Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/exif-0.6.22/exif/actions.h Examining data/exif-0.6.22/exif/exif-i18n.c Examining data/exif-0.6.22/exif/exif-i18n.h Examining data/exif-0.6.22/exif/main.c Examining data/exif-0.6.22/exif/utils.c Examining data/exif-0.6.22/exif/utils.h Examining data/exif-0.6.22/exif/actions.c Examining data/exif-0.6.22/libjpeg/jpeg-data.c Examining data/exif-0.6.22/libjpeg/jpeg-data.h Examining data/exif-0.6.22/libjpeg/jpeg-marker.c Examining data/exif-0.6.22/libjpeg/jpeg-marker.h FINAL RESULTS: data/exif-0.6.22/exif/actions.c:71:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ((char *) e->data, set_value); data/exif-0.6.22/exif/actions.c:441:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (ENTRY_FOUND); data/exif-0.6.22/exif/actions.c:443:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (ENTRY_NOT_FOUND); data/exif-0.6.22/exif/actions.c:518:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (ngettext("MakerNote contains %i value:\n", data/exif-0.6.22/exif/main.c:115:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stderr, format, args); data/exif-0.6.22/exif/main.c:123:4: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stdout, format, args); data/exif-0.6.22/exif/main.c:140:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stderr, format, args); data/exif-0.6.22/exif/main.c:160:4: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf (format, args); data/exif-0.6.22/exif/actions.c:67:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char *) e->data, "ASCII\0\0\0", 8); data/exif-0.6.22/exif/actions.c:68:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char *) e->data + 8, set_value, data/exif-0.6.22/exif/actions.c:110:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). exif_set_short (e->data + (s * i), o, atoi (value_p)); data/exif-0.6.22/exif/actions.c:113:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). exif_set_sshort (e->data + (s * i), o, atoi (value_p)); data/exif-0.6.22/exif/actions.c:124:41: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). exif_set_long (e->data + (s * i), o, atol (value_p)); data/exif-0.6.22/exif/actions.c:135:42: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). exif_set_slong (e->data + (s * i), o, atol (value_p)); data/exif-0.6.22/exif/actions.c:140:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). e->data[s * i] = atoi (value_p); data/exif-0.6.22/exif/actions.c:198:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[TAG_VALUE_BUF]; data/exif-0.6.22/exif/actions.c:296:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen (p.set_thumb, "rb"); data/exif-0.6.22/exif/actions.c:379:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen (fout, "wb"); data/exif-0.6.22/exif/actions.c:401:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txt[TAG_VALUE_BUF]; data/exif-0.6.22/exif/actions.c:452:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char v[TAG_VALUE_BUF]; data/exif-0.6.22/exif/actions.c:498:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[TAG_VALUE_BUF], b1[TAG_VALUE_BUF], b2[TAG_VALUE_BUF]; data/exif-0.6.22/exif/actions.c:526:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(b1,"0x%04x",id); data/exif-0.6.22/exif/actions.c:603:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char v[TAG_VALUE_BUF]; data/exif-0.6.22/exif/actions.c:682:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(out, "&"); data/exif-0.6.22/exif/actions.c:687:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(out, "<"); data/exif-0.6.22/exif/actions.c:692:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(out, ">"); data/exif-0.6.22/exif/actions.c:709:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char v[TAG_VALUE_BUF], t[TAG_VALUE_BUF]; data/exif-0.6.22/exif/exif-i18n.c:28:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[2048]; data/exif-0.6.22/exif/main.c:246:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fout[1024] = {0, }; data/exif-0.6.22/exif/utils.c:41:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return (atoi (string)); data/exif-0.6.22/libjpeg/jpeg-data.c:102:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen (path, "wb"); data/exif-0.6.22/libjpeg/jpeg-data.c:153:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*d + *ds, ed, eds); data/exif-0.6.22/libjpeg/jpeg-data.c:163:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*d + *ds, s.content.generic.data, data/exif-0.6.22/libjpeg/jpeg-data.c:170:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*d + *ds, data->data, data->size); data/exif-0.6.22/libjpeg/jpeg-data.c:252:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s->content.generic.data, &d[o], len); data/exif-0.6.22/libjpeg/jpeg-data.c:276:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data->data, d + o + len, data/exif-0.6.22/libjpeg/jpeg-data.c:308:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen (path, "rb"); data/exif-0.6.22/exif/actions.c:54:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). e->components = strlen (set_value) + 1; data/exif-0.6.22/exif/actions.c:69:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (set_value)); data/exif-0.6.22/exif/actions.c:529:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (b1, s && *s ? s : _("Unknown Tag"), TAG_VALUE_BUF); data/exif-0.6.22/exif/actions.c:541:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (b2, s ? s : _("Unknown value"), TAG_VALUE_BUF); data/exif-0.6.22/exif/actions.c:683:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(out) - 1; data/exif-0.6.22/exif/actions.c:688:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(out) - 1; data/exif-0.6.22/exif/actions.c:693:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(out) - 1; data/exif-0.6.22/exif/actions.c:716:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (t, exif_tag_get_title_in_ifd(e->tag, exif_entry_get_ifd(e)), sizeof (t)); data/exif-0.6.22/exif/exif-i18n.c:27:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t t = (in ? strlen (in) : 0); data/exif-0.6.22/exif/main.c:387:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (fout, output, sizeof (fout) - 1); data/exif-0.6.22/exif/main.c:389:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (fout, *args, sizeof (fout) - 1); data/exif-0.6.22/exif/main.c:390:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat (fout, ".modified.jpeg", data/exif-0.6.22/exif/main.c:391:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof (fout) - strlen(fout) - 1); data/exif-0.6.22/exif/utils.c:40:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn (string, "0123456789") == strlen (string)) data/exif-0.6.22/exif/utils.c:126:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t blen = 0, count = 0, maxlen = strlen(mbs); data/exif-0.6.22/exif/utils.c:146:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t clen = strlen(mbs); ANALYSIS SUMMARY: Hits = 53 Lines analyzed = 2420 in approximately 0.10 seconds (23813 lines/second) Physical Source Lines of Code (SLOC) = 1767 Hits@level = [0] 65 [1] 16 [2] 29 [3] 0 [4] 8 [5] 0 Hits@level+ = [0+] 118 [1+] 53 [2+] 37 [3+] 8 [4+] 8 [5+] 0 Hits/KSLOC@level+ = [0+] 66.7799 [1+] 29.9943 [2+] 20.9394 [3+] 4.52745 [4+] 4.52745 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.