Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/dime-0.20111205/cfg/wrapmsvc.cpp Examining data/dime-0.20111205/dxf2vrml/dxf2vrml.cpp Examining data/dime-0.20111205/dxfsphere/dxfsphere.cpp Examining data/dime-0.20111205/include/dime/Base.h Examining data/dime-0.20111205/include/dime/Basic.h Examining data/dime-0.20111205/include/dime/Input.h Examining data/dime-0.20111205/include/dime/Layer.h Examining data/dime-0.20111205/include/dime/Model.h Examining data/dime-0.20111205/include/dime/Output.h Examining data/dime-0.20111205/include/dime/RecordHolder.h Examining data/dime-0.20111205/include/dime/State.h Examining data/dime-0.20111205/include/dime/classes/Class.h Examining data/dime-0.20111205/include/dime/classes/UnknownClass.h Examining data/dime-0.20111205/include/dime/convert/convert.h Examining data/dime-0.20111205/include/dime/convert/layerdata.h Examining data/dime-0.20111205/include/dime/entities/3DFace.h Examining data/dime-0.20111205/include/dime/entities/Arc.h Examining data/dime-0.20111205/include/dime/entities/Block.h Examining data/dime-0.20111205/include/dime/entities/Circle.h Examining data/dime-0.20111205/include/dime/entities/Ellipse.h Examining data/dime-0.20111205/include/dime/entities/Entity.h Examining data/dime-0.20111205/include/dime/entities/ExtrusionEntity.h Examining data/dime-0.20111205/include/dime/entities/FaceEntity.h Examining data/dime-0.20111205/include/dime/entities/Insert.h Examining data/dime-0.20111205/include/dime/entities/LWPolyline.h Examining data/dime-0.20111205/include/dime/entities/Line.h Examining data/dime-0.20111205/include/dime/entities/Point.h Examining data/dime-0.20111205/include/dime/entities/Polyline.h Examining data/dime-0.20111205/include/dime/entities/Solid.h Examining data/dime-0.20111205/include/dime/entities/Spline.h Examining data/dime-0.20111205/include/dime/entities/Text.h Examining data/dime-0.20111205/include/dime/entities/Trace.h Examining data/dime-0.20111205/include/dime/entities/UnknownEntity.h Examining data/dime-0.20111205/include/dime/entities/Vertex.h Examining data/dime-0.20111205/include/dime/objects/Object.h Examining data/dime-0.20111205/include/dime/objects/UnknownObject.h Examining data/dime-0.20111205/include/dime/records/DoubleRecord.h Examining data/dime-0.20111205/include/dime/records/FloatRecord.h Examining data/dime-0.20111205/include/dime/records/HexRecord.h Examining data/dime-0.20111205/include/dime/records/Int16Record.h Examining data/dime-0.20111205/include/dime/records/Int32Record.h Examining data/dime-0.20111205/include/dime/records/Int8Record.h Examining data/dime-0.20111205/include/dime/records/Record.h Examining data/dime-0.20111205/include/dime/records/StringRecord.h Examining data/dime-0.20111205/include/dime/sections/BlocksSection.h Examining data/dime-0.20111205/include/dime/sections/ClassesSection.h Examining data/dime-0.20111205/include/dime/sections/EntitiesSection.h Examining data/dime-0.20111205/include/dime/sections/HeaderSection.h Examining data/dime-0.20111205/include/dime/sections/ObjectsSection.h Examining data/dime-0.20111205/include/dime/sections/Section.h Examining data/dime-0.20111205/include/dime/sections/TablesSection.h Examining data/dime-0.20111205/include/dime/sections/UnknownSection.h Examining data/dime-0.20111205/include/dime/tables/LayerTable.h Examining data/dime-0.20111205/include/dime/tables/Table.h Examining data/dime-0.20111205/include/dime/tables/TableEntry.h Examining data/dime-0.20111205/include/dime/tables/UCSTable.h Examining data/dime-0.20111205/include/dime/tables/UnknownTable.h Examining data/dime-0.20111205/include/dime/util/Array.h Examining data/dime-0.20111205/include/dime/util/BSPTree.h Examining data/dime-0.20111205/include/dime/util/Box.h Examining data/dime-0.20111205/include/dime/util/Dict.h Examining data/dime-0.20111205/include/dime/util/Linear.h Examining data/dime-0.20111205/include/dime/util/MemHandler.h Examining data/dime-0.20111205/src/Base.cpp Examining data/dime-0.20111205/src/Basic.cpp Examining data/dime-0.20111205/src/Input.cpp Examining data/dime-0.20111205/src/Layer.cpp Examining data/dime-0.20111205/src/Model.cpp Examining data/dime-0.20111205/src/Output.cpp Examining data/dime-0.20111205/src/RecordHolder.cpp Examining data/dime-0.20111205/src/State.cpp Examining data/dime-0.20111205/src/classes/Class.cpp Examining data/dime-0.20111205/src/classes/UnknownClass.cpp Examining data/dime-0.20111205/src/convert/3dfaceconvert.cpp Examining data/dime-0.20111205/src/convert/arcconvert.cpp Examining data/dime-0.20111205/src/convert/circleconvert.cpp Examining data/dime-0.20111205/src/convert/convert.cpp Examining