Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype2.cpp
Examining data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype.h
Examining data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype.cpp
Examining data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype2.h
Examining data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.h
Examining data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_line_profile_aa.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_arc.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_bezier_arc.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_vcgen_smooth_poly1.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_line_aa_basics.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_rounded_rect.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_vcgen_dash.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_trans_single_path.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/platform/BeOS/agg_platform_support.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/platform/AmigaOS/agg_platform_support.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/platform/mac/agg_platform_support.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/platform/mac/agg_mac_pmap.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/platform/sdl/agg_platform_support.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_win32_bmp.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_scale_ctrl.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_spline_ctrl.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_gamma_ctrl.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_rbox_ctrl.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_bezier_ctrl.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_cbox_ctrl.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_slider_ctrl.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_polygon_ctrl.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_gamma_spline.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_embedded_raster_fonts.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_vpgen_clip_polyline.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_color_rgba.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_vcgen_contour.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_arrowhead.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_vpgen_segmentator.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_image_filters.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_trans_double_path.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_trans_affine.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_gsv_text.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_trans_warp_magnifier.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_sqrt_tables.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_bspline.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_vpgen_clip_polygon.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_vcgen_bspline.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_vcgen_stroke.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_vcgen_markers_term.cpp
Examining data/agg-2.6.1-r134+dfsg1/src/agg_curves.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/rasterizers2.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/alpha_mask.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/win32_api/pure_api/resource.h
Examining data/agg-2.6.1-r134+dfsg1/examples/win32_api/pure_api/pure_api.h
Examining data/agg-2.6.1-r134+dfsg1/examples/win32_api/pure_api/StdAfx.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/win32_api/pure_api/StdAfx.h
Examining data/agg-2.6.1-r134+dfsg1/examples/win32_api/pure_api/pure_api.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/multi_clip.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/gouraud.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/image_resample.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/freetype_test.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/lion.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/scanline_boolean.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/circles.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/component_rendering.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/gpc_test.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/blur.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/gamma_tuner.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/gamma_ctrl.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/pixel_formats.h
Examining data/agg-2.6.1-r134+dfsg1/examples/rounded_rect.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/gradients.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/image_alpha.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_renderer.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_tokenizer.h
Examining data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/svg_test.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_parser.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_tokenizer.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_parser.h
Examining data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_renderer.h
Examining data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_exception.h
Examining data/agg-2.6.1-r134+dfsg1/examples/raster_text.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/aa_test.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/image_perspective.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/image_transforms.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/pattern_resample.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/line_thickness.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/image_fltr_graph.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/perspective.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/blend_color.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/conv_stroke.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/conv_dash_marker.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/rasterizer_compound.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/trans_curve1.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/bezier_div.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/interactive_polygon.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/distortions.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/alpha_mask2.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/trans_curve1_ft.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/gradients_contour.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/line_patterns_clip.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/gamma_correction.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/trans_polar.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/simple_blur.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/lion_lens.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/image1.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/trans_curve2_ft.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/make_arrows.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/trans_curve2.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/rasterizers.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/gradient_focal.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/alpha_gradient.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/pattern_fill.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/agg2d_demo.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/make_gb_poly.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/image_filters2.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/compositing.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/idea.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/compositing2.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/image_filters.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/interactive_polygon.h
Examining data/agg-2.6.1-r134+dfsg1/examples/gouraud_mesh.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/parse_lion.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/bspline.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/aa_demo.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/scanline_boolean2.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/pattern_perspective.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/graph_test.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/polymorphic_renderer.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/lion_outline.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/truetype_test.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/alpha_mask3.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/line_patterns.cpp
