Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/auto-multiple-choice-1.4.0/buildpdf.cc
Examining data/auto-multiple-choice-1.4.0/minimal-getline.c
Examining data/auto-multiple-choice-1.4.0/AMC-buildpdf.cc
Examining data/auto-multiple-choice-1.4.0/AMC-detect.cc
Examining data/auto-multiple-choice-1.4.0/pdfformfields.c
FINAL RESULTS:
data/auto-multiple-choice-1.4.0/AMC-detect.cc:1254:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if(sscanf(commande, "mesure0 %lf %s %lf %lf %lf %lf",
data/auto-multiple-choice-1.4.0/AMC-detect.cc:1297:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(commande, "annote %s", text) == 1) {
data/auto-multiple-choice-1.4.0/pdfformfields.c:104:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(f_name, argv[i]);
data/auto-multiple-choice-1.4.0/AMC-buildpdf.cc:61:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "d:h:w:l:")) != -1) {
data/auto-multiple-choice-1.4.0/AMC-detect.cc:1077:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "x:y:d:i:p:m:t:c:o:vPrk")) != -1) {
data/auto-multiple-choice-1.4.0/AMC-detect.cc:451:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)&t_best, (void*)t, sizeof(linear_transform));
data/auto-multiple-choice-1.4.0/AMC-detect.cc:454:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)t, (void*)&t_best, sizeof(linear_transform));
data/auto-multiple-choice-1.4.0/AMC-detect.cc:1085:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'c': n_min_cc = atoi(optarg); break;
data/auto-multiple-choice-1.4.0/AMC-detect.cc:1099:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[128];
data/auto-multiple-choice-1.4.0/AMC-detect.cc:1100:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shape_name[32];
data/auto-multiple-choice-1.4.0/buildpdf.cc:90:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data,BUFFER_CLOSURE(closure)->buffer + BUFFER_CLOSURE(closure)->offset,length);
data/auto-multiple-choice-1.4.0/pdfformfields.c:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char argv_beginning[100];
data/auto-multiple-choice-1.4.0/pdfformfields.c:91:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f_name[256] = "";
data/auto-multiple-choice-1.4.0/pdfformfields.c:101:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(f_name, "/dev/stdin");
data/auto-multiple-choice-1.4.0/AMC-detect.cc:1296:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if(strlen(commande) < 100 &&
data/auto-multiple-choice-1.4.0/AMC-detect.cc:1329:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(illustr.data && strlen(out_image_file) > 1) {
data/auto-multiple-choice-1.4.0/pdfformfields.c:26:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stpncpy(argv_beginning, argv, strlen(expected));
data/auto-multiple-choice-1.4.0/pdfformfields.c:47:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(i < strlen(str)) {
data/auto-multiple-choice-1.4.0/pdfformfields.c:50:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (i+j < strlen(str) && j < strlen(token) && str[i+j] == token[j]) j++;
data/auto-multiple-choice-1.4.0/pdfformfields.c:50:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (i+j < strlen(str) && j < strlen(token) && str[i+j] == token[j]) j++;
data/auto-multiple-choice-1.4.0/pdfformfields.c:51:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (j == strlen(token)) {
data/auto-multiple-choice-1.4.0/pdfformfields.c:52:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i += strlen(token);
data/auto-multiple-choice-1.4.0/pdfformfields.c:107:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(f_name) == 0) {
data/auto-multiple-choice-1.4.0/pdfformfields.c:141:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(poppler_form_field_get_name(f->field))>0) {
ANALYSIS SUMMARY:
Hits = 24
Lines analyzed = 3035 in approximately 0.24 seconds (12698 lines/second)
Physical Source Lines of Code (SLOC) = 1977
Hits@level = [0] 175 [1] 10 [2] 9 [3] 2 [4] 3 [5] 0
Hits@level+ = [0+] 199 [1+] 24 [2+] 14 [3+] 5 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 100.658 [1+] 12.1396 [2+] 7.08144 [3+] 2.52908 [4+] 1.51745 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.