Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/auto-multiple-choice-1.4.0/buildpdf.cc Examining data/auto-multiple-choice-1.4.0/minimal-getline.c Examining data/auto-multiple-choice-1.4.0/AMC-buildpdf.cc Examining data/auto-multiple-choice-1.4.0/AMC-detect.cc Examining data/auto-multiple-choice-1.4.0/pdfformfields.c FINAL RESULTS: data/auto-multiple-choice-1.4.0/AMC-detect.cc:1254:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. } else if(sscanf(commande, "mesure0 %lf %s %lf %lf %lf %lf", data/auto-multiple-choice-1.4.0/AMC-detect.cc:1297:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(commande, "annote %s", text) == 1) { data/auto-multiple-choice-1.4.0/pdfformfields.c:104:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(f_name, argv[i]); data/auto-multiple-choice-1.4.0/AMC-buildpdf.cc:61:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt(argc, argv, "d:h:w:l:")) != -1) { data/auto-multiple-choice-1.4.0/AMC-detect.cc:1077:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "x:y:d:i:p:m:t:c:o:vPrk")) != -1) { data/auto-multiple-choice-1.4.0/AMC-detect.cc:451:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void*)&t_best, (void*)t, sizeof(linear_transform)); data/auto-multiple-choice-1.4.0/AMC-detect.cc:454:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void*)t, (void*)&t_best, sizeof(linear_transform)); data/auto-multiple-choice-1.4.0/AMC-detect.cc:1085:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 'c': n_min_cc = atoi(optarg); break; data/auto-multiple-choice-1.4.0/AMC-detect.cc:1099:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[128]; data/auto-multiple-choice-1.4.0/AMC-detect.cc:1100:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shape_name[32]; data/auto-multiple-choice-1.4.0/buildpdf.cc:90:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data,BUFFER_CLOSURE(closure)->buffer + BUFFER_CLOSURE(closure)->offset,length); data/auto-multiple-choice-1.4.0/pdfformfields.c:25:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char argv_beginning[100]; data/auto-multiple-choice-1.4.0/pdfformfields.c:91:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char f_name[256] = ""; data/auto-multiple-choice-1.4.0/pdfformfields.c:101:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(f_name, "/dev/stdin"); data/auto-multiple-choice-1.4.0/AMC-detect.cc:1296:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if(strlen(commande) < 100 && data/auto-multiple-choice-1.4.0/AMC-detect.cc:1329:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(illustr.data && strlen(out_image_file) > 1) { data/auto-multiple-choice-1.4.0/pdfformfields.c:26:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stpncpy(argv_beginning, argv, strlen(expected)); data/auto-multiple-choice-1.4.0/pdfformfields.c:47:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while(i < strlen(str)) { data/auto-multiple-choice-1.4.0/pdfformfields.c:50:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (i+j < strlen(str) && j < strlen(token) && str[i+j] == token[j]) j++; data/auto-multiple-choice-1.4.0/pdfformfields.c:50:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (i+j < strlen(str) && j < strlen(token) && str[i+j] == token[j]) j++; data/auto-multiple-choice-1.4.0/pdfformfields.c:51:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (j == strlen(token)) { data/auto-multiple-choice-1.4.0/pdfformfields.c:52:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i += strlen(token); data/auto-multiple-choice-1.4.0/pdfformfields.c:107:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(f_name) == 0) { data/auto-multiple-choice-1.4.0/pdfformfields.c:141:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(poppler_form_field_get_name(f->field))>0) { ANALYSIS SUMMARY: Hits = 24 Lines analyzed = 3035 in approximately 0.24 seconds (12698 lines/second) Physical Source Lines of Code (SLOC) = 1977 Hits@level = [0] 175 [1] 10 [2] 9 [3] 2 [4] 3 [5] 0 Hits@level+ = [0+] 199 [1+] 24 [2+] 14 [3+] 5 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 100.658 [1+] 12.1396 [2+] 7.08144 [3+] 2.52908 [4+] 1.51745 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.