Examining data/agg-2.6.1-r134+dfsg1/examples/conv_contour.cpp
Examining data/agg-2.6.1-r134+dfsg1/include/agg_math_stroke.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_renderer_outline_image.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_scanline_storage_bin.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_vpgen_segmentator.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_bspline.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_marker.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_pattern_rgb.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_interpolator_persp.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_concat.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_clip_polyline.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_pattern_filters_rgba.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_renderer_outline_aa.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_allocator.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_basics.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_pixfmt_transposer.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_interpolator_adaptor.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_renderer_mclip.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_rasterizer_sl_clip.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_dash.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_pixfmt_amask_adaptor.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_pixfmt_gray.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_renderer_markers.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_scanline_u.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_pixfmt_base.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_line_aa_basics.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_gsv_text.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_gradient_lut.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_image_filter_rgba.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_dda_line.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_gamma_functions.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_curve.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_vcgen_bspline.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_bounding_rect.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_vcgen_stroke.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_scanline_bin.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_transform.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_simul_eq.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_config.h
Examining data/agg-2.6.1-r134+dfsg1/include/platform/agg_platform_support.h
Examining data/agg-2.6.1-r134+dfsg1/include/platform/mac/agg_mac_pmap.h
Examining data/agg-2.6.1-r134+dfsg1/include/platform/win32/agg_win32_bmp.h
Examining data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_spline_ctrl.h
Examining data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_slider_ctrl.h
Examining data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_rbox_ctrl.h
Examining data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_polygon_ctrl.h
Examining data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_ctrl.h
Examining data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_gamma_ctrl.h
Examining data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_bezier_ctrl.h
Examining data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_scale_ctrl.h
Examining data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_cbox_ctrl.h
Examining data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_gamma_spline.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_bitset_iterator.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_stroke.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_contour.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_path_length.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_math.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_gouraud_rgba.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_trans_affine.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_image_filter.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_color_gray.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_unclose_polygon.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_marker_adaptor.h
Examining data/agg-2.6.1-r134+dfsg1/include/util/agg_color_conv_rgb16.h
Examining data/agg-2.6.1-r134+dfsg1/include/util/agg_color_conv.h
Examining data/agg-2.6.1-r134+dfsg1/include/util/agg_color_conv_rgb8.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_image_filter_gray.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_shorten_path.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_clip_liang_barsky.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_trans_single_path.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_scanline_storage_aa.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_rendering_buffer_dynarow.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_rasterizer_outline_aa.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_smooth_poly1.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_rasterizer_scanline_aa_nogamma.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_rasterizer_scanline_aa.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_renderer_primitives.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_vertex_sequence.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_bspline.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_path_storage_integer.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_subdiv_adaptor.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_image_filters.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_interpolator_linear.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_interpolator_trans.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_ellipse.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_gouraud_gray.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_vpgen_clip_polyline.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_vcgen_contour.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_ellipse_bresenham.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_pixfmt_rgb_packed.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_pixfmt_rgb.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_renderer_scanline.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_arc.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_glyph_raster_bin.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_rasterizer_cells_aa.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_vcgen_vertex_sequence.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_rasterizer_outline.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_shorten_path.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_vpgen_clip_polygon.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_path_storage.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_trans_bilinear.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_gouraud.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_renderer_base.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_pattern_rgba.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_clip_polygon.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_solid.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_image_filter_rgb.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_gamma_lut.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_rendering_buffer.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_converter.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_pattern_gray.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_alpha_mask_u8.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_gradient.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_embedded_raster_fonts.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_scanline_boolean_algebra.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_renderer_raster_text.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_bezier_arc.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_trans_viewport.