data/dime-0.20111205/src/convert/convert_funcs.h Examining data/dime-0.20111205/src/convert/ellipseconvert.cpp Examining data/dime-0.20111205/src/convert/layerdata.cpp Examining data/dime-0.20111205/src/convert/lineconvert.cpp Examining data/dime-0.20111205/src/convert/linesegment.cpp Examining data/dime-0.20111205/src/convert/linesegment.h Examining data/dime-0.20111205/src/convert/lwpolylineconvert.cpp Examining data/dime-0.20111205/src/convert/pointconvert.cpp Examining data/dime-0.20111205/src/convert/polylineconvert.cpp Examining data/dime-0.20111205/src/convert/solidconvert.cpp Examining data/dime-0.20111205/src/convert/traceconvert.cpp Examining data/dime-0.20111205/src/entities/3DFace.cpp Examining data/dime-0.20111205/src/entities/Arc.cpp Examining data/dime-0.20111205/src/entities/Block.cpp Examining data/dime-0.20111205/src/entities/Circle.cpp Examining data/dime-0.20111205/src/entities/Ellipse.cpp Examining data/dime-0.20111205/src/entities/Entity.cpp Examining data/dime-0.20111205/src/entities/ExtrusionEntity.cpp Examining data/dime-0.20111205/src/entities/FaceEntity.cpp Examining data/dime-0.20111205/src/entities/Insert.cpp Examining data/dime-0.20111205/src/entities/LWPolyline.cpp Examining data/dime-0.20111205/src/entities/Line.cpp Examining data/dime-0.20111205/src/entities/Point.cpp Examining data/dime-0.20111205/src/entities/Polyline.cpp Examining data/dime-0.20111205/src/entities/Solid.cpp Examining data/dime-0.20111205/src/entities/Spline.cpp Examining data/dime-0.20111205/src/entities/Text.cpp Examining data/dime-0.20111205/src/entities/Trace.cpp Examining data/dime-0.20111205/src/entities/UnknownEntity.cpp Examining data/dime-0.20111205/src/entities/Vertex.cpp Examining data/dime-0.20111205/src/objects/Object.cpp Examining data/dime-0.20111205/src/objects/UnknownObject.cpp Examining data/dime-0.20111205/src/records/DoubleRecord.cpp Examining data/dime-0.20111205/src/records/FloatRecord.cpp Examining data/dime-0.20111205/src/records/HexRecord.cpp Examining data/dime-0.20111205/src/records/Int16Record.cpp Examining data/dime-0.20111205/src/records/Int32Record.cpp Examining data/dime-0.20111205/src/records/Int8Record.cpp Examining data/dime-0.20111205/src/records/Record.cpp Examining data/dime-0.20111205/src/records/StringRecord.cpp Examining data/dime-0.20111205/src/sections/BlocksSection.cpp Examining data/dime-0.20111205/src/sections/ClassesSection.cpp Examining data/dime-0.20111205/src/sections/EntitiesSection.cpp Examining data/dime-0.20111205/src/sections/HeaderSection.cpp Examining data/dime-0.20111205/src/sections/ObjectsSection.cpp Examining data/dime-0.20111205/src/sections/Section.cpp Examining data/dime-0.20111205/src/sections/TablesSection.cpp Examining data/dime-0.20111205/src/sections/UnknownSection.cpp Examining data/dime-0.20111205/src/tables/LayerTable.cpp Examining data/dime-0.20111205/src/tables/Table.cpp Examining data/dime-0.20111205/src/tables/TableEntry.cpp Examining data/dime-0.20111205/src/tables/UCSTable.cpp Examining data/dime-0.20111205/src/tables/UnknownTable.cpp Examining data/dime-0.20111205/src/util/Array.cpp Examining data/dime-0.20111205/src/util/BSPTree.cpp Examining data/dime-0.20111205/src/util/Box.cpp Examining data/dime-0.20111205/src/util/Dict.cpp Examining data/dime-0.20111205/src/util/Linear.cpp Examining data/dime-0.20111205/src/util/MemHandler.cpp FINAL RESULTS: data/dime-0.20111205/cfg/wrapmsvc.cpp:99:3: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(msg, text, args); \ data/dime-0.20111205/cfg/wrapmsvc.cpp:172:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy((char *)cmddup, cmd); data/dime-0.20111205/include/dime/Basic.h:97:65: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). mh ? d = mh->stringAlloc(s) : d = new char[strlen(s)+1]; if (d) strcpy(d,s) data/dime-0.20111205/src/Basic.cpp:56:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(rstr, istr); data/dime-0.20111205/src/entities/Block.cpp:256:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*)this->name, str); data/dime-0.20111205/src/entities/Insert.cpp:296:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*)this->blockName, str); data/dime-0.20111205/src/entities/Text.cpp:68:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( t, s ); data/dime-0.20111205/src/entities/Text.cpp:105:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( s, this->text ); data/dime-0.20111205/src/records/StringRecord.cpp:167:23: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (this->string) strcpy(this->string, param.string_data); data/dime-0.20111205/src/sections/UnknownSection.cpp:58:26: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (this->sectionName) strcpy(this->sectionName, sectionname); data/dime-0.20111205/src/util/MemHandler.cpp:164:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ret, string); data/dime-0.20111205/cfg/wrapmsvc.cpp:173:17: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. BOOL