Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/apngopt-1.2/apngopt.c
FINAL RESULTS:
data/apngopt-1.2/apngopt.c:2372:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(szOut, szIn);
data/apngopt-1.2/apngopt.c:84:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char png_sign[8] = {137, 80, 78, 71, 13, 10, 26, 10};
data/apngopt-1.2/apngopt.c:91:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pl[256][3];
data/apngopt-1.2/apngopt.c:92:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tr[256];
data/apngopt-1.2/apngopt.c:547:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sig[8];
data/apngopt-1.2/apngopt.c:573:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f1 = fopen(szIn, "rb")) == 0)
data/apngopt-1.2/apngopt.c:782:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pImg1 + outimg1, pImg1, outimg1);
data/apngopt-1.2/apngopt.c:784:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pImg2 + outimg2, pImg2, outimg2);
data/apngopt-1.2/apngopt.c:803:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pImg1 + outimg1, pImg1, outimg1);
data/apngopt-1.2/apngopt.c:805:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pImg2 + outimg2, pImg2, outimg2);
data/apngopt-1.2/apngopt.c:1088:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pc, &c2, 3);
data/apngopt-1.2/apngopt.c:1283:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char trns[256];
data/apngopt-1.2/apngopt.c:1285:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cube[4096];
data/apngopt-1.2/apngopt.c:1286:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gray[256];
data/apngopt-1.2/apngopt.c:1361:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dp, dp+imgstride, imgstride);
data/apngopt-1.2/apngopt.c:1707:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(trns, tr, ts);
data/apngopt-1.2/apngopt.c:1974:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(trns, tr, ts);
data/apngopt-1.2/apngopt.c:2089:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(szOut, "wb")) != 0)
data/apngopt-1.2/apngopt.c:2148:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zbuf, op[0].zbuf, zsize);
data/apngopt-1.2/apngopt.c:2153:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zbuf, op[1].zbuf, zsize);
data/apngopt-1.2/apngopt.c:2174:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zbuf, op[0].zbuf, zsize);
data/apngopt-1.2/apngopt.c:2179:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zbuf, op[1].zbuf, zsize);
data/apngopt-1.2/apngopt.c:2210:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpframe, cur_frame, imagesize);
data/apngopt-1.2/apngopt.c:2214:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpframe + ((j+y0)*width + (k+x0))*3, &tcolor, 3);
data/apngopt-1.2/apngopt.c:2270:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur_frame + ((j+y0)*width + (k+x0))*3, &tcolor, 3);
data/apngopt-1.2/apngopt.c:2279:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur_frame + ((j+y0)*width + x0)*bpp, prev_frame + ((j+y0)*width + x0)*bpp, w0*bpp);
data/apngopt-1.2/apngopt.c:2290:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zbuf, op[op_best].zbuf, zsize);
data/apngopt-1.2/apngopt.c:2345:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szOut[256];
data/apngopt-1.2/apngopt.c:2374:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szOut, ".opt.png");
data/apngopt-1.2/apngopt.c:2367:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(szOut, argv[2], 255);
ANALYSIS SUMMARY:
Hits = 30
Lines analyzed = 2403 in approximately 0.07 seconds (35739 lines/second)
Physical Source Lines of Code (SLOC) = 2131
Hits@level = [0] 31 [1] 1 [2] 28 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 61 [1+] 30 [2+] 29 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 28.6251 [1+] 14.0779 [2+] 13.6086 [3+] 0.469263 [4+] 0.469263 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.