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_trans_warp_magnifier.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_gradient_alpha.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_vcgen_markers_term.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_image_accessors.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_trans_perspective.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_segmentator.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_rasterizer_compound_aa.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_font_cache_manager2.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_color_rgba.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_gradient_image.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_rounded_rect.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_trans_double_path.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_adaptor_vcgen.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_font_cache_manager.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_adaptor_vpgen.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_blur.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_curves.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_pixfmt_rgba.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_arrowhead.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_vcgen_smooth_poly1.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_span_gradient_contour.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_scanline_p.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_array.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_conv_close_polygon.h
Examining data/agg-2.6.1-r134+dfsg1/include/agg_vcgen_dash.h
FINAL RESULTS:
data/agg-2.6.1-r134+dfsg1/examples/agg2d_demo.cpp:396:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s%s. Download http://www.antigrain.com/%s%s\n"
data/agg-2.6.1-r134+dfsg1/examples/agg2d_demo.cpp:402:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s%s", img_name, app.img_ext());
data/agg-2.6.1-r134+dfsg1/examples/compositing.cpp:354:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s%s. Download http://www.antigrain.com/%s%s\n"
data/agg-2.6.1-r134+dfsg1/examples/compositing.cpp:360:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s%s", img_name, app.img_ext());
data/agg-2.6.1-r134+dfsg1/examples/distortions.cpp:689:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s%s. Download http://www.antigrain.com/%s%s\n"
data/agg-2.6.1-r134+dfsg1/examples/distortions.cpp:695:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s%s", img_name, app.img_ext());
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:538:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s. Download http://www.antigrain.com/%s\n"
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:544:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s", fname);
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:512:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s. Download http://www.antigrain.com/%s\n"
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:518:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s", fname);
data/agg-2.6.1-r134+dfsg1/examples/image1.cpp:164:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s%s. Download http://www.antigrain.com/%s%s\n"
data/agg-2.6.1-r134+dfsg1/examples/image1.cpp:170:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s%s", img_name, app.img_ext());
data/agg-2.6.1-r134+dfsg1/examples/image_alpha.cpp:232:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s%s. Download http://www.antigrain.com/%s%s\n"
data/agg-2.6.1-r134+dfsg1/examples/image_alpha.cpp:238:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s%s", img_name, app.img_ext());
data/agg-2.6.1-r134+dfsg1/examples/image_filters.cpp:399:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s%s. Download http://www.antigrain.com/%s%s\n"
data/agg-2.6.1-r134+dfsg1/examples/image_filters.cpp:405:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s%s", img_name, app.img_ext());
data/agg-2.6.1-r134+dfsg1/examples/image_perspective.cpp:283:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s%s. Download http://www.antigrain.com/%s%s\n"
data/agg-2.6.1-r134+dfsg1/examples/image_perspective.cpp:289:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s%s", img_name, app.img_ext());
data/agg-2.6.1-r134+dfsg1/examples/image_resample.cpp:347:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s%s. Download http://www.antigrain.com/%s%s\n"
data/agg-2.6.1-r134+dfsg1/examples/image_resample.cpp:353:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s%s", img_name, app.img_ext());
data/agg-2.6.1-r134+dfsg1/examples/image_transforms.cpp:433:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s%s. Download http://www.antigrain.com/%s%s\n"
data/agg-2.6.1-r134+dfsg1/examples/image_transforms.cpp:439:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s%s", img_name, app.img_ext());
data/agg-2.6.1-r134+dfsg1/examples/line_patterns.cpp:316:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "There must be files 1%s...9%s\n"
data/agg-2.6.1-r134+dfsg1/examples/line_patterns_clip.cpp:340:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "There must be file 1%s\n", app.img_ext());
data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:175:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(pos) strcpy(buf, buf + pos);
data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:803:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: '%s'. Download http://www.antigrain.com/%s\n",
data/agg-2.6.1-r134+dfsg1/examples/pattern_perspective.cpp:274:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s%s. Download http://www.antigrain.com/%s%s\n"
data/agg-2.6.1-r134+dfsg1/examples/pattern_perspective.cpp:280:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s%s", img_name, app.img_ext());
data/agg-2.6.1-r134+dfsg1/examples/pattern_resample.cpp:375:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s%s. Download http://www.antigrain.com/%s%s\n"
data/agg-2.6.1-r134+dfsg1/examples/pattern_resample.cpp:381:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File not found: %s%s", img_name, app.img_ext());
data/agg-2.6.1-r134+dfsg1/examples/raster_text.cpp:123:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, fonts[i].name);
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_exception.h:49:17: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(m_msg, fmt, arg);
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_exception.h:57:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(m_msg) strcpy(m_msg, exc.m_msg);
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_parser.cpp:233:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "Couldn't open file %s", fname);
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_parser.cpp:244:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg,
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_parser.cpp:448:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c.name, str);
data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype.cpp:656:26: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(m_face_names[m_num_faces], font_name);
data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype.cpp:842:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
std::sprintf(m_signature,
data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype.cpp:868:22: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
std::strcat(m_signature, buf);
data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype2.cpp:753:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(m_face_name, m_ft_face->family_name);
data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype2.cpp:759:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
std::sprintf( m_face_name, "%s %s", m_ft_face->family_name, m_ft_face->style_name );
data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.cpp:450:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_typeface, typeface_);
data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.cpp:505:26: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(m_font_names[m_num_fonts], m_signature);
data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.cpp:563:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(m_signature,
data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.cpp:592:22: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
std::strcat(m_signature, buf);
