Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/apng2gif-1.8/zlib/zutil.h
Examining data/apng2gif-1.8/zlib/zutil.c
Examining data/apng2gif-1.8/zlib/zlib.h
Examining data/apng2gif-1.8/zlib/zconf.h
Examining data/apng2gif-1.8/zlib/uncompr.c
Examining data/apng2gif-1.8/zlib/trees.h
Examining data/apng2gif-1.8/zlib/trees.c
Examining data/apng2gif-1.8/zlib/inftrees.h
Examining data/apng2gif-1.8/zlib/inftrees.c
Examining data/apng2gif-1.8/zlib/inflate.h
Examining data/apng2gif-1.8/zlib/inflate.c
Examining data/apng2gif-1.8/zlib/inffixed.h
Examining data/apng2gif-1.8/zlib/inffast.h
Examining data/apng2gif-1.8/zlib/inffast.c
Examining data/apng2gif-1.8/zlib/infback.c
Examining data/apng2gif-1.8/zlib/gzwrite.c
Examining data/apng2gif-1.8/zlib/gzread.c
Examining data/apng2gif-1.8/zlib/gzlib.c
Examining data/apng2gif-1.8/zlib/gzguts.h
Examining data/apng2gif-1.8/zlib/gzclose.c
Examining data/apng2gif-1.8/zlib/deflate.h
Examining data/apng2gif-1.8/zlib/deflate.c
Examining data/apng2gif-1.8/zlib/crc32.h
Examining data/apng2gif-1.8/zlib/crc32.c
Examining data/apng2gif-1.8/zlib/compress.c
Examining data/apng2gif-1.8/zlib/adler32.c
Examining data/apng2gif-1.8/libpng/pngwutil.c
Examining data/apng2gif-1.8/libpng/pngwtran.c
Examining data/apng2gif-1.8/libpng/pngwrite.c
Examining data/apng2gif-1.8/libpng/pngwio.c
Examining data/apng2gif-1.8/libpng/pngtrans.c
Examining data/apng2gif-1.8/libpng/pngstruct.h
Examining data/apng2gif-1.8/libpng/pngset.c
Examining data/apng2gif-1.8/libpng/pngrutil.c
Examining data/apng2gif-1.8/libpng/pngrtran.c
Examining data/apng2gif-1.8/libpng/pngrio.c
Examining data/apng2gif-1.8/libpng/pngread.c
Examining data/apng2gif-1.8/libpng/pngpriv.h
Examining data/apng2gif-1.8/libpng/pngpread.c
Examining data/apng2gif-1.8/libpng/pngmem.c
Examining data/apng2gif-1.8/libpng/pnglibconf.h
Examining data/apng2gif-1.8/libpng/pnginfo.h
Examining data/apng2gif-1.8/libpng/pngget.c
Examining data/apng2gif-1.8/libpng/pngerror.c
Examining data/apng2gif-1.8/libpng/pngdebug.h
Examining data/apng2gif-1.8/libpng/pngconf.h
Examining data/apng2gif-1.8/libpng/png.h
Examining data/apng2gif-1.8/libpng/png.c
Examining data/apng2gif-1.8/apng2gif.cpp
FINAL RESULTS:
data/apng2gif-1.8/apng2gif.cpp:1376:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(szOut, szOpt);
data/apng2gif-1.8/apng2gif.cpp:1384:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(szOut, szInput);
data/apng2gif-1.8/libpng/pngdebug.h:84:8: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(PNG_DEBUG_FILE,"%s" m PNG_STRING_NEWLINE,(num_tabs==1 ? " " : \
data/apng2gif-1.8/libpng/pngdebug.h:92:8: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(PNG_DEBUG_FILE,"%s" m PNG_STRING_NEWLINE,(num_tabs==1 ? " " : \
data/apng2gif-1.8/libpng/pngdebug.h:100:8: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(PNG_DEBUG_FILE,"%s" m PNG_STRING_NEWLINE,(num_tabs==1 ? " " : \
data/apng2gif-1.8/libpng/pngdebug.h:113:8: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(PNG_DEBUG_FILE,format); \
data/apng2gif-1.8/libpng/pngdebug.h:124:8: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(PNG_DEBUG_FILE,format,p1); \
data/apng2gif-1.8/libpng/pngdebug.h:135:8: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(PNG_DEBUG_FILE,format,p1,p2); \
data/apng2gif-1.8/libpng/pngerror.c:734:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, PNG_STRING_NEWLINE);
data/apng2gif-1.8/libpng/pngerror.c:741:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, PNG_STRING_NEWLINE);
data/apng2gif-1.8/libpng/pngerror.c:749:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, PNG_STRING_NEWLINE);
data/apng2gif-1.8/libpng/pngerror.c:805:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, PNG_STRING_NEWLINE);
data/apng2gif-1.8/libpng/pngerror.c:812:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, PNG_STRING_NEWLINE);
data/apng2gif-1.8/libpng/pngerror.c:820:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, PNG_STRING_NEWLINE);
data/apng2gif-1.8/zlib/gzguts.h:78:18: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# if !defined(vsnprintf) && !defined(NO_vsnprintf)
data/apng2gif-1.8/zlib/gzguts.h:80:18: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define vsnprintf _vsnprintf
data/apng2gif-1.8/zlib/gzguts.h:103:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/apng2gif-1.8/zlib/gzguts.h:103:20: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/apng2gif-1.8/zlib/gzlib.c:216:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(state->path, path);
data/apng2gif-1.8/zlib/gzlib.c:610:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(state->msg, state->path);
