double dx = random(-0.5, 0.5); data/agg-2.6.1-r134+dfsg1/examples/gouraud_mesh.cpp:159:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. double dy = random(-0.5, 0.5); data/agg-2.6.1-r134+dfsg1/examples/graph_test.cpp:94:6: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(100); data/agg-2.6.1-r134+dfsg1/examples/graph_test.cpp:774:9: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(100); data/agg-2.6.1-r134+dfsg1/examples/aa_test.cpp:550:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/agg-2.6.1-r134+dfsg1/examples/aa_test.cpp:551:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "Points=%.2fK/sec, Lines=%.2fK/sec, Triangles=%.2fK/sec", 20000.0/t1, 2000.0/t2, 2000.0/t3); data/agg-2.6.1-r134+dfsg1/examples/agg2d_demo.cpp:389:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/agg-2.6.1-r134+dfsg1/examples/alpha_mask3.cpp:200:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/agg-2.6.1-r134+dfsg1/examples/alpha_mask3.cpp:201:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "Generate AlphaMask: %.3fms", t1); data/agg-2.6.1-r134+dfsg1/examples/alpha_mask3.cpp:228:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/agg-2.6.1-r134+dfsg1/examples/alpha_mask3.cpp:229:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "Render with AlphaMask: %.3fms", t1); data/agg-2.6.1-r134+dfsg1/examples/alpha_mask3.cpp:534:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/agg-2.6.1-r134+dfsg1/examples/alpha_mask3.cpp:535:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d %d", x, y); data/agg-2.6.1-r134+dfsg1/examples/bezier_div.cpp:441:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/agg-2.6.1-r134+dfsg1/examples/bezier_div.cpp:450:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "Num Points=%d Time=%.2fmks\n\n" data/agg-2.6.1-r134+dfsg1/examples/bezier_div.cpp:491:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fd = fopen(full_file_name("coord"), "w"); data/agg-2.6.1-r134+dfsg1/examples/blend_color.cpp:520:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/agg-2.6.1-r134+dfsg1/examples/blend_color.cpp:527:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%3.2f ms", tm); data/agg-2.6.1-r134+dfsg1/examples/blur.cpp:289:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/agg-2.6.1-r134+dfsg1/examples/blur.cpp:296:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%3.2f ms", tm); data/agg-2.6.1-r134+dfsg1/examples/circles.cpp:201:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10]; data/agg-2.6.1-r134+dfsg1/examples/circles.cpp:202:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%08u", n_drawn); data/agg-2.6.1-r134+dfsg1/examples/circles.cpp:253:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). num_points = atoi(argv[1]); data/agg-2.6.1-r134+dfsg1/examples/compositing.cpp:305:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/agg-2.6.1-r134+dfsg1/examples/compositing.cpp:312:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%3.2f ms", tm); data/agg-2.6.1-r134+dfsg1/examples/compositing.cpp:351:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/agg-2.6.1-r134+dfsg1/examples/distortions.cpp:686:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:60:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(const char* fname) data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:62:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_fd = fopen(fname, "r"); data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:74:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:93:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). style.left_fill = atoi(ts); data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:95:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). style.right_fill = atoi(ts); data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:97:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). style.line = atoi(ts); data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:261:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(span, m_gradient + x, sizeof(color_type) * len); data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:311:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(const char* fname) data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:313:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return m_shape.open(full_file_name(fname)); data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:409:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:418:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "Fill=%.2fms (%dFPS) Stroke=%.2fms (%dFPS) Total=%.2fms (%dFPS)\n\n" data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:533:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!app.open(fname)) data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:535:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:61:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(const char* fname) data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:63:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_fd = fopen(fname, "r"); data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:78:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:97:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). style.left_fill = atoi(ts); data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:99:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). style.right_fill = atoi(ts); data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:101:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). style.line = atoi(ts); data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:280:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(const