data/agg-2.6.1-r134+dfsg1/include/agg_font_cache_manager.h:64:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(m_font_signature, font_signature);
data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_rbox_ctrl.cpp:62:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&m_items[m_num_items][0], text);
data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_slider_ctrl.cpp:165:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, m_label, value());
data/agg-2.6.1-r134+dfsg1/src/platform/BeOS/agg_platform_support.cpp:640:42: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
std::sprintf(fAppPath, "%s", path.Path());
data/agg-2.6.1-r134+dfsg1/src/platform/BeOS/agg_platform_support.cpp:735:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(m_caption, cap);
data/agg-2.6.1-r134+dfsg1/src/platform/BeOS/agg_platform_support.cpp:796:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
std::sprintf(m_specific->fFilePath, "%s/%s", m_specific->fAppPath, file_name);
data/agg-2.6.1-r134+dfsg1/src/platform/BeOS/agg_platform_support.cpp:807:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
std::sprintf(path, "%s/%s%s", m_specific->fAppPath, file, img_ext());
data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:507:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(m_caption, cap);
data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1142:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(buf, file);
data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1372:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(buf, file);
data/agg-2.6.1-r134+dfsg1/src/platform/mac/agg_platform_support.cpp:465:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(m_caption, cap);
data/agg-2.6.1-r134+dfsg1/src/platform/mac/agg_platform_support.cpp:640:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(fn, file);
data/agg-2.6.1-r134+dfsg1/src/platform/mac/agg_platform_support.cpp:663:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(fn, file);
data/agg-2.6.1-r134+dfsg1/src/platform/sdl/agg_platform_support.cpp:237:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(m_caption, cap);
data/agg-2.6.1-r134+dfsg1/src/platform/sdl/agg_platform_support.cpp:551:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(fn, file);
data/agg-2.6.1-r134+dfsg1/src/platform/sdl/agg_platform_support.cpp:613:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(fn, file);
data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:765:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(m_caption, cap);
data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:1303:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(fn, file);
data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:1322:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(fn, file);
data/agg-2.6.1-r134+dfsg1/examples/aa_test.cpp:445:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(123);
data/agg-2.6.1-r134+dfsg1/examples/alpha_gradient.cpp:95:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(1234);
data/agg-2.6.1-r134+dfsg1/examples/alpha_mask2.cpp:206:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(1432);
data/agg-2.6.1-r134+dfsg1/examples/gouraud_mesh.cpp:77:19: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
static double random(double v1, double v2)
data/agg-2.6.1-r134+dfsg1/examples/gouraud_mesh.cpp:158:29: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
double dx = random(-0.5, 0.5);
data/agg-2.6.1-r134+dfsg1/examples/gouraud_mesh.cpp:159:29: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
double dy = random(-0.5, 0.5);
data/agg-2.6.1-r134+dfsg1/examples/graph_test.cpp:94:6: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(100);
data/agg-2.6.1-r134+dfsg1/examples/graph_test.cpp:774:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(100);
data/agg-2.6.1-r134+dfsg1/examples/aa_test.cpp:550:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/agg-2.6.1-r134+dfsg1/examples/aa_test.cpp:551:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Points=%.2fK/sec, Lines=%.2fK/sec, Triangles=%.2fK/sec", 20000.0/t1, 2000.0/t2, 2000.0/t3);
data/agg-2.6.1-r134+dfsg1/examples/agg2d_demo.cpp:389:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/agg-2.6.1-r134+dfsg1/examples/alpha_mask3.cpp:200:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/agg-2.6.1-r134+dfsg1/examples/alpha_mask3.cpp:201:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Generate AlphaMask: %.3fms", t1);
data/agg-2.6.1-r134+dfsg1/examples/alpha_mask3.cpp:228:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/agg-2.6.1-r134+dfsg1/examples/alpha_mask3.cpp:229:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Render with AlphaMask: %.3fms", t1);
data/agg-2.6.1-r134+dfsg1/examples/alpha_mask3.cpp:534:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/agg-2.6.1-r134+dfsg1/examples/alpha_mask3.cpp:535:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d %d", x, y);
data/agg-2.6.1-r134+dfsg1/examples/bezier_div.cpp:441:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/agg-2.6.1-r134+dfsg1/examples/bezier_div.cpp:450:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Num Points=%d Time=%.2fmks\n\n"
data/agg-2.6.1-r134+dfsg1/examples/bezier_div.cpp:491:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(full_file_name("coord"), "w");
data/agg-2.6.1-r134+dfsg1/examples/blend_color.cpp:520:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/agg-2.6.1-r134+dfsg1/examples/blend_color.cpp:527:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%3.2f ms", tm);
data/agg-2.6.1-r134+dfsg1/examples/blur.cpp:289:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/agg-2.6.1-r134+dfsg1/examples/blur.cpp:296:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%3.2f ms", tm);
data/agg-2.6.1-r134+dfsg1/examples/circles.cpp:201:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/agg-2.6.1-r134+dfsg1/examples/circles.cpp:202:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%08u", n_drawn);
data/agg-2.6.1-r134+dfsg1/examples/circles.cpp:253:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_points = atoi(argv[1]);
data/agg-2.6.1-r134+dfsg1/examples/compositing.cpp:305:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/agg-2.6.1-r134+dfsg1/examples/compositing.cpp:312:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%3.2f ms", tm);
data/agg-2.6.1-r134+dfsg1/examples/compositing.cpp:351:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/agg-2.6.1-r134+dfsg1/examples/distortions.cpp:686:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:60:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const char* fname)
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:62:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_fd = fopen(fname, "r");
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:74:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:93:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
style.left_fill = atoi(ts);
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:95:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
style.right_fill = atoi(ts);
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:97:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
style.line = atoi(ts);
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:261:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(span, m_gradient + x, sizeof(color_type) * len);
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:311:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const char* fname)
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:313:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return m_shape.open(full_file_name(fname));
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:409:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:418:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Fill=%.2fms (%dFPS) Stroke=%.2fms (%dFPS) Total=%.2fms (%dFPS)\n\n"
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:533:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!app.open(fname))
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer.cpp:535:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:61:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const char* fname)
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:63:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_fd = fopen(fname, "r");
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:78:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:97:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
style.left_fill = atoi(ts);