data/apng2gif-1.8/zlib/gzlib.c:612:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(state->msg, msg);
data/apng2gif-1.8/zlib/gzwrite.c:346:11: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)vsprintf((char *)(state->in), format, va);
data/apng2gif-1.8/zlib/gzwrite.c:350:11: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
len = vsprintf((char *)(state->in), format, va);
data/apng2gif-1.8/zlib/gzwrite.c:354:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(void)vsnprintf((char *)(state->in), size, format, va);
data/apng2gif-1.8/zlib/gzwrite.c:357:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf((char *)(state->in), size, format, va);
data/apng2gif-1.8/zlib/gzwrite.c:431:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf((char *)(state->in), format, a1, a2, a3, a4, a5, a6, a7, a8,
data/apng2gif-1.8/zlib/gzwrite.c:436:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
len = sprintf((char *)(state->in), format, a1, a2, a3, a4, a5, a6, a7, a8,
data/apng2gif-1.8/zlib/gzwrite.c:441:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf((char *)(state->in), size, format, a1, a2, a3, a4, a5, a6, a7, a8,
data/apng2gif-1.8/zlib/gzwrite.c:445:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = snprintf((char *)(state->in), size, format, a1, a2, a3, a4, a5, a6,
data/apng2gif-1.8/zlib/zutil.h:224:39: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Trace(x) {if (z_verbose>=0) fprintf x ;}
data/apng2gif-1.8/zlib/zutil.h:225:39: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Tracev(x) {if (z_verbose>0) fprintf x ;}
data/apng2gif-1.8/zlib/zutil.h:226:40: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Tracevv(x) {if (z_verbose>1) fprintf x ;}
data/apng2gif-1.8/zlib/zutil.h:227:48: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Tracec(c,x) {if (z_verbose>0 && (c)) fprintf x ;}
data/apng2gif-1.8/zlib/zutil.h:228:49: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Tracecv(c,x) {if (z_verbose>1 && (c)) fprintf x ;}
data/apng2gif-1.8/apng2gif.cpp:57:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pal[256][3];
data/apng2gif-1.8/apng2gif.cpp:62:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[288];
data/apng2gif-1.8/apng2gif.cpp:63:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bigcube[128][128][128];
data/apng2gif-1.8/apng2gif.cpp:69:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tag[65*65*65];
data/apng2gif-1.8/apng2gif.cpp:123:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dp, sp, w*4);
data/apng2gif-1.8/apng2gif.cpp:128:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dp, sp, 4);
data/apng2gif-1.8/apng2gif.cpp:143:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dp, sp, 4);
data/apng2gif-1.8/apng2gif.cpp:151:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char len[4];
data/apng2gif-1.8/apng2gif.cpp:161:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pChunk->p, len, 4);
data/apng2gif-1.8/apng2gif.cpp:170:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[8] = {137, 80, 78, 71, 13, 10, 26, 10};
data/apng2gif-1.8/apng2gif.cpp:213:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char footer[12] = {0, 0, 0, 0, 73, 69, 78, 68, 174, 66, 96, 130};
data/apng2gif-1.8/apng2gif.cpp:235:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sig[8];
data/apng2gif-1.8/apng2gif.cpp:251:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(szIn, "rb")) != 0)
data/apng2gif-1.8/apng2gif.cpp:309:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frameNext.p, frameCur.p, imagesize);
data/apng2gif-1.8/apng2gif.cpp:318:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frameNext.p, frameCur.p, imagesize);
data/apng2gif-1.8/apng2gif.cpp:354:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chunkIHDR.p + 8, chunk.p + 12, 8);
data/apng2gif-1.8/apng2gif.cpp:387:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chunk.p + 8, "IDAT", 4);
data/apng2gif-1.8/apng2gif.cpp:1084:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gif_head[13] = {'G', 'I', 'F', '8', '9', 'a', 0, 0, 0, 0, 0, 0, 0};
data/apng2gif-1.8/apng2gif.cpp:1085:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char netscape[19] = {0x21, 0xFF, 0x0B, 'N', 'E', 'T', 'S', 'C', 'A', 'P', 'E', '2', '.', '0', 3, 1, 0, 0, 0};
data/apng2gif-1.8/apng2gif.cpp:1086:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gce[8] = {0x21, 0xF9, 4, 4, 10, 0, 0, 0};
data/apng2gif-1.8/apng2gif.cpp:1087:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char img_head[10] = {0x2C, 0, 0, 0, 0, 0, 0, 0, 0, 0};
data/apng2gif-1.8/apng2gif.cpp:1105:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f1 = fopen(szOut, "wb")) == 0)
data/apng2gif-1.8/apng2gif.cpp:1115:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gif_head+6, &w, 2);