char* fname) data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:282:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return m_shape.open(full_file_name(fname)); data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:392:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:401:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "Fill=%.2fms (%dFPS) Stroke=%.2fms (%dFPS) Total=%.2fms (%dFPS)\n\n" data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:507:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!app.open(fname)) data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:509:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/agg-2.6.1-r134+dfsg1/examples/freetype_test.cpp:148:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fd = fopen("dump_path", "a"); data/agg-2.6.1-r134+dfsg1/examples/freetype_test.cpp:444:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/agg-2.6.1-r134+dfsg1/examples/freetype_test.cpp:445:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, data/agg-2.6.1-r134+dfsg1/examples/gamma_ctrl.cpp:32:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fd = fopen(fname, "rb"); data/agg-2.6.1-r134+dfsg1/examples/gamma_ctrl.cpp:35:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/agg-2.6.1-r134+dfsg1/examples/gamma_ctrl.cpp:51:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fd = fopen(fname, "wb"); data/agg-2.6.1-r134+dfsg1/examples/gamma_ctrl.cpp:63:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fd = fopen(fname, "w"); data/agg-2.6.1-r134+dfsg1/examples/gouraud.cpp:209:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/agg-2.6.1-r134+dfsg1/examples/gouraud.cpp:210:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "Time=%2.2f ms", elapsed_time()); data/agg-2.6.1-r134+dfsg1/examples/gouraud_mesh.cpp:408:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/agg-2.6.1-r134+dfsg1/examples/gouraud_mesh.cpp:417:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%3.2f ms, %d triangles, %.0f tri/sec", data/agg-2.6.1-r134+dfsg1/examples/gpc_test.cpp:190:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/agg-2.6.1-r134+dfsg1/examples/gpc_test.cpp:191:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "Contours: %d Points: %d", counter.m_contours, counter.m_points); data/agg-2.6.1-r134+dfsg1/examples/gpc_test.cpp:203:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "GPC=%.3fms Render=%.3fms", t1, t2); data/agg-2.6.1-r134+dfsg1/examples/gpc_test.cpp:650:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/agg-2.6.1-r134+dfsg1/examples/gpc_test.cpp:651:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d %d", x, y); data/agg-2.6.1-r134+dfsg1/examples/gradient_focal.cpp:175:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/agg-2.6.1-r134+dfsg1/examples/gradient_focal.cpp:180:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%3.2f ms", tm); data/agg-2.6.1-r134+dfsg1/examples/gradients.cpp:107:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fd = fopen(full_file_name("settings.dat"), "w"); data/agg-2.6.1-r134+dfsg1/examples/gradients.cpp:252:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fd = fopen(full_file_name("settings.dat"), "r"); data/agg-2.6.1-r134+dfsg1/examples/gradients.cpp:486:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fd = fopen(full_file_name("colors.dat"), "w"); data/agg-2.6.1-r134+dfsg1/examples/gradients.cpp:498:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen(full_file_name("profile.dat"), "w"); data/agg-2.6.1-r134+dfsg1/examples/graph_test.cpp:864:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/agg-2.6.1-r134+dfsg1/examples/graph_test.cpp:872:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%3.3f milliseconds", elapsed_time()); data/agg-2.6.1-r134+dfsg1/examples/graph_test.cpp:893:28: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fd = fopen(full_file_name("benchmark"), "a"); data/agg-2.6.1-r134+dfsg1/examples/graph_test.cpp:899:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, " pipeline add_path sort render total\n" data/agg-2.6.1-r134+dfsg1/examples/image1.cpp:161:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/agg-2.6.1-r134+dfsg1/examples/image_alpha.cpp:139:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char brightness_alpha_array[agg::span_conv_brightness_alpha::array_size]; data/agg-2.6.1-r134+dfsg1/examples/image_alpha.cpp:195:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fd = fopen(full_file_name("alpha"), "w"); data/agg-2.6.1-r134+dfsg1/examples/image_alpha.cpp:229:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/agg-2.6.1-r134+dfsg1/examples/image_filters.cpp:138:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/agg-2.6.1-r134+dfsg1/examples/image_filters.cpp:139:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "NSteps=%d", m_num_steps); data/agg-2.6.1-r134+dfsg1/examples/image_filters.cpp:154:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%3.2f Kpix/sec", m_num_pix / (m_time2 - m_time1)); data/agg-2.6.1-r134+dfsg1/examples/image_filters.cpp:156:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%3.2f Kpix/sec", m_num_pix / data/agg-2.6.1-r134+dfsg1/examples/image_filters.cpp:396:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/agg-2.6.1-r134+dfsg1/examples/image_perspective.cpp:207:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/agg-2.6.1-r134+dfsg1/examples/image_perspective.cpp:214:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%3.2f ms", tm); data/agg-2.6.1-r134+dfsg1/examples/image_perspective.cpp:280:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/agg-2.6.1-r134+dfsg1/examples/image_resample.cpp:253:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/agg-2.6.1-r134+dfsg1/examples/image_resample.cpp:260:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%3.2f