result = CreateProcess(NULL, data/dime-0.20111205/cfg/wrapmsvc.cpp:173:17: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. BOOL result = CreateProcess(NULL, data/dime-0.20111205/cfg/wrapmsvc.cpp:97:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[BUFSIZE]; \ data/dime-0.20111205/cfg/wrapmsvc.cpp:258:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_PATH]; data/dime-0.20111205/cfg/wrapmsvc.cpp:267:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_PATH]; data/dime-0.20111205/cfg/wrapmsvc.cpp:558:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * lst = fopen(lstname, "r"); data/dime-0.20111205/cfg/wrapmsvc.cpp:560:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MAX_PATH]; data/dime-0.20111205/cfg/wrapmsvc.cpp:648:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen(winpath(arg).c_str(), "r"); data/dime-0.20111205/cfg/wrapmsvc.cpp:651:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[TMPBUFFERSIZE]; data/dime-0.20111205/cfg/wrapmsvc.cpp:958:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_PATH]; data/dime-0.20111205/cfg/wrapmsvc.cpp:974:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * depfile = fopen(depfilename, "w"); data/dime-0.20111205/dxf2vrml/dxf2vrml.cpp:107:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sub = atoi(argv[i]); data/dime-0.20111205/dxf2vrml/dxf2vrml.cpp:168:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(outfile, "wb"); data/dime-0.20111205/dxfsphere/dxfsphere.cpp:236:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((maxlevel = atoi(av[i])) < 1) { data/dime-0.20111205/dxfsphere/dxfsphere.cpp:466:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/dime-0.20111205/dxfsphere/dxfsphere.cpp:515:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/dime-0.20111205/dxfsphere/dxfsphere.cpp:547:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/dime-0.20111205/include/dime/Input.h:97:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lineBuf[DXF_MAXLINELEN]; data/dime-0.20111205/src/Input.cpp:180:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(filename, O_RDONLY | O_BINARY); data/dime-0.20111205/src/Input.cpp:182:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(filename, O_RDONLY); data/dime-0.20111205/src/Input.cpp:794:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[TMPBUFSIZE]; data/dime-0.20111205/src/Input.cpp:816:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[TMPBUFSIZE]; data/dime-0.20111205/src/Input.cpp:931:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[TMPBUFSIZE]; data/dime-0.20111205/src/Input.cpp:999:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/dime-0.20111205/src/Model.cpp:272:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/dime-0.20111205/src/Model.cpp:671:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"%x", getUniqueHandle()); data/dime-0.20111205/src/Output.cpp:93:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). this->fp = fopen(filename, "wb"); data/dime-0.20111205/src/RecordHolder.cpp:410:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newarray, this->records, this->numRecords*sizeof(dimeRecord*)); data/dime-0.20111205/src/convert/convert.cpp:213:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (fopen(filename, "wb")) { data/dime-0.20111205/src/entities/Entity.cpp:623:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpbuffer[TMP_BUFFER_LEN+1]; data/dime-0.20111205/src/entities/Spline.cpp:454:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->knots, values, numvalues*sizeof(dxfdouble)); data/dime-0.20111205/src/entities/Spline.cpp:472:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newweights, this->weights, data/dime-0.20111205/src/entities/Spline.cpp:482:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newweights, this->weights, this->numControlPoints); data/dime-0.20111205/src/entities/Spline.cpp:498:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->controlPoints, pts, sizeof(dimeVec3f)*numpts); data/dime-0.20111205/src/entities/Spline.cpp:534:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->fitPoints, pts, numpts*sizeof(dimeVec3f)); data/dime-0.20111205/src/entities/Text.cpp:191:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char subclass[80]; data/dime-0.20111205/cfg/wrapmsvc.cpp:100:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(msg) < BUFSIZE/2); /* just in case */ \ data/dime-0.20111205/cfg/wrapmsvc.cpp:170:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HLOCAL