data/apng2gif-1.8/apng2gif.cpp:1116:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gif_head+8, &h, 2);
data/apng2gif-1.8/apng2gif.cpp:1117:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(netscape+16, &num_reps, 2);
data/apng2gif-1.8/apng2gif.cpp:1118:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(img_head+5, &w, 2);
data/apng2gif-1.8/apng2gif.cpp:1119:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(img_head+7, &h, 2);
data/apng2gif-1.8/apng2gif.cpp:1213:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pc, pb, w0);
data/apng2gif-1.8/apng2gif.cpp:1220:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gce+4, &img[n].delay_num, 2);
data/apng2gif-1.8/apng2gif.cpp:1224:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gce+4, &delay_ms, 2);
data/apng2gif-1.8/apng2gif.cpp:1229:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(img_head+1, &x0, 2);
data/apng2gif-1.8/apng2gif.cpp:1230:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(img_head+3, &y0, 2);
data/apng2gif-1.8/apng2gif.cpp:1231:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(img_head+5, &w0, 2);
data/apng2gif-1.8/apng2gif.cpp:1232:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(img_head+7, &h0, 2);
data/apng2gif-1.8/apng2gif.cpp:1293:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szOut[256];
data/apng2gif-1.8/apng2gif.cpp:1333:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tlevel = atoi(szOpt);
data/apng2gif-1.8/apng2gif.cpp:1360:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
back_r = atoi(argv[i]);
data/apng2gif-1.8/apng2gif.cpp:1361:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
back_g = atoi(argv[++i]);
data/apng2gif-1.8/apng2gif.cpp:1362:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
back_b = atoi(argv[++i]);
data/apng2gif-1.8/apng2gif.cpp:1386:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szOut, ".gif");
data/apng2gif-1.8/libpng/png.c:203:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m[128];
data/apng2gif-1.8/libpng/png.c:697:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
png_convert_to_rfc1123_buffer(char out[29], png_const_timep ptime)
data/apng2gif-1.8/libpng/png.c:699:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static PNG_CONST char short_months[12][4] =
data/apng2gif-1.8/libpng/png.c:715:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number_buf[5]; /* enough for a four-digit year */
data/apng2gif-1.8/libpng/png.c:1793:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[196]; /* see below for calculation */
data/apng2gif-1.8/libpng/png.c:1812:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[PNG_NUMBER_BUFFER_SIZE]; /* +24 = 114*/
data/apng2gif-1.8/libpng/png.c:2937:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exponent[10];
data/apng2gif-1.8/libpng/png.c:3195:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digits[10];
data/apng2gif-1.8/libpng/png.h:1066:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
PNG_EXPORT(241, int, png_convert_to_rfc1123_buffer, (char out[29],
data/apng2gif-1.8/libpng/png.h:2727:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[64];
data/apng2gif-1.8/libpng/pngdebug.h:109:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[256]; \
data/apng2gif-1.8/libpng/pngdebug.h:120:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[256]; \
data/apng2gif-1.8/libpng/pngdebug.h:131:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[256]; \
data/apng2gif-1.8/libpng/pngerror.c:43:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[16];
data/apng2gif-1.8/libpng/pngerror.c:258:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[PNG_NUMBER_BUFFER_SIZE];
data/apng2gif-1.8/libpng/pngerror.c:268:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[PNG_NUMBER_BUFFER_SIZE];
data/apng2gif-1.8/libpng/pngerror.c:293:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[192];
data/apng2gif-1.8/libpng/pngerror.c:428:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static PNG_CONST char png_digit[16] = {
data/apng2gif-1.8/libpng/pngerror.c:483:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[18+PNG_MAX_ERROR_TEXT];
data/apng2gif-1.8/libpng/pngerror.c:499:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[18+PNG_MAX_ERROR_TEXT];
data/apng2gif-1.8/libpng/pngerror.c:577:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[fixed_message_ln+PNG_MAX_ERROR_TEXT];
data/apng2gif-1.8/libpng/pngerror.c:578:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg, fixed_message, fixed_message_ln);
data/apng2gif-1.8/libpng/pngerror.c:721:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_number[16];
