Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/apngdis-2.9/apngdis.cpp FINAL RESULTS: data/apngdis-2.9/apngdis.cpp:517:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(szPath, szInput); data/apngdis-2.9/apngdis.cpp:543:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(szPath, szOption+j); data/apngdis-2.9/apngdis.cpp:558:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(szOut, szInput); data/apngdis-2.9/apngdis.cpp:573:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(szOut, "%s%.*d.png", szPath, len, i+res); data/apngdis-2.9/apngdis.cpp:576:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(szOut, "%s%.*d.txt", szPath, len, i+res); data/apngdis-2.9/apngdis.cpp:100:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dp, sp, w*4); data/apngdis-2.9/apngdis.cpp:105:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dp, sp, 4); data/apngdis-2.9/apngdis.cpp:120:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dp, sp, 4); data/apngdis-2.9/apngdis.cpp:128:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char len[4]; data/apngdis-2.9/apngdis.cpp:138:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pChunk->p, len, 4); data/apngdis-2.9/apngdis.cpp:147:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char header[8] = {137, 80, 78, 71, 13, 10, 26, 10}; data/apngdis-2.9/apngdis.cpp:190:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char footer[12] = {0, 0, 0, 0, 73, 69, 78, 68, 174, 66, 96, 130}; data/apngdis-2.9/apngdis.cpp:212:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sig[8]; data/apngdis-2.9/apngdis.cpp:228:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen(szIn, "rb")) != 0) data/apngdis-2.9/apngdis.cpp:285:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(frameNext.p, frameCur.p, imagesize); data/apngdis-2.9/apngdis.cpp:294:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(frameNext.p, frameCur.p, imagesize); data/apngdis-2.9/apngdis.cpp:330:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(chunkIHDR.p + 8, chunk.p + 12, 8); data/apngdis-2.9/apngdis.cpp:363:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(chunk.p + 8, "IDAT", 4); data/apngdis-2.9/apngdis.cpp:441:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen(szOut, "wb")) != 0) data/apngdis-2.9/apngdis.cpp:475:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen(szOut, "wb")) != 0) data/apngdis-2.9/apngdis.cpp:491:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen(szOut, "wt")) != 0) data/apngdis-2.9/apngdis.cpp:503:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPath[256]; data/apngdis-2.9/apngdis.cpp:504:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szOut[256]; data/apngdis-2.9/apngdis.cpp:547:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(szPath, "apngframe"); data/apngdis-2.9/apngdis.cpp:561:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(szOut, "_strip.png"); data/apngdis-2.9/apngdis.cpp:567:24: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. unsigned int len = sprintf(szOut, "%d", num_frames); data/apngdis-2.9/apngdis.cpp:509:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (argc > 1 && strlen(argv[1]) < 256) ANALYSIS SUMMARY: Hits = 27 Lines analyzed = 589 in approximately 0.02 seconds (24781 lines/second) Physical Source Lines of Code (SLOC) = 487 Hits@level = [0] 10 [1] 1 [2] 21 [3] 0 [4] 5 [5] 0 Hits@level+ = [0+] 37 [1+] 27 [2+] 26 [3+] 5 [4+] 5 [5+] 0 Hits/KSLOC@level+ = [0+] 75.9754 [1+] 55.4415 [2+] 53.3881 [3+] 10.2669 [4+] 10.2669 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.