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:99:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
style.right_fill = atoi(ts);
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:101:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
style.line = atoi(ts);
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:280:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const char* fname)
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:282:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return m_shape.open(full_file_name(fname));
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:392:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:401:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Fill=%.2fms (%dFPS) Stroke=%.2fms (%dFPS) Total=%.2fms (%dFPS)\n\n"
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:507:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!app.open(fname))
data/agg-2.6.1-r134+dfsg1/examples/flash_rasterizer2.cpp:509:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/agg-2.6.1-r134+dfsg1/examples/freetype_test.cpp:148:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen("dump_path", "a");
data/agg-2.6.1-r134+dfsg1/examples/freetype_test.cpp:444:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/agg-2.6.1-r134+dfsg1/examples/freetype_test.cpp:445:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,
data/agg-2.6.1-r134+dfsg1/examples/gamma_ctrl.cpp:32:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(fname, "rb");
data/agg-2.6.1-r134+dfsg1/examples/gamma_ctrl.cpp:35:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/agg-2.6.1-r134+dfsg1/examples/gamma_ctrl.cpp:51:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(fname, "wb");
data/agg-2.6.1-r134+dfsg1/examples/gamma_ctrl.cpp:63:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(fname, "w");
data/agg-2.6.1-r134+dfsg1/examples/gouraud.cpp:209:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/agg-2.6.1-r134+dfsg1/examples/gouraud.cpp:210:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Time=%2.2f ms", elapsed_time());
data/agg-2.6.1-r134+dfsg1/examples/gouraud_mesh.cpp:408:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/agg-2.6.1-r134+dfsg1/examples/gouraud_mesh.cpp:417:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%3.2f ms, %d triangles, %.0f tri/sec",
data/agg-2.6.1-r134+dfsg1/examples/gpc_test.cpp:190:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/agg-2.6.1-r134+dfsg1/examples/gpc_test.cpp:191:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Contours: %d Points: %d", counter.m_contours, counter.m_points);
data/agg-2.6.1-r134+dfsg1/examples/gpc_test.cpp:203:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "GPC=%.3fms Render=%.3fms", t1, t2);
data/agg-2.6.1-r134+dfsg1/examples/gpc_test.cpp:650:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/agg-2.6.1-r134+dfsg1/examples/gpc_test.cpp:651:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d %d", x, y);
data/agg-2.6.1-r134+dfsg1/examples/gradient_focal.cpp:175:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/agg-2.6.1-r134+dfsg1/examples/gradient_focal.cpp:180:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%3.2f ms", tm);
data/agg-2.6.1-r134+dfsg1/examples/gradients.cpp:107:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(full_file_name("settings.dat"), "w");
data/agg-2.6.1-r134+dfsg1/examples/gradients.cpp:252:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(full_file_name("settings.dat"), "r");
data/agg-2.6.1-r134+dfsg1/examples/gradients.cpp:486:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(full_file_name("colors.dat"), "w");
data/agg-2.6.1-r134+dfsg1/examples/gradients.cpp:498:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(full_file_name("profile.dat"), "w");
data/agg-2.6.1-r134+dfsg1/examples/graph_test.cpp:864:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/agg-2.6.1-r134+dfsg1/examples/graph_test.cpp:872:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%3.3f milliseconds", elapsed_time());
data/agg-2.6.1-r134+dfsg1/examples/graph_test.cpp:893:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(full_file_name("benchmark"), "a");
data/agg-2.6.1-r134+dfsg1/examples/graph_test.cpp:899:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " pipeline add_path sort render total\n"
data/agg-2.6.1-r134+dfsg1/examples/image1.cpp:161:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/agg-2.6.1-r134+dfsg1/examples/image_alpha.cpp:139:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char brightness_alpha_array[agg::span_conv_brightness_alpha::array_size];
data/agg-2.6.1-r134+dfsg1/examples/image_alpha.cpp:195:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(full_file_name("alpha"), "w");
data/agg-2.6.1-r134+dfsg1/examples/image_alpha.cpp:229:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/agg-2.6.1-r134+dfsg1/examples/image_filters.cpp:138:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/agg-2.6.1-r134+dfsg1/examples/image_filters.cpp:139:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "NSteps=%d", m_num_steps);
data/agg-2.6.1-r134+dfsg1/examples/image_filters.cpp:154:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%3.2f Kpix/sec", m_num_pix / (m_time2 - m_time1));
data/agg-2.6.1-r134+dfsg1/examples/image_filters.cpp:156:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%3.2f Kpix/sec", m_num_pix /
data/agg-2.6.1-r134+dfsg1/examples/image_filters.cpp:396:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/agg-2.6.1-r134+dfsg1/examples/image_perspective.cpp:207:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/agg-2.6.1-r134+dfsg1/examples/image_perspective.cpp:214:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%3.2f ms", tm);
data/agg-2.6.1-r134+dfsg1/examples/image_perspective.cpp:280:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/agg-2.6.1-r134+dfsg1/examples/image_resample.cpp:253:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/agg-2.6.1-r134+dfsg1/examples/image_resample.cpp:260:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%3.2f ms", tm);
data/agg-2.6.1-r134+dfsg1/examples/image_resample.cpp:344:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/agg-2.6.1-r134+dfsg1/examples/image_transforms.cpp:430:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/agg-2.6.1-r134+dfsg1/examples/line_patterns.cpp:284:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(full_file_name("coord"), "w");
data/agg-2.6.1-r134+dfsg1/examples/line_patterns.cpp:315:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/agg-2.6.1-r134+dfsg1/examples/line_patterns_clip.cpp:286:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/agg-2.6.1-r134+dfsg1/examples/line_patterns_clip.cpp:295:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Len=%.2f", agg::calc_distance(p[0], p[1], p[2], p[3]) * m_scale.scale());
data/agg-2.6.1-r134+dfsg1/examples/line_patterns_clip.cpp:339:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/agg-2.6.1-r134+dfsg1/examples/line_thickness.cpp:113:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/agg-2.6.1-r134+dfsg1/examples/line_thickness.cpp:118:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Blur: %3.2f ms", tm);
data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[4];
data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_name[128];
data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:131:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[32];
data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:132:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(get_str(tmp, buf, pos, len));
data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:137:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[32];
data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:153:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(len > 0) memcpy(dst, buf, len);
data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:201:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:207:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(len) memcpy(m_name, buf, len);
data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:789:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(full_file_name(fname), "r");
data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:802:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/agg-2.6.1-r134+dfsg1/examples/pattern_perspective.cpp:220:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/agg-2.6.1-r134+dfsg1/examples/pattern_perspective.cpp:221:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "time=%.3f", elapsed_time());
