Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ijs-0.35/ijs_client_example.c
Examining data/ijs-0.35/ijs.c
Examining data/ijs-0.35/ijs.h
Examining data/ijs-0.35/ijs_exec_win.c
Examining data/ijs-0.35/ijs_server.h
Examining data/ijs-0.35/unistd_.h
Examining data/ijs-0.35/ijs_client.c
Examining data/ijs-0.35/ijs_client.h
Examining data/ijs-0.35/ijs_server_example.c
Examining data/ijs-0.35/ijs_server.c
Examining data/ijs-0.35/ijs_exec_unix.c
FINAL RESULTS:
data/ijs-0.35/ijs_client_example.c:117:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buf, (n_chan == 3) ? "DeviceRGB" : "DeviceGray");
data/ijs-0.35/ijs_exec_unix.c:78:16: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
status = execvp (argv[0], (char * const *)argv);
data/ijs-0.35/ijs.c:70:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ch->buf + ch->buf_size, buf, len);
data/ijs-0.35/ijs.c:198:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, ch->buf + ch->buf_idx, size);
data/ijs-0.35/ijs.h:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ijs-0.35/ijs.h:85:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ijs-0.35/ijs_client.c:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helo_buf[8] = IJS_HELO_STR;
data/ijs-0.35/ijs_client.c:48:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resp_buf[8];
data/ijs-0.35/ijs_client.c:49:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char exp_resp_buf[8] = IJS_RESP_STR;
data/ijs-0.35/ijs_client_example.c:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ijs-0.35/ijs_client_example.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[4096];
data/ijs-0.35/ijs_client_example.c:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ijs-0.35/ijs_client_example.c:113:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", n_chan);
data/ijs-0.35/ijs_client_example.c:115:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", bps);
data/ijs-0.35/ijs_client_example.c:119:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", width);
data/ijs-0.35/ijs_client_example.c:121:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", height);
data/ijs-0.35/ijs_client_example.c:123:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%dx%d", xres, yres);
data/ijs-0.35/ijs_client_example.c:176:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[256];
data/ijs-0.35/ijs_client_example.c:177:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ijs-0.35/ijs_client_example.c:211:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (key, arg + ibeg, key_size);
data/ijs-0.35/ijs_client_example.c:244:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ijs-0.35/ijs_client_example.c:262:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ijs-0.35/ijs_client_example.c:354:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen (arg, "rb");
data/ijs-0.35/ijs_exec_unix.c:60:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv[8];
data/ijs-0.35/ijs_server.c:108:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helo_buf[8];
data/ijs-0.35/ijs_server.c:109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resp_buf[8];
data/ijs-0.35/ijs_server.c:402:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ijs-0.35/ijs_server.c:435:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ijs-0.35/ijs_server.c:514:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ijs-0.35/ijs_server.c:519:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, value, size);
data/ijs-0.35/ijs_server.c:558:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ctx->ph->cs, value, size);
data/ijs-0.35/ijs_server.c:653:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ijs-0.35/ijs_server.c:875:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, ctx->overflow_buf + ctx->overflow_buf_ix, n_bytes);
data/ijs-0.35/ijs_server.h:34:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cs[256]; /* color space, as string */
data/ijs-0.35/ijs_server_example.c:65:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val_buf, param_list, size);
data/ijs-0.35/ijs_server_example.c:95:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val_buf, val, size);
data/ijs-0.35/ijs_server_example.c:105:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ijs-0.35/ijs_server_example.c:119:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, val, i);
data/ijs-0.35/ijs_server_example.c:128:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, val + i + 1, size - i - 1);
data/ijs-0.35/ijs_server_example.c:245:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ijs-0.35/ijs_server_example.c:254:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val_buf, curs->value, curs->value_size);
data/ijs-0.35/ijs_server_example.c:266:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%gx%g", printable[off + 0], printable[off + 1]);
data/ijs-0.35/ijs_server_example.c:286:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val_buf, val, size);
data/ijs-0.35/ijs_server_example.c:321:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pl->key, key, key_len + 1);
data/ijs-0.35/ijs_server_example.c:330:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pl->value, value, value_size);
data/ijs-0.35/ijs_server_example.c:350:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (result, curs->value, curs->value_size);
data/ijs-0.35/ijs_server_example.c:375:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/ijs-0.35/ijs_server_example.c:376:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexbuf[BUF_SIZE * 3];
data/ijs-0.35/ijs_server_example.c:412:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
f = fdopen (atoi (fn), "w");
data/ijs-0.35/ijs_server_example.c:417:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (fn, "w");
data/ijs-0.35/ijs_server_example.c:490:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char hex[16] = "0123456789AbCdEf";
data/ijs-0.35/ijs_server_example.c:491:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c = ((unsigned char *)buf)[i];
data/ijs-0.35/ijs.c:110:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nbytes = read (ch->fd, buf + ix, size - ix);
data/ijs-0.35/ijs_client.c:69:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nbytes = read (ctx->recv_chan.fd, resp_buf, sizeof(resp_buf));
data/ijs-0.35/ijs_client.c:222:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int key_size = strlen (key);
data/ijs-0.35/ijs_client.c:245:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int key_size = strlen (key);
data/ijs-0.35/ijs_client.c:273:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int key_size = strlen (key);
data/ijs-0.35/ijs_client_example.c:114:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ijs_client_set_param (ctx, 0, "NumChan", buf, strlen (buf));
data/ijs-0.35/ijs_client_example.c:116:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ijs_client_set_param (ctx, 0, "BitsPerSample", buf, strlen (buf));
data/ijs-0.35/ijs_client_example.c:118:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ijs_client_set_param (ctx, 0, "ColorSpace", buf, strlen (buf));
data/ijs-0.35/ijs_client_example.c:120:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ijs_client_set_param (ctx, 0, "Width", buf, strlen (buf));
data/ijs-0.35/ijs_client_example.c:122:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ijs_client_set_param (ctx, 0, "Height", buf, strlen (buf));
data/ijs-0.35/ijs_client_example.c:124:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ijs_client_set_param (ctx, 0, "Dpi", buf, strlen (buf));
data/ijs-0.35/ijs_server.c:127:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nbytes = read (ctx->recv_chan.fd, helo_buf, sizeof(helo_buf));
data/ijs-0.35/ijs_server_example.c:58:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int size = strlen (param_list);
data/ijs-0.35/ijs_server_example.c:91:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int size = strlen (val);
data/ijs-0.35/ijs_server_example.c:282:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int size = strlen (val);
data/ijs-0.35/ijs_server_example.c:297:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int key_len = strlen (key);
data/ijs-0.35/unistd_.h:30:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read(handle, buffer, count) _read(handle, buffer, count)
ANALYSIS SUMMARY:
Hits = 69
Lines analyzed = 2940 in approximately 0.09 seconds (33462 lines/second)
Physical Source Lines of Code (SLOC) = 2206
Hits@level = [0] 48 [1] 17 [2] 50 [3] 0 [4] 2 [5] 0
Hits@level+ = [0+] 117 [1+] 69 [2+] 52 [3+] 2 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 53.0372 [1+] 31.2783 [2+] 23.5721 [3+] 0.906618 [4+] 0.906618 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.