data/apng2gif-1.8/libpng/pngerror.c:792:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char warning_number[16];
data/apng2gif-1.8/libpng/pngmem.c:154:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_array, old_array, element_size*(unsigned)old_elements);
data/apng2gif-1.8/libpng/pngpread.c:438:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, png_ptr->save_buffer_ptr, save_size);
data/apng2gif-1.8/libpng/pngpread.c:455:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, png_ptr->current_buffer_ptr, save_size);
data/apng2gif-1.8/libpng/pngpread.c:505:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(png_ptr->save_buffer, old_buffer, png_ptr->save_buffer_size);
data/apng2gif-1.8/libpng/pngpread.c:513:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(png_ptr->save_buffer + png_ptr->save_buffer_size,
data/apng2gif-1.8/libpng/pngpread.c:764:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(png_ptr->prev_row, png_ptr->row_buf, row_info.rowbytes + 1);
data/apng2gif-1.8/libpng/pngpriv.h:1739:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char png_warning_parameters[PNG_WARNING_PARAMETER_COUNT][
data/apng2gif-1.8/libpng/pngread.c:553:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(png_ptr->prev_row, png_ptr->row_buf, row_info.rowbytes + 1);
data/apng2gif-1.8/libpng/pngread.c:1491:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(file_name, "rb");
data/apng2gif-1.8/libpng/pngread.c:1539:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, memory, need);
data/apng2gif-1.8/libpng/pngrutil.c:342:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[64];
data/apng2gif-1.8/libpng/pngrutil.c:685:28: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(text, png_ptr->read_buffer, prefix_size);
data/apng2gif-1.8/libpng/pngrutil.c:1404:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[81];
data/apng2gif-1.8/libpng/pngrutil.c:1473:28: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(profile, profile_header,
data/apng2gif-1.8/libpng/pngrutil.c:1539:43: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info_ptr->iccp_name, keyword,
data/apng2gif-1.8/libpng/pngrutil.c:3513:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dp, sp, bytes_to_copy);
data/apng2gif-1.8/libpng/pngrutil.c:3538:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dp, sp, PNG_ROWBYTES(pixel_depth, row_width));
data/apng2gif-1.8/libpng/pngrutil.c:3770:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v, sp, pixel_bytes);
data/apng2gif-1.8/libpng/pngrutil.c:3774:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dp, v, pixel_bytes);
data/apng2gif-1.8/libpng/pngset.c:321:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info_ptr->pcal_purpose, purpose, length);
data/apng2gif-1.8/libpng/pngset.c:343:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info_ptr->pcal_units, units, length);
data/apng2gif-1.8/libpng/pngset.c:373:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info_ptr->pcal_params[i], params[i], length);
data/apng2gif-1.8/libpng/pngset.c:423:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info_ptr->scal_s_width, swidth, lengthw);
data/apng2gif-1.8/libpng/pngset.c:442:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info_ptr->scal_s_height, sheight, lengthh);
data/apng2gif-1.8/libpng/pngset.c:465:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char swidth[PNG_sCAL_MAX_DIGITS+1];
data/apng2gif-1.8/libpng/pngset.c:466:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sheight[PNG_sCAL_MAX_DIGITS+1];
data/apng2gif-1.8/libpng/pngset.c:495:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char swidth[PNG_sCAL_MAX_DIGITS+1];
data/apng2gif-1.8/libpng/pngset.c:496:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sheight[PNG_sCAL_MAX_DIGITS+1];
data/apng2gif-1.8/libpng/pngset.c:579:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(png_ptr->palette, palette, (unsigned int)num_palette *
data/apng2gif-1.8/libpng/pngset.c:688:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_iccp_name, name, length);
data/apng2gif-1.8/libpng/pngset.c:701:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_iccp_profile, profile, proflen);
data/apng2gif-1.8/libpng/pngset.c:871:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(textp->key, text_ptr[i].key, key_len);
data/apng2gif-1.8/libpng/pngset.c:877:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(textp->lang, text_ptr[i].lang, lang_len);
data/apng2gif-1.8/libpng/pngset.c:880:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(textp->lang_key, text_ptr[i].lang_key, lang_key_len);
data/apng2gif-1.8/libpng/pngset.c:893:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(textp->text, text_ptr[i].text, text_length);