cmddup = (char *)LocalAlloc(0, strlen(cmd) + 1); data/dime-0.20111205/cfg/wrapmsvc.cpp:294:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int cslen = strlen(cs); data/dime-0.20111205/cfg/wrapmsvc.cpp:809:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (intelcpu.compare(prefix, strlen(prefix))==0) { intelcpu.erase(0, strlen(prefix)); } data/dime-0.20111205/cfg/wrapmsvc.cpp:809:76: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (intelcpu.compare(prefix, strlen(prefix))==0) { intelcpu.erase(0, strlen(prefix)); } data/dime-0.20111205/cfg/wrapmsvc.cpp:946:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int HASHLINELEN = strlen(HASHLINE); data/dime-0.20111205/cfg/wrapmsvc.cpp:961:15: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void)strncpy(buf, p, n); data/dime-0.20111205/dxf2vrml/dxf2vrml.cpp:158:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!model.read(&in)) { data/dime-0.20111205/include/dime/Basic.h:97:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mh ? d = mh->stringAlloc(s) : d = new char[strlen(s)+1]; if (d) strcpy(d,s) data/dime-0.20111205/include/dime/Input.h:115:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(char &c); data/dime-0.20111205/include/dime/Model.h:63:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(dimeInput * const in); data/dime-0.20111205/include/dime/RecordHolder.h:64:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool read(dimeInput * const in); data/dime-0.20111205/include/dime/classes/Class.h:58:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool read(dimeInput * const in); data/dime-0.20111205/include/dime/entities/Block.h:73:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool read(dimeInput * const in); data/dime-0.20111205/include/dime/entities/Entity.h:85:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool read(dimeInput * const in); data/dime-0.20111205/include/dime/entities/Insert.h:60:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool read(dimeInput * const in); data/dime-0.20111205/include/dime/entities/Polyline.h:117:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool read(dimeInput * const in); data/dime-0.20111205/include/dime/objects/Object.h:55:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool read(dimeInput * const in); data/dime-0.20111205/include/dime/records/DoubleRecord.h:52:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(dimeInput * const in); data/dime-0.20111205/include/dime/records/FloatRecord.h:52:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(dimeInput * const in); data/dime-0.20111205/include/dime/records/Int16Record.h:52:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(dimeInput * const in); data/dime-0.20111205/include/dime/records/Int32Record.h:52:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(dimeInput * const in); data/dime-0.20111205/include/dime/records/Int8Record.h:52:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(dimeInput * const in); data/dime-0.20111205/include/dime/records/Record.h:61:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool read(dimeInput * const in) = 0; data/dime-0.20111205/include/dime/records/StringRecord.h:57:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(dimeInput * const in); data/dime-0.20111205/include/dime/sections/BlocksSection.h:49:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool read(dimeInput * const file); data/dime-0.20111205/include/dime/sections/ClassesSection.h:50:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool read(dimeInput * const file); data/dime-0.20111205/include/dime/sections/EntitiesSection.h:50:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool read(dimeInput * const file); data/dime-0.20111205/include/dime/sections/HeaderSection.h:59:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool read(dimeInput * const file); data/dime-0.20111205/include/dime/sections/ObjectsSection.h:50:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool read(dimeInput * const file); data/dime-0.20111205/include/dime/sections/Section.h:52:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool read(dimeInput * const file) = 0; data/dime-0.20111205/include/dime/sections/TablesSection.h:49:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool read(dimeInput * const file); data/dime-0.20111205/include/dime/sections/UnknownSection.h:52:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool read(dimeInput * const file); data/dime-0.20111205/include/dime/tables/LayerTable.h:55:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool read(dimeInput * const