data/agg-2.6.1-r134+dfsg1/examples/pattern_perspective.cpp:271:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/agg-2.6.1-r134+dfsg1/examples/pattern_resample.cpp:278:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/agg-2.6.1-r134+dfsg1/examples/pattern_resample.cpp:285:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%3.2f ms", tm);
data/agg-2.6.1-r134+dfsg1/examples/pattern_resample.cpp:372:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/agg-2.6.1-r134+dfsg1/examples/raster_text.cpp:121:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/agg-2.6.1-r134+dfsg1/examples/raster_text.cpp:122:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "A quick brown fox jumps over the lazy dog 0123456789: ");
data/agg-2.6.1-r134+dfsg1/examples/rasterizers.cpp:240:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/agg-2.6.1-r134+dfsg1/examples/rasterizers.cpp:241:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Time Aliased=%.2fms Time Anti-Aliased=%.2fms", t1, t2);
data/agg-2.6.1-r134+dfsg1/examples/rasterizers2.cpp:530:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/agg-2.6.1-r134+dfsg1/examples/rasterizers2.cpp:531:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Aliased=%1.2fms, Anti-Aliased=%1.2fms, Scanline=%1.2fms, Image-Pattern=%1.2fms",
data/agg-2.6.1-r134+dfsg1/examples/scanline_boolean2.cpp:300:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/agg-2.6.1-r134+dfsg1/examples/scanline_boolean2.cpp:301:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Combine=%.3fms\n\nRender=%.3fms\n\nnum_spans=%d", t1, t2, num_spans);
data/agg-2.6.1-r134+dfsg1/examples/scanline_boolean2.cpp:640:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/agg-2.6.1-r134+dfsg1/examples/scanline_boolean2.cpp:641:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d %d", x, y);
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_parser.cpp:33:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[22];
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_parser.cpp:219:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024];
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_parser.cpp:230:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(fname, "r");
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_parser.cpp:368:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self.m_title + self.m_title_len, s, len);
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_parser.cpp:570:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(len) memcpy(m_attr_name, start, len);
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_parser.cpp:586:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(len) memcpy(m_attr_value, start, len);
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_renderer.cpp:391:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_renderer.cpp:392:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "parse_path: Invalid Command %c", cmd);
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_tokenizer.cpp:77:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_tokenizer.cpp:78:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "path_tokenizer::next : Invalid Character %c", *m_path);
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_tokenizer.cpp:108:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_tokenizer.cpp:109:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "parse_path: Command %c: bad or missing parameters", cmd);
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_tokenizer.cpp:119:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256]; // Should be enough for any number
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_tokenizer.h:97:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_separators_mask[256/8];
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_tokenizer.h:98:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_commands_mask[256/8];
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_path_tokenizer.h:99:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_numeric_mask[256/8];
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/svg_test.cpp:127:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/svg_test.cpp:135:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Vertices=%d Time=%.3f ms", vertex_count, tm);
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/svg_test.cpp:204:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/svg_test.cpp:205:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%3.3f, %3.3f, %3.3f, %3.3f, %3.3f, %3.3f",
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/svg_test.cpp:209:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(full_file_name("transform.txt"), "a");
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/svg_test.cpp:229:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(app.full_file_name(fname), "r");
data/agg-2.6.1-r134+dfsg1/examples/truetype_test.cpp:411:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/agg-2.6.1-r134+dfsg1/examples/truetype_test.cpp:412:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,
data/agg-2.6.1-r134+dfsg1/examples/win32_api/pure_api/pure_api.cpp:16:1: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szTitle[MAX_LOADSTRING]; // The title bar text
data/agg-2.6.1-r134+dfsg1/examples/win32_api/pure_api/pure_api.cpp:17:1: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szWindowClass[MAX_LOADSTRING]; // The title bar text
data/agg-2.6.1-r134+dfsg1/examples/win32_api/pure_api/pure_api.cpp:141:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szHello[MAX_LOADSTRING];
data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype.cpp:628:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_faces,
data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype.cpp:631:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_face_names,
data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype.cpp:833:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gamma_table[rasterizer_scanline_aa<>::aa_scale];
data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype.cpp:859:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype.cpp:861:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf(buf, ",%08X%08X%08X%08X%08X%08X",
data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.cpp:494:30: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_fonts,
data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.cpp:497:30: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_font_names,
data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.cpp:554:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gamma_table[rasterizer_scanline_aa<>::aa_scale];
data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.cpp:583:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.cpp:585:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf(buf, ",%08X%08X%08X%08X%08X%08X",
data/agg-2.6.1-r134+dfsg1/include/agg_array.h:56:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_array, c, sizeof(T) * Size);
data/agg-2.6.1-r134+dfsg1/include/agg_array.h:61:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_array, c, sizeof(T) * Size);
data/agg-2.6.1-r134+dfsg1/include/agg_array.h:124:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_array, v.m_array, sizeof(T) * m_size);
data/agg-2.6.1-r134+dfsg1/include/agg_array.h:138:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_array, v.m_array, sizeof(T) * m_size);
data/agg-2.6.1-r134+dfsg1/include/agg_array.h:249:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(data, m_array, m_size * sizeof(T));
data/agg-2.6.1-r134+dfsg1/include/agg_array.h:272:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_array, v.m_array, sizeof(T) * v.m_size);
data/agg-2.6.1-r134+dfsg1/include/agg_array.h:280:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(v.m_size) std::memcpy(m_array, v.m_array, sizeof(T) * v.m_size);
data/agg-2.6.1-r134+dfsg1/include/agg_array.h:287:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(m_size) std::memcpy(ptr, m_array, m_size * sizeof(T));
data/agg-2.6.1-r134+dfsg1/include/agg_array.h:296:28: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(byte_size) std::memcpy(m_array, data, byte_size * sizeof(T));
data/agg-2.6.1-r134+dfsg1/include/agg_array.h:589:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_blocks[i], v.m_blocks[i], block_size * sizeof(T));
data/agg-2.6.1-r134+dfsg1/include/agg_array.h:606:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_blocks[i], v.m_blocks[i], block_size * sizeof(T));
