Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/g2clib-1.6.0/g2_free.c
Examining data/g2clib-1.6.0/comunpack.c
Examining data/g2clib-1.6.0/getpoly.c
Examining data/g2clib-1.6.0/specpack.c
Examining data/g2clib-1.6.0/compack.c
Examining data/g2clib-1.6.0/dec_png.c
Examining data/g2clib-1.6.0/cmplxpack.c
Examining data/g2clib-1.6.0/getdim.c
Examining data/g2clib-1.6.0/drstemplates.h
Examining data/g2clib-1.6.0/pngunpack.c
Examining data/g2clib-1.6.0/pack_gp.c
Examining data/g2clib-1.6.0/drstemplates.c
Examining data/g2clib-1.6.0/g2_addgrid.c
Examining data/g2clib-1.6.0/misspack.c
Examining data/g2clib-1.6.0/g2_gribend.c
Examining data/g2clib-1.6.0/jpcunpack.c
Examining data/g2clib-1.6.0/g2_unpack6.c
Examining data/g2clib-1.6.0/g2_getfld.c
Examining data/g2clib-1.6.0/g2_unpack2.c
Examining data/g2clib-1.6.0/mkieee.c
Examining data/g2clib-1.6.0/pdstemplates.h
Examining data/g2clib-1.6.0/enc_png.c
Examining data/g2clib-1.6.0/pngpack.c
Examining data/g2clib-1.6.0/simpack.c
Examining data/g2clib-1.6.0/jpcpack.c
Examining data/g2clib-1.6.0/pdstemplates.c
Examining data/g2clib-1.6.0/g2_addlocal.c
Examining data/g2clib-1.6.0/g2_unpack1.c
Examining data/g2clib-1.6.0/simunpack.c
Examining data/g2clib-1.6.0/reduce.c
Examining data/g2clib-1.6.0/main.c
Examining data/g2clib-1.6.0/g2_unpack4.c
Examining data/g2clib-1.6.0/gbits.c
Examining data/g2clib-1.6.0/seekgb.c
Examining data/g2clib-1.6.0/gridtemplates.c
Examining data/g2clib-1.6.0/g2_unpack5.c
Examining data/g2clib-1.6.0/g2_addfield.c
Examining data/g2clib-1.6.0/g2_info.c
Examining data/g2clib-1.6.0/rdieee.c
Examining data/g2clib-1.6.0/g2_unpack3.c
Examining data/g2clib-1.6.0/g2_unpack7.c
Examining data/g2clib-1.6.0/specunpack.c
Examining data/g2clib-1.6.0/g2_miss.c
Examining data/g2clib-1.6.0/g2_create.c
Examining data/g2clib-1.6.0/mainhome.c
Examining data/g2clib-1.6.0/int_power.c
Examining data/g2clib-1.6.0/gridtemplates.h
Examining data/g2clib-1.6.0/enc_jpeg2000.c
Examining data/g2clib-1.6.0/dec_jpeg2000.c
Examining data/g2clib-1.6.0/jpeg2000_openjpeg.c
Examining data/g2clib-1.6.0/grib2.h
FINAL RESULTS:
data/g2clib-1.6.0/dec_png.c:34:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data,ptr+offset,length);
data/g2clib-1.6.0/enc_jpeg2000.c:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opts[MAXOPTSSIZE];
data/g2clib-1.6.0/enc_jpeg2000.c:97:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(opts,"\nnumgbits=4");
data/g2clib-1.6.0/enc_png.c:36:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr+offset,data,length);
data/g2clib-1.6.0/jpeg2000_openjpeg.c:55:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &(mstream->pData[mstream->offset]), nb_bytes_read);
data/g2clib-1.6.0/jpeg2000_openjpeg.c:70:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(mstream->pData[mstream->offset]), buffer, nb_bytes_write);
data/g2clib-1.6.0/mainhome.c:53:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mug[300],*cout;
data/g2clib-1.6.0/pack_gp.c:40:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cfeed[1];
data/g2clib-1.6.0/reduce.c:35:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cfeed[1];
ANALYSIS SUMMARY:
Hits = 9
Lines analyzed = 10530 in approximately 0.35 seconds (30471 lines/second)
Physical Source Lines of Code (SLOC) = 5252
Hits@level = [0] 92 [1] 0 [2] 9 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 101 [1+] 9 [2+] 9 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 19.2308 [1+] 1.71363 [2+] 1.71363 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.