in); data/dime-0.20111205/include/dime/tables/Table.h:51:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(dimeInput * const in); data/dime-0.20111205/include/dime/tables/TableEntry.h:51:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool read(dimeInput * const in); data/dime-0.20111205/src/Basic.cpp:54:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen( istr ) + 1; data/dime-0.20111205/src/Input.cpp:693:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int n = strlen(string); data/dime-0.20111205/src/Input.cpp:707:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dimeInput::read(char &c) data/dime-0.20111205/src/Input.cpp:1001:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int n = strlen(binaryid); data/dime-0.20111205/src/Model.cpp:189:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dimeModel::read(dimeInput * const in) data/dime-0.20111205/src/Model.cpp:222:40: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ok = section != NULL && section->read(in); data/dime-0.20111205/src/RecordHolder.cpp:119:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dimeRecordHolder::read(dimeInput * const file) data/dime-0.20111205/src/classes/Class.cpp:199:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dimeClass::read(dimeInput * const file) data/dime-0.20111205/src/classes/Class.cpp:201:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return dimeRecordHolder::read(file); data/dime-0.20111205/src/entities/Block.cpp:153:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dimeBlock::read(dimeInput * const file) data/dime-0.20111205/src/entities/Block.cpp:156:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool ret = dimeEntity::read(file); data/dime-0.20111205/src/entities/Block.cpp:172:47: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!this->endblock || !this->endblock->read(file)) ret = false; data/dime-0.20111205/src/entities/Block.cpp:254:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). this->name = new char[strlen(str)+1]; data/dime-0.20111205/src/entities/Entity.cpp:364:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!entity->read(file)) { data/dime-0.20111205/src/entities/Entity.cpp:612:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dimeEntity::read(dimeInput * const file) data/dime-0.20111205/src/entities/Entity.cpp:628:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool ok = dimeRecordHolder::read(file); // handleRecord() will change tmpbuffer... data/dime-0.20111205/src/entities/Entity.cpp:668:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char*)this->layer, param.string_data, TMP_BUFFER_LEN); data/dime-0.20111205/src/entities/Insert.cpp:143:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dimeInsert::read(dimeInput * const file) data/dime-0.20111205/src/entities/Insert.cpp:148:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool ret = dimeEntity::read(file); data/dime-0.20111205/src/entities/Insert.cpp:170:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!this->seqend || !this->seqend->read(file)) ret = false; data/dime-0.20111205/src/entities/Insert.cpp:294:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). this->blockName = new char[strlen(str)+1]; data/dime-0.20111205/src/entities/Polyline.cpp:170:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dimePolyline::read(dimeInput * const file) data/dime-0.20111205/src/entities/Polyline.cpp:172:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool ret = dimeEntity::read(file); data/dime-0.20111205/src/entities/Polyline.cpp:197:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = this->seqend && this->seqend->read(file); data/dime-0.20111205/src/entities/Polyline.cpp:209:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!vertex->read(file)) { data/dime-0.20111205/src/entities/Text.cpp:66:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen( s ); data/dime-0.20111205/src/entities/Text.cpp:72:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). this->width = this->height * CHAR_ASP * strlen( this->text ); data/dime-0.20111205/src/entities/Text.cpp:103:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen( this->text ); data/dime-0.20111205/src/entities/Text.cpp:197:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). this->width = this->height * CHAR_ASP * strlen( this->text ); data/dime-0.20111205/src/entities/Text.cpp:215:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). this->width = this->height * CHAR_ASP * strlen( this->text ); data/dime-0.20111205/src/objects/Object.cpp:134:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dimeObject::read(dimeInput * const file) data/dime-0.20111205/src/objects/Object.cpp:136:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return