data/agg-2.6.1-r134+dfsg1/include/agg_array.h:623:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(new_blocks,
data/agg-2.6.1-r134+dfsg1/include/agg_array.h:723:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(ptr, &(*this)[i], sizeof(T));
data/agg-2.6.1-r134+dfsg1/include/agg_array.h:737:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(ptr, data, sizeof(T));
data/agg-2.6.1-r134+dfsg1/include/agg_array.h:760:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&((*this)[start + i]), data, sizeof(T));
data/agg-2.6.1-r134+dfsg1/include/agg_array.h:765:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(ptr, data, sizeof(T));
data/agg-2.6.1-r134+dfsg1/include/agg_array.h:868:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(new_blocks,
data/agg-2.6.1-r134+dfsg1/include/agg_blur.h:1360:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(r1, r0, w * sizeof(pixel_type));
data/agg-2.6.1-r134+dfsg1/include/agg_blur.h:1374:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(r2, r1, w * sizeof(pixel_type)); // duplicate bottom row
data/agg-2.6.1-r134+dfsg1/include/agg_font_cache_manager.h:175:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_fonts,
data/agg-2.6.1-r134+dfsg1/include/agg_gsv_text.h:91:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_chr[2];
data/agg-2.6.1-r134+dfsg1/include/agg_path_storage.h:310:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(new_coords,
data/agg-2.6.1-r134+dfsg1/include/agg_path_storage.h:314:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(new_cmds,
data/agg-2.6.1-r134+dfsg1/include/agg_path_storage_integer.h:125:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(ptr, &m_storage[i], sizeof(vertex_integer_type));
data/agg-2.6.1-r134+dfsg1/include/agg_path_storage_integer.h:267:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&v, m_ptr, sizeof(vertex_integer_type));
data/agg-2.6.1-r134+dfsg1/include/agg_pixfmt_amask_adaptor.h:57:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&m_span[0], covers, len * sizeof(cover_type));
data/agg-2.6.1-r134+dfsg1/include/agg_rasterizer_cells_aa.h:483:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(new_cells, m_cells, m_max_blocks * sizeof(cell_type*));
data/agg-2.6.1-r134+dfsg1/include/agg_rendering_buffer.h:109:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(row_ptr(0, y, w), src.row_ptr(y), l);
data/agg-2.6.1-r134+dfsg1/include/agg_rendering_buffer.h:239:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(row_ptr(0, y, w), src.row_ptr(y), l);
data/agg-2.6.1-r134+dfsg1/include/agg_scanline_p.h:107:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_cover_ptr, covers, len * sizeof(cover_type));
data/agg-2.6.1-r134+dfsg1/include/agg_scanline_p.h:263:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_cover_ptr, covers, len * sizeof(cover_type));
data/agg-2.6.1-r134+dfsg1/include/agg_scanline_storage_aa.h:100:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(ptr, cells, sizeof(T) * num_cells);
data/agg-2.6.1-r134+dfsg1/include/agg_scanline_storage_aa.h:106:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(s.ptr, cells, sizeof(T) * num_cells);
data/agg-2.6.1-r134+dfsg1/include/agg_scanline_storage_aa.h:147:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(dst.ptr, src.ptr, dst.len * sizeof(T));
data/agg-2.6.1-r134+dfsg1/include/agg_scanline_storage_aa.h:482:30: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(data, covers, sizeof(T));
data/agg-2.6.1-r134+dfsg1/include/agg_scanline_storage_aa.h:487:30: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(data, covers, unsigned(sp.len) * sizeof(T));
data/agg-2.6.1-r134+dfsg1/include/agg_scanline_u.h:172:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&m_covers[x], covers, len * sizeof(cover_type));
data/agg-2.6.1-r134+dfsg1/include/agg_scanline_u.h:387:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&m_covers[x], covers, len * sizeof(cover_type));
data/agg-2.6.1-r134+dfsg1/include/agg_trans_viewport.h:206:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(ptr, this, sizeof(*this));
data/agg-2.6.1-r134+dfsg1/include/agg_trans_viewport.h:211:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(this, ptr, sizeof(*this));
data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_cbox_ctrl.h:65:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_label[128];
data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_gamma_spline.h:79:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_gamma[256];
data/agg-2.6.1-r134+dfsg1/include/ctrl/agg_slider_ctrl.h:80:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_label[64];
data/agg-2.6.1-r134+dfsg1/include/platform/agg_platform_support.h:674:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_caption[256];
data/agg-2.6.1-r134+dfsg1/src/agg_gsv_text.cpp:547:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = std::fopen(file, "rb");
data/agg-2.6.1-r134+dfsg1/src/agg_gsv_text.cpp:581:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&m_text_buf[0], text, new_size);
data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_cbox_ctrl.cpp:54:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_label, l, len);
data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_gamma_ctrl.cpp:130:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[32];
data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_gamma_ctrl.cpp:243:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tbuf, "%5.3f %5.3f %5.3f %5.3f", kx1, ky1, kx2, ky2);
data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_slider_ctrl.cpp:108:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_label, fmt, len);
data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_slider_ctrl.cpp:164:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/agg-2.6.1-r134+dfsg1/src/platform/AmigaOS/agg_platform_support.cpp:613:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fn[1024];
data/agg-2.6.1-r134+dfsg1/src/platform/AmigaOS/agg_platform_support.cpp:801:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char key_buf[BUF_SIZE];
data/agg-2.6.1-r134+dfsg1/src/platform/BeOS/agg_platform_support.cpp:706:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fAppPath[B_PATH_NAME_LENGTH];
data/agg-2.6.1-r134+dfsg1/src/platform/BeOS/agg_platform_support.cpp:707:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fFilePath[B_PATH_NAME_LENGTH];
data/agg-2.6.1-r134+dfsg1/src/platform/BeOS/agg_platform_support.cpp:722:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
std::strcpy(m_caption, "Anti-Grain Geometry Application");
data/agg-2.6.1-r134+dfsg1/src/platform/BeOS/agg_platform_support.cpp:806:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[B_PATH_NAME_LENGTH];
data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:493:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
std::strcpy(m_caption, "AGG Application");
data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1141:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1146:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
std::strcat(buf, ".ppm");
data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1149:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = std::fopen(buf, "rb");
data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1174:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned width = std::atoi(ptr);
data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1187:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned height = std::atoi(ptr);
data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1195:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(std::atoi(ptr) != 255)
data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1371:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1376:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
std::strcat(buf, ".ppm");
data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1379:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = std::fopen(buf, "wb");
data/agg-2.6.1-r134+dfsg1/src/platform/mac/agg_platform_support.cpp:450:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
std::strcpy(m_caption, "Anti-Grain Geometry Application");
data/agg-2.6.1-r134+dfsg1/src/platform/mac/agg_platform_support.cpp:639:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[1024];
data/agg-2.6.1-r134+dfsg1/src/platform/mac/agg_platform_support.cpp:648:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
std::strcat(fn, ".bmp");