data/apng2gif-1.8/libpng/pngset.c:974:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info_ptr->trans_alpha, trans_alpha, (png_size_t)num_trans);
data/apng2gif-1.8/libpng/pngset.c:1076:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(np->name, entries->name, length);
data/apng2gif-1.8/libpng/pngset.c:1096:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(np->entries, entries->entries,
data/apng2gif-1.8/libpng/pngset.c:1214:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(np->name, unknowns->name, (sizeof np->name));
data/apng2gif-1.8/libpng/pngset.c:1237:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(np->data, unknowns->data, unknowns->size);
data/apng2gif-1.8/libpng/pngset.c:1316:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(list, add, 4);
data/apng2gif-1.8/libpng/pngset.c:1416:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_list, png_ptr->chunk_list, 5*old_num_chunks);
data/apng2gif-1.8/libpng/pngset.c:1449:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outlist, inlist, 5);
data/apng2gif-1.8/libpng/pngstruct.h:362:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_buffer[29]; /* String to hold RFC 1123 time text */
data/apng2gif-1.8/libpng/pngwrite.c:831:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(png_ptr->row_buf + 1, row, row_info.rowbytes);
data/apng2gif-1.8/libpng/pngwrite.c:2168:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(display->memory+ob, data, size);
data/apng2gif-1.8/libpng/pngwrite.c:2327:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(file_name, "wb");
data/apng2gif-1.8/libpng/pngwutil.c:299:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[64];
data/apng2gif-1.8/libpng/pngwutil.c:1806:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 1, width, wlen + 1); /* Append the '\0' here */
data/apng2gif-1.8/libpng/pngwutil.c:1807:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + wlen + 2, height, hlen); /* Do NOT append the '\0' here */
data/apng2gif-1.8/libpng/pngwutil.c:2226:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dp, sp, pixel_bytes);
data/apng2gif-1.8/zlib/crc32.c:145:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen("crc32.h", "w");
data/apng2gif-1.8/zlib/gzguts.h:39:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
# define open _open
data/apng2gif-1.8/zlib/gzlib.c:36:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/apng2gif-1.8/zlib/gzlib.c:65:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "unknown win32 error (%ld)", error);
data/apng2gif-1.8/zlib/gzlib.c:245:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open((const char *)path, oflag, 0666));
data/apng2gif-1.8/zlib/gzlib.c:296:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "<fd:%d>", fd); /* for debugging */
data/apng2gif-1.8/zlib/gzlib.c:611:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(state->msg, ": ");
data/apng2gif-1.8/zlib/gzread.c:158:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->x.next, strm->next_in, strm->avail_in);
data/apng2gif-1.8/zlib/gzread.c:332:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, state->x.next, n);
data/apng2gif-1.8/zlib/gzread.c:391:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1];
data/apng2gif-1.8/zlib/gzread.c:531:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, state->x.next, n);
data/apng2gif-1.8/zlib/gzwrite.c:218:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->in + have, buf, copy);
data/apng2gif-1.8/zlib/gzwrite.c:250:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1];
data/apng2gif-1.8/zlib/inflate.c:623:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hbuf[4]; /* buffer for gzip header crc calculation */
data/apng2gif-1.8/zlib/inflate.c:1382:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4]; /* to restore bit buffer to byte string */
data/apng2gif-1.8/zlib/trees.c:330:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *header = fopen("trees.h", "w");
data/apng2gif-1.8/zlib/zutil.c:17:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
z_const char * const z_errmsg[10] = {
data/apng2gif-1.8/zlib/zutil.h:47:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern z_const char * const z_errmsg[10]; /* indexed by 2-zlib_error */
data/apng2gif-1.8/zlib/zutil.h:107:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fopen((name), (mode), "mbc=60", "ctx=stm", "rfm=fix", "mrs=512")
data/apng2gif-1.8/zlib/zutil.h:184:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
# define F_OPEN(name, mode) fopen((name), (mode))
data/apng2gif-1.8/zlib/zutil.h:208:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define zmemcpy memcpy