ms", tm); data/agg-2.6.1-r134+dfsg1/examples/image_resample.cpp:344:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/agg-2.6.1-r134+dfsg1/examples/image_transforms.cpp:430:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/agg-2.6.1-r134+dfsg1/examples/line_patterns.cpp:284:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fd = fopen(full_file_name("coord"), "w"); data/agg-2.6.1-r134+dfsg1/examples/line_patterns.cpp:315:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/agg-2.6.1-r134+dfsg1/examples/line_patterns_clip.cpp:286:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/agg-2.6.1-r134+dfsg1/examples/line_patterns_clip.cpp:295:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "Len=%.2f", agg::calc_distance(p[0], p[1], p[2], p[3]) * m_scale.scale()); data/agg-2.6.1-r134+dfsg1/examples/line_patterns_clip.cpp:339:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/agg-2.6.1-r134+dfsg1/examples/line_thickness.cpp:113:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/agg-2.6.1-r134+dfsg1/examples/line_thickness.cpp:118:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "Blur: %3.2f ms", tm); data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:56:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[4]; data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:102:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_name[128]; data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:131:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[32]; data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:132:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(get_str(tmp, buf, pos, len)); data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:137:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[32]; data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:153:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if(len > 0) memcpy(dst, buf, len); data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:201:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:207:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if(len) memcpy(m_name, buf, len); data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:789:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fd = fopen(full_file_name(fname), "r"); data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:802:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/agg-2.6.1-r134+dfsg1/examples/pattern_perspective.cpp:220:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/agg-2.6.1-r134+dfsg1/examples/pattern_perspective.cpp:221:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "time=%.3f", elapsed_time()); data/agg-2.6.1-r134+dfsg1/examples/pattern_perspective.cpp:271:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/agg-2.6.1-r134+dfsg1/examples/pattern_resample.cpp:278:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/agg-2.6.1-r134+dfsg1/examples/pattern_resample.cpp:285:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%3.2f ms", tm); data/agg-2.6.1-r134+dfsg1/examples/pattern_resample.cpp:372:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/agg-2.6.1-r134+dfsg1/examples/raster_text.cpp:121:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/agg-2.6.1-r134+dfsg1/examples/raster_text.cpp:122:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "A quick brown fox jumps over the lazy dog 0123456789: "); data/agg-2.6.1-r134+dfsg1/examples/rasterizers.cpp:240:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/agg-2.6.1-r134+dfsg1/examples/rasterizers.cpp:241:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "Time Aliased=%.2fms Time Anti-Aliased=%.2fms", t1, t2); data/agg-2.6.1-r134+dfsg1/examples/rasterizers2.cpp:530:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/agg-2.6.1-r134+dfsg1/examples/rasterizers2.cpp:531:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "Aliased=%1.2fms, Anti-Aliased=%1.2fms, Scanline=%1.2fms, Image-Pattern=%1.2fms", data/agg-2.6.1-r134+dfsg1/examples/scanline_boolean2.cpp:300:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/agg-2.6.1-r134+dfsg1/examples/scanline_boolean2.cpp:301:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "Combine=%.3fms\n\nRender=%.3fms\n\nnum_spans=%d", t1, t2, num_spans); data/agg-2.6.1-r134+dfsg1/examples/scanline_boolean2.cpp:640:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/agg-2.6.1-r134+dfsg1/examples/scanline_boolean2.cpp:641:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d %d", x, y); data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_parser.cpp:33:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[22]; data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_parser.cpp:219:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[1024]; data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_parser.cpp:230:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fd = fopen(fname, "r"); data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_parser.cpp:368:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(self.m_title + self.m_title_len, s, len); data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_parser.cpp:570:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if(len) memcpy(m_attr_name, start, len); data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_parser.cpp:586:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if(len) memcpy(m_attr_value, start, len); data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_renderer.cpp:391:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_renderer.cpp:392:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "parse_path: Invalid Command %c", cmd); data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_tokenizer.cpp:77:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_tokenizer.cpp:78:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "path_tokenizer::next : Invalid Character %c", *m_path); data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_tokenizer.cpp:108:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_tokenizer.cpp:109:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "parse_path: Command %c: bad or missing parameters", cmd); data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_tokenizer.cpp:119:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; // Should be enough for any number data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_tokenizer.h:97:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_separators_mask[256/8]; data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_tokenizer.h:98:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_commands_mask[256/8]; data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_tokenizer.h:99:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_numeric_mask[256/8]; data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/svg_test.cpp:127:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/svg_test.cpp:135:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "Vertices=%d Time=%.3f ms", vertex_count, tm); data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/svg_test.cpp:204:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/svg_test.cpp:205:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%3.3f, %3.3f, %3.3f, %3.3f, %3.3f, %3.3f", data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/svg_test.cpp:209:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fd = fopen(full_file_name("transform.txt"), "a"); data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/svg_test.cpp:229:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fd = fopen(app.full_file_name(fname), "r"); data/agg-2.6.1-r134+dfsg1/examples/truetype_test.cpp:411:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/agg-2.6.1-r134+dfsg1/examples/truetype_test.cpp:412:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, data/agg-2.6.1-r134+dfsg1/examples/win32_api/pure_api/pure_api.cpp:16:1: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szTitle[MAX_LOADSTRING]; // The title bar text data/agg-2.6.1-r134+dfsg1/examples/win32_api/pure_api/pure_api.cpp:17:1: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szWindowClass[MAX_LOADSTRING]; // The title bar text data/agg-2.6.1-r134+dfsg1/examples/win32_api/pure_api/pure_api.cpp:141:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szHello[MAX_LOADSTRING]; data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype.cpp:628:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(m_faces, data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype.cpp:631:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(m_face_names, data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype.cpp:833:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char gamma_table[rasterizer_scanline_aa<>::aa_scale]; data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype.cpp:859:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype.cpp:861:22: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. std::sprintf(buf, ",%08X%08X%08X%08X%08X%08X", data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.cpp:494:30: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(m_fonts, data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.cpp:497:30: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(m_font_names, data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.cpp:554:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char gamma_table[rasterizer_scanline_aa<>::aa_scale]; data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.cpp:583:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.cpp:585:22: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. std::sprintf(buf, ",%08X%08X%08X%08X%08X%08X", data/agg-2.6.1-r134+dfsg1/include/agg_array.h:56:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(m_array, c, sizeof(T) * Size); data/agg-2.6.1-r134+dfsg1/include/agg_array.h:61:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(m_array, c, sizeof(T) * Size); data/agg-2.6.1-r134+dfsg1/include/agg_array.h:124:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(m_array, v.m_array, sizeof(T) * m_size); data/agg-2.6.1-r134+dfsg1/include/agg_array.h:138:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(m_array, v.m_array, sizeof(T) * m_size); data/agg-2.6.1-r134+dfsg1/include/agg_array.h:249:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(data, m_array, m_size * sizeof(T)); data/agg-2.6.1-r134+dfsg1/include/agg_array.h:272:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(m_array, v.m_array, sizeof(T) * v.m_size); data/agg-2.6.1-r134+dfsg1/include/agg_array.h:280:27: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if(v.m_size) std::memcpy(m_array, v.m_array, sizeof(T) * v.m_size); data/agg-2.6.1-r134+dfsg1/include/agg_array.h:287:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if(m_size) std::memcpy(ptr, m_array, m_size * sizeof(T)); data/agg-2.6.1-r134+dfsg1/include/agg_array.h:296:28: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if(byte_size) std::memcpy(m_array, data, byte_size * sizeof(T)); data/agg-2.6.1-r134+dfsg1/include/agg_array.h:589:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(m_blocks[i], v.m_blocks[i], block_size * sizeof(T)); data/agg-2.6.1-r134+dfsg1/include/agg_array.h:606:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(m_blocks[i], v.m_blocks[i], block_size * sizeof(T)); data/agg-2.6.1-r134+dfsg1/include/agg_array.h:623:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(new_blocks, data/agg-2.6.1-r134+dfsg1/include/agg_array.h:723:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(ptr, &(*this)[i], sizeof(T)); data/agg-2.6.1-r134+dfsg1/include/agg_array.h:737:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(ptr, data, sizeof(T)); data/agg-2.6.1-r134+dfsg1/include/agg_array.h:760:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(&((*this)[start + i]), data, sizeof(T)); data/agg-2.6.1-r134+dfsg1/include/agg_array.h:765:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(ptr, data, sizeof(T)); data/agg-2.6.1-r134+dfsg1/include/agg_array.h:868:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(new_blocks, data/agg-2.6.1-r134+dfsg1/include/agg_blur.h:1360:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(r1, r0, w * sizeof(pixel_type)); data/agg-2.6.1-r134+dfsg1/include/agg_blur.h:1374:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(r2, r1, w * sizeof(pixel_type)); // duplicate bottom row data/agg-2.6.1-r134+dfsg1/include/agg_font_cache_manager.h:175:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(m_fonts, data/agg-2.6.1-r134+dfsg1/include/agg_gsv_text.h:91:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_chr[2]; data/agg-2.6.1-r134+dfsg1/include/agg_path_storage.h:310:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(new_coords, data/agg-2.6.1-r134+dfsg1/include/agg_path_storage.h:314:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(new_cmds, data/agg-2.6.1-r134+dfsg1/include/agg_path_storage_integer.h:125:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(ptr, &m_storage[i], sizeof(vertex_integer_type)); data/agg-2.6.1-r134+dfsg1/include/agg_path_storage_integer.h:267:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(&v, m_ptr, sizeof(vertex_integer_type)); data/agg-2.6.1-r134+dfsg1/include/agg_pixfmt_amask_adaptor.h:57:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(&m_span[0], covers, len * sizeof(cover_type)); data/agg-2.6.1-r134+dfsg1/include/agg_rasterizer_cells_aa.h:483:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(new_cells, m_cells, m_max_blocks * sizeof(cell_type*)); data/agg-2.6.1-r134+dfsg1/include/agg_rendering_buffer.h:109:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(row_ptr(0, y, w), src.row_ptr(y), l); data/agg-2.6.1-r134+dfsg1/include/agg_rendering_buffer.h:239:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(row_ptr(0, y, w), src.row_ptr(y), l); data/agg-2.6.1-r134+dfsg1/include/agg_scanline_p.h:107:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(m_cover_ptr, covers, len * sizeof(cover_type)); data/agg-2.6.1-r134+dfsg1/include/agg_scanline_p.h:263:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(m_cover_ptr, covers, len * sizeof(cover_type)); data/agg-2.6.1-r134+dfsg1/include/agg_scanline_storage_aa.h:100:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(ptr, cells, sizeof(T) * num_cells); data/agg-2.6.1-r134+dfsg1/include/agg_scanline_storage_aa.h:106:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(s.ptr, cells, sizeof(T) * num_cells); data/agg-2.6.1-r134+dfsg1/include/agg_scanline_storage_aa.h:147:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(dst.ptr, src.ptr, dst.len * sizeof(T)); data/agg-2.6.1-r134+dfsg1/include/agg_scanline_storage_aa.h:482:30: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(data, covers, sizeof(T)); data/agg-2.6.1-r134+dfsg1/include/agg_scanline_storage_aa.h:487:30: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(data, covers, unsigned(sp.len) * sizeof(T)); data/agg-2.6.1-r134+dfsg1/include/agg_scanline_u.h:172:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(&m_covers[x], covers, len * sizeof(cover_type)); data/agg-2.6.1-r134+dfsg1/include/agg_scanline_u.h:387:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(&m_covers[x], covers, len * sizeof(cover_type)); data/agg-2.6.1-r134+dfsg1/include/agg_trans_viewport.h:206:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(ptr, this, sizeof(*this)); data/agg-2.6.1-r134+dfsg1/include/agg_trans_viewport.h:211:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(this, ptr, sizeof(*this)); data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_cbox_ctrl.h:65:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_label[128]; data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_gamma_spline.h:79:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char m_gamma[256]; data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_slider_ctrl.h:80:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_label[64]; data/agg-2.6.1-r134+dfsg1/include/platform/agg_platform_support.h:674:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_caption[256]; data/agg-2.6.1-r134+dfsg1/src/agg_gsv_text.cpp:547:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fd = std::fopen(file, "rb"); data/agg-2.6.1-r134+dfsg1/src/agg_gsv_text.cpp:581:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(&m_text_buf[0], text, new_size); data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_cbox_ctrl.cpp:54:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_label, l, len); data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_gamma_ctrl.cpp:130:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[32]; data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_gamma_ctrl.cpp:243:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%5.3f %5.3f %5.3f %5.3f", kx1, ky1, kx2, ky2); data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_slider_ctrl.cpp:108:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_label, fmt, len); data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_slider_ctrl.cpp:164:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/agg-2.6.1-r134+dfsg1/src/platform/AmigaOS/agg_platform_support.cpp:613:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char