data/agg-2.6.1-r134+dfsg1/src/platform/mac/agg_platform_support.cpp:662:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[1024];
data/agg-2.6.1-r134+dfsg1/src/platform/mac/agg_platform_support.cpp:671:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
std::strcat(fn, ".bmp");
data/agg-2.6.1-r134+dfsg1/src/platform/sdl/agg_platform_support.cpp:222:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
std::strcpy(m_caption, "Anti-Grain Geometry Application");
data/agg-2.6.1-r134+dfsg1/src/platform/sdl/agg_platform_support.cpp:550:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[1024];
data/agg-2.6.1-r134+dfsg1/src/platform/sdl/agg_platform_support.cpp:555:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
std::strcat(fn, ".bmp");
data/agg-2.6.1-r134+dfsg1/src/platform/sdl/agg_platform_support.cpp:612:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[1024];
data/agg-2.6.1-r134+dfsg1/src/platform/sdl/agg_platform_support.cpp:617:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
std::strcat(fn, ".bmp");
data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:750:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
std::strcpy(m_caption, "Anti-Grain Geometry Application");
data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:1302:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[1024];
data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:1307:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
std::strcat(fn, ".bmp");
data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:1321:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[1024];
data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:1326:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
std::strcat(fn, ".bmp");
data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:1640:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(argv_ptr, tok.ptr, tok.len);
data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_win32_bmp.cpp:419:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, m_buf, m_bmp->bmiHeader.biSizeImage);
data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_win32_bmp.cpp:502:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fd = std::fopen(filename, "rb");
data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_win32_bmp.cpp:537:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fd = std::fopen(filename, "wb");
data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:81:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(FILE* fd);
data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:144:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int buf_len = strlen(buf);
data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:166:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned len = strlen(buf);
data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:199:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool molecule::read(FILE* fd)
data/agg-2.6.1-r134+dfsg1/examples/mol_view.cpp:795:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!m_molecules[m_num_molecules].read(fd)) break;
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_exception.h:55:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_msg(exc.m_msg ? new char[strlen(exc.m_msg) + 1] : 0)
data/agg-2.6.1-r134+dfsg1/examples/svg_viewer/agg_svg_parser.cpp:443:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned len = strlen(str);
data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype.cpp:655:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_face_names[m_num_faces] = new char [std::strlen(font_name) + 1];
data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype.cpp:820:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned name_len = std::strlen(m_name);
data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype2.cpp:751:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::size_t len=std::strlen(m_ft_face->family_name)+1;
data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype2.cpp:757:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::size_t len=std::strlen(m_ft_face->family_name)+1+std::strlen(m_ft_face->style_name)+1;
data/agg-2.6.1-r134+dfsg1/font_freetype/agg_font_freetype2.cpp:757:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::size_t len=std::strlen(m_ft_face->family_name)+1+std::strlen(m_ft_face->style_name)+1;
data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.cpp:440:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned len = strlen(typeface_);
data/agg-2.6.1-r134+dfsg1/font_win32_tt/agg_font_win32_tt.cpp:504:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_font_names[m_num_fonts] = new char[std::strlen(m_signature) + 1];
data/agg-2.6.1-r134+dfsg1/include/agg_array.h:1031:50: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
unsigned remove_duplicates(Array& arr, Equal equal)
data/agg-2.6.1-r134+dfsg1/include/agg_array.h:1039:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(!equal(e, arr[i - 1]))
data/agg-2.6.1-r134+dfsg1/include/agg_font_cache_manager.h:63:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_font_signature = (char*)m_allocator.allocate(std::strlen(font_signature) + 1);
data/agg-2.6.1-r134+dfsg1/src/agg_gsv_text.cpp:576:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned new_size = std::strlen(text) + 1;
data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_cbox_ctrl.cpp:52:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned len = strlen(l);
data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_rbox_ctrl.cpp:61:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_items[m_num_items].resize(strlen(text) + 1);
data/agg-2.6.1-r134+dfsg1/src/ctrl/agg_slider_ctrl.cpp:106:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned len = strlen(fmt);
data/agg-2.6.1-r134+dfsg1/src/platform/AmigaOS/agg_platform_support.cpp:404:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
std::strncpy(m_caption, "Anti-Grain Geometry", 256);
data/agg-2.6.1-r134+dfsg1/src/platform/AmigaOS/agg_platform_support.cpp:416:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
std::strncpy(m_caption, cap, 256);
data/agg-2.6.1-r134+dfsg1/src/platform/AmigaOS/agg_platform_support.cpp:614:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
std::strncpy(fn, file, 1024);
data/agg-2.6.1-r134+dfsg1/src/platform/AmigaOS/agg_platform_support.cpp:615:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = std::strlen(fn);
data/agg-2.6.1-r134+dfsg1/src/platform/AmigaOS/agg_platform_support.cpp:618:10: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
std::strncat(fn, ".bmp", 1024);
data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:250:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp.nitems = std::strlen(capt);
data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1143:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = std::strlen(buf);
data/agg-2.6.1-r134+dfsg1/src/platform/X11/agg_platform_support.cpp:1373:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = std::strlen(buf);
data/agg-2.6.1-r134+dfsg1/src/platform/mac/agg_platform_support.cpp:641:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = std::strlen(fn);
data/agg-2.6.1-r134+dfsg1/src/platform/mac/agg_platform_support.cpp:664:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = std::strlen(fn);
data/agg-2.6.1-r134+dfsg1/src/platform/sdl/agg_platform_support.cpp:552:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = std::strlen(fn);
data/agg-2.6.1-r134+dfsg1/src/platform/sdl/agg_platform_support.cpp:614:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = std::strlen(fn);
data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:1304:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = std::strlen(fn);
data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:1323:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = std::strlen(fn);
data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:1466:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_sep_len(sep ? strlen(sep) : 0),
data/agg-2.6.1-r134+dfsg1/src/platform/win32/agg_platform_support.cpp:1621:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* argv_str = new char [std::strlen(lpszCmdLine) + 3];
ANALYSIS SUMMARY:
Hits = 355
Lines analyzed = 110372 in approximately 2.60 seconds (42385 lines/second)
Physical Source Lines of Code (SLOC) = 81468
Hits@level = [0] 153 [1] 37 [2] 246 [3] 8 [4] 64 [5] 0
Hits@level+ = [0+] 508 [1+] 355 [2+] 318 [3+] 72 [4+] 64 [5+] 0
Hits/KSLOC@level+ = [0+] 6.23558 [1+] 4.35754 [2+] 3.90337 [3+] 0.883783 [4+] 0.785585 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.