data/apng2gif-1.8/apng2gif.cpp:1301:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argc > 1 && strlen(argv[1]) < 256)
data/apng2gif-1.8/libpng/pngrutil.c:2498:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_info.text_length = strlen(text);
data/apng2gif-1.8/libpng/pngset.c:278:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(purpose) + 1;
data/apng2gif-1.8/libpng/pngset.c:303:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!png_check_fp_string(params[i], strlen(params[i])))
data/apng2gif-1.8/libpng/pngset.c:329:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(units) + 1;
data/apng2gif-1.8/libpng/pngset.c:360:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(params[i]) + 1;
data/apng2gif-1.8/libpng/pngset.c:399:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (swidth == NULL || (lengthw = strlen(swidth)) == 0 ||
data/apng2gif-1.8/libpng/pngset.c:403:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sheight == NULL || (lengthh = strlen(sheight)) == 0 ||
data/apng2gif-1.8/libpng/pngset.c:678:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(name)+1;
data/apng2gif-1.8/libpng/pngset.c:804:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_len = strlen(text_ptr[i].key);
data/apng2gif-1.8/libpng/pngset.c:818:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lang_len = strlen(text_ptr[i].lang);
data/apng2gif-1.8/libpng/pngset.c:824:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lang_key_len = strlen(text_ptr[i].lang_key);
data/apng2gif-1.8/libpng/pngset.c:851:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_length = strlen(text_ptr[i].text);
data/apng2gif-1.8/libpng/pngset.c:1070:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(entries->name) + 1;
data/apng2gif-1.8/libpng/pngwutil.c:1525:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_len = strlen(text);
data/apng2gif-1.8/libpng/pngwutil.c:1580:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text == NULL ? 0 : strlen(text));
data/apng2gif-1.8/libpng/pngwutil.c:1648:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lang_len = strlen(lang)+1;
data/apng2gif-1.8/libpng/pngwutil.c:1650:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lang_key_len = strlen(lang_key)+1;
data/apng2gif-1.8/libpng/pngwutil.c:1664:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
png_text_compress_init(&comp, (png_const_bytep)text, strlen(text));
data/apng2gif-1.8/libpng/pngwutil.c:1746:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
units_len = strlen(units) + (nparams == 0 ? 0 : 1);
data/apng2gif-1.8/libpng/pngwutil.c:1758:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
params_len[i] = strlen(params[i]) + (i == nparams - 1 ? 0 : 1);
data/apng2gif-1.8/libpng/pngwutil.c:1795:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wlen = strlen(width);
data/apng2gif-1.8/libpng/pngwutil.c:1796:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hlen = strlen(height);
data/apng2gif-1.8/zlib/gzguts.h:40:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# define read _read
data/apng2gif-1.8/zlib/gzlib.c:199:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((const char *)path);
data/apng2gif-1.8/zlib/gzlib.c:601:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((state->msg = (char *)malloc(strlen(state->path) + strlen(msg) + 3)) ==
data/apng2gif-1.8/zlib/gzlib.c:601:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((state->msg = (char *)malloc(strlen(state->path) + strlen(msg) + 3)) ==
data/apng2gif-1.8/zlib/gzlib.c:607:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(state->msg, strlen(state->path) + strlen(msg) + 3,
data/apng2gif-1.8/zlib/gzlib.c:607:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(state->msg, strlen(state->path) + strlen(msg) + 3,
data/apng2gif-1.8/zlib/gzread.c:30:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(state->fd, buf + *have, len - *have);
data/apng2gif-1.8/zlib/gzwrite.c:301:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (unsigned)strlen(str);
data/apng2gif-1.8/zlib/gzwrite.c:355:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((char *)(state->in));
data/apng2gif-1.8/zlib/gzwrite.c:443:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((char *)(state->in));
ANALYSIS SUMMARY:
Hits = 203
Lines analyzed = 51804 in approximately 1.42 seconds (36358 lines/second)
Physical Source Lines of Code (SLOC) = 33307
Hits@level = [0] 62 [1] 33 [2] 136 [3] 0 [4] 34 [5] 0
Hits@level+ = [0+] 265 [1+] 203 [2+] 170 [3+] 34 [4+] 34 [5+] 0
Hits/KSLOC@level+ = [0+] 7.95629 [1+] 6.09481 [2+] 5.10403 [3+] 1.02081 [4+] 1.02081 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.