fn[1024]; data/agg-2.6.1-r134+dfsg1/src/platform/AmigaOS/agg_platform_support.cpp:801:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char key_buf[BUF_SIZE]; data/agg-2.6.1-r134+dfsg1/src/platform/BeOS/agg_platform_support.cpp:706:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fAppPath[B_PATH_NAME_LENGTH]; data/agg-2.6.1-r134+dfsg1/src/platform/BeOS/agg_platform_support.cpp:707:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fFilePath[B_PATH_NAME_LENGTH]; data/agg-2.6.1-r134+dfsg1/src/platform/BeOS/agg_platform_support.cpp:722:14: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. std::strcpy(m_caption, "Anti-Grain Geometry Application"); data/agg-2.6.1-r134+dfsg1/src/platform/BeOS/agg_platform_support.cpp:806:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[B_PATH_NAME_LENGTH]; data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:493:14: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. std::strcpy(m_caption, "AGG Application"); data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1141:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1146:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. std::strcat(buf, ".ppm"); data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1149:29: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fd = std::fopen(buf, "rb"); data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1174:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). unsigned width = std::atoi(ptr); data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1187:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). unsigned height = std::atoi(ptr); data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1195:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(std::atoi(ptr) != 255) data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1371:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1376:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. std::strcat(buf, ".ppm"); data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1379:29: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fd = std::fopen(buf, "wb"); data/agg-2.6.1-r134+dfsg1/src/platform/mac/agg_platform_support.cpp:450:14: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. std::strcpy(m_caption, "Anti-Grain Geometry Application"); data/agg-2.6.1-r134+dfsg1/src/platform/mac/agg_platform_support.cpp:639:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[1024]; data/agg-2.6.1-r134+dfsg1/src/platform/mac/agg_platform_support.cpp:648:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. std::strcat(fn, ".bmp"); data/agg-2.6.1-r134+dfsg1/src/platform/mac/agg_platform_support.cpp:662:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[1024]; data/agg-2.6.1-r134+dfsg1/src/platform/mac/agg_platform_support.cpp:671:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. std::strcat(fn, ".bmp"); data/agg-2.6.1-r134+dfsg1/src/platform/sdl/agg_platform_support.cpp:222:14: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. std::strcpy(m_caption, "Anti-Grain Geometry Application"); data/agg-2.6.1-r134+dfsg1/src/platform/sdl/agg_platform_support.cpp:550:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[1024]; data/agg-2.6.1-r134+dfsg1/src/platform/sdl/agg_platform_support.cpp:555:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. std::strcat(fn, ".bmp"); data/agg-2.6.1-r134+dfsg1/src/platform/sdl/agg_platform_support.cpp:612:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[1024]; data/agg-2.6.1-r134+dfsg1/src/platform/sdl/agg_platform_support.cpp:617:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. std::strcat(fn, ".bmp"); data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:750:14: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. std::strcpy(m_caption, "Anti-Grain Geometry Application"); data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:1302:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[1024]; data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:1307:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. std::strcat(fn, ".bmp"); data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:1321:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[1024]; data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:1326:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. std::strcat(fn, ".bmp"); data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:1640:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(argv_ptr, tok.ptr, tok.len); data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_win32_bmp.cpp:419:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, m_buf, m_bmp->bmiHeader.biSizeImage); data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_win32_bmp.cpp:502:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fd = std::fopen(filename, "rb"); data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_win32_bmp.cpp:537:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fd = std::fopen(filename, "wb"); data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:81:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(FILE* fd); data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:144:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int buf_len = strlen(buf); data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:166:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned len = strlen(buf); data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:199:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool molecule::read(FILE* fd) data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:795:50: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(!m_molecules[m_num_molecules].read(fd)) break; data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_exception.h:55:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_msg(exc.m_msg ? new char[strlen(exc.m_msg) + 1] : 0) data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_parser.cpp:443:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned len = strlen(str); data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype.cpp:655:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_face_names[m_num_faces] = new char [std::strlen(font_name) + 1]; data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype.cpp:820:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned name_len = std::strlen(m_name); data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype2.cpp:751:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). std::size_t len=std::strlen(m_ft_face->family_name)+1; data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype2.cpp:757:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). std::size_t len=std::strlen(m_ft_face->family_name)+1+std::strlen(m_ft_face->style_name)+1; data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype2.cpp:757:72: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). std::size_t len=std::strlen(m_ft_face->family_name)+1+std::strlen(m_ft_face->style_name)+1; data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.cpp:440:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned len = strlen(typeface_); data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.cpp:504:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_font_names[m_num_fonts] = new char[std::strlen(m_signature) + 1]; data/agg-2.6.1-r134+dfsg1/include/agg_array.h:1031:50: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. unsigned remove_duplicates(Array& arr, Equal equal) data/agg-2.6.1-r134+dfsg1/include/agg_array.h:1039:17: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if(!equal(e, arr[i - 1])) data/agg-2.6.1-r134+dfsg1/include/agg_font_cache_manager.h:63:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_font_signature = (char*)m_allocator.allocate(std::strlen(font_signature) + 1); data/agg-2.6.1-r134+dfsg1/src/agg_gsv_text.cpp:576:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned new_size = std::strlen(text) + 1; data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_cbox_ctrl.cpp:52:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned len = strlen(l); data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_rbox_ctrl.cpp:61:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_items[m_num_items].resize(strlen(text) + 1); data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_slider_ctrl.cpp:106:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned len = strlen(fmt); data/agg-2.6.1-r134+dfsg1/src/platform/AmigaOS/agg_platform_support.cpp:404:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. std::strncpy(m_caption, "Anti-Grain Geometry", 256); data/agg-2.6.1-r134+dfsg1/src/platform/AmigaOS/agg_platform_support.cpp:416:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). std::strncpy(m_caption, cap, 256); data/agg-2.6.1-r134+dfsg1/src/platform/AmigaOS/agg_platform_support.cpp:614:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). std::strncpy(fn, file, 1024); data/agg-2.6.1-r134+dfsg1/src/platform/AmigaOS/agg_platform_support.cpp:615:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = std::strlen(fn); data/agg-2.6.1-r134+dfsg1/src/platform/AmigaOS/agg_platform_support.cpp:618:10: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. std::strncat(fn, ".bmp", 1024); data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:250:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tp.nitems = std::strlen(capt); data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1143:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = std::strlen(buf); data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1373:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = std::strlen(buf); data/agg-2.6.1-r134+dfsg1/src/platform/mac/agg_platform_support.cpp:641:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = std::strlen(fn); data/agg-2.6.1-r134+dfsg1/src/platform/mac/agg_platform_support.cpp:664:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = std::strlen(fn); data/agg-2.6.1-r134+dfsg1/src/platform/sdl/agg_platform_support.cpp:552:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = std::strlen(fn); data/agg-2.6.1-r134+dfsg1/src/platform/sdl/agg_platform_support.cpp:614:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = std::strlen(fn); data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:1304:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = std::strlen(fn); data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:1323:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = std::strlen(fn); data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:1466:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_sep_len(sep ? strlen(sep) : 0), data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:1621:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* argv_str = new char [std::strlen(lpszCmdLine) + 3]; ANALYSIS SUMMARY: Hits = 355 Lines analyzed = 110372 in approximately 2.60 seconds (42385 lines/second) Physical Source Lines of Code (SLOC) = 81468 Hits@level = [0] 153 [1] 37 [2] 246 [3] 8 [4] 64 [5] 0 Hits@level+ = [0+] 508 [1+] 355 [2+] 318 [3+] 72 [4+] 64 [5+] 0 Hits/KSLOC@level+ = [0+] 6.23558 [1+] 4.35754 [2+] 3.90337 [3+] 0.883783 [4+] 0.785585 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.