dimeRecordHolder::read(file); data/dime-0.20111205/src/records/DoubleRecord.cpp:93:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dimeDoubleRecord::read(dimeInput * const in) data/dime-0.20111205/src/records/FloatRecord.cpp:90:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dimeFloatRecord::read(dimeInput * const in) data/dime-0.20111205/src/records/Int16Record.cpp:92:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dimeInt16Record::read(dimeInput * const in) data/dime-0.20111205/src/records/Int32Record.cpp:91:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dimeInt32Record::read(dimeInput * const in) data/dime-0.20111205/src/records/Int8Record.cpp:92:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dimeInt8Record::read(dimeInput * const in) data/dime-0.20111205/src/records/Record.cpp:161:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (rec) rec->read(in); data/dime-0.20111205/src/records/StringRecord.cpp:138:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dimeStringRecord::read(dimeInput * const in) data/dime-0.20111205/src/records/StringRecord.cpp:166:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). this->string = new char[strlen(param.string_data)+1]; data/dime-0.20111205/src/sections/BlocksSection.cpp:87:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dimeBlocksSection::read(dimeInput * const file) data/dime-0.20111205/src/sections/BlocksSection.cpp:114:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!block->read(file)) { data/dime-0.20111205/src/sections/ClassesSection.cpp:103:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dimeClassesSection::read(dimeInput * const file) data/dime-0.20111205/src/sections/ClassesSection.cpp:130:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!myclass->read(file)) { data/dime-0.20111205/src/sections/EntitiesSection.cpp:106:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dimeEntitiesSection::read(dimeInput * const file) data/dime-0.20111205/src/sections/EntitiesSection.cpp:130:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!entity->read(file)) { data/dime-0.20111205/src/sections/HeaderSection.cpp:171:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dimeHeaderSection::read(dimeInput * const file) data/dime-0.20111205/src/sections/ObjectsSection.cpp:102:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dimeObjectsSection::read(dimeInput * const file) data/dime-0.20111205/src/sections/ObjectsSection.cpp:129:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!object->read(file)) { data/dime-0.20111205/src/sections/TablesSection.cpp:97:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dimeTablesSection::read(dimeInput * const file) data/dime-0.20111205/src/sections/TablesSection.cpp:130:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!table->read(file)) { data/dime-0.20111205/src/sections/UnknownSection.cpp:57:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). this->sectionName = new char[strlen(sectionname)+1]; data/dime-0.20111205/src/sections/UnknownSection.cpp:107:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dimeUnknownSection::read(dimeInput * const file) data/dime-0.20111205/src/tables/LayerTable.cpp:96:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dimeLayerTable::read(dimeInput * const file) data/dime-0.20111205/src/tables/LayerTable.cpp:98:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool ret = dimeTableEntry::read(file); data/dime-0.20111205/src/tables/Table.cpp:113:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dimeTable::read(dimeInput * const file) data/dime-0.20111205/src/tables/Table.cpp:132:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!record || !record->read(file)) {ok = false; break;} data/dime-0.20111205/src/tables/Table.cpp:147:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!entry->read(file)) {ok = false; break;} data/dime-0.20111205/src/tables/TableEntry.cpp:92:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dimeTableEntry::read(dimeInput * const file) data/dime-0.20111205/src/tables/TableEntry.cpp:94:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return dimeRecordHolder::read(file); data/dime-0.20111205/src/util/MemHandler.cpp:161:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(string)+1; ANALYSIS SUMMARY: Hits = 144 Lines analyzed = 26468 in approximately 0.73 seconds (36297 lines/second) Physical Source Lines of Code (SLOC) = 15548 Hits@level = [0] 162 [1] 97 [2] 34 [3] 2 [4] 11 [5] 0 Hits@level+ = [0+] 306 [1+] 144 [2+] 47 [3+] 13 [4+] 11 [5+] 0 Hits/KSLOC@level+ = [0+] 19.681 [1+] 9.26164 [2+] 3.0229 [3+] 0.83612 [4+] 0.707486 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.