Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kdegraphics-thumbnailers-20.04.3/blend/blendercreator.cpp
Examining data/kdegraphics-thumbnailers-20.04.3/blend/blendercreator.h
Examining data/kdegraphics-thumbnailers-20.04.3/raw/rawcreator.h
Examining data/kdegraphics-thumbnailers-20.04.3/raw/rawcreator.cpp
Examining data/kdegraphics-thumbnailers-20.04.3/ps/dscparse_adapter.h
Examining data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp
Examining data/kdegraphics-thumbnailers-20.04.3/ps/dscparse_adapter.cpp
Examining data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp
Examining data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.h
Examining data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.h
FINAL RESULTS:
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:1104:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "Unknown in %s section at line %d:\n ",
data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:352:2: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(dvipsargs[0], const_cast<char *const *>(dvipsargs));
data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:363:2: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(gsargs[0], const_cast<char *const *>(gsargs));
data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:381:7: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(gsargs[0], const_cast<char *const *>(gsargs));
data/kdegraphics-thumbnailers-20.04.3/blend/blendercreator.cpp:46:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::ReadOnly)) {
data/kdegraphics-thumbnailers-20.04.3/blend/blendercreator.cpp:57:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (gzFile->open(QIODevice::ReadOnly)) {
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:222:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const dsc_scan_section_name[15] = {
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:335:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dsc->data + dsc->data_length, data, bytes_read);
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:439:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:554:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", i+1);
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:606:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_page, dsc->page,
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:629:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newmedia_array, dsc->media,
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:1013:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char begindata[MAXSTR+1];
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:1020:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(begindata, dsc->line, num);
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:1042:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnt = atoi(numberof);
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:1066:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned long cnt = atoi(dsc->line + 14);
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:1094:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dsc->last_line, dsc->line, len);
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:1102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[DSC_LINE_LENGTH];
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:1643:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char media_name[MAXSTR];
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:1687:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXSTR];
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:1688:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colour[MAXSTR];
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:1689:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[MAXSTR];
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2048:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXSTR];
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2091:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[MAXSTR];
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colour[MAXSTR];
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2360:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXSTR+MAXSTR] = "";
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2365:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf+strlen(buf), "\n%%%%Begin%.40s: / %%%%End%.40s\n", str, str);
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2605:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXSTR];
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2823:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXSTR];
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:3149:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, str, len);
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:3282:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newline[MAXSTR];
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:3302:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(newline);
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:3308:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newline[MAXSTR];
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:3352:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_label[MAXSTR];
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:3362:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
page_ordinal = atoi(p);
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.h:389:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[CDSC_DATA_LENGTH];/* start of buffer */
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.h:405:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_line[256]; /* previous DSC line, used for %%+ */
data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:219:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen(QFile::encodeName(path), "r");
data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:222:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:244:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char translation[64] = "";
data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:245:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pagesize[32] = "";
data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:246:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resopt[32] = "";
data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:503:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::ReadOnly))
data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:506:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char test[4];
data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:515:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char trailer[4] = { 0xdf,0xdf,0xdf,0xdf };
data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:527:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(QFile::encodeName(path), "r");
data/kdegraphics-thumbnailers-20.04.3/blend/blendercreator.cpp:102:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != fileBlockHeaderSize) {
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:553:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dsc->page[i].label) == 0) {
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:555:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((dsc->page[i].label = dsc_alloc_string(dsc, buf, strlen(buf)))
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:592:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dsc_alloc_string(dsc, label, strlen(label)+1);
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:652:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(media->name));
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:661:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(media->colour));
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:667:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(media->type));
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:1107:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line, dsc->line, length);
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2071:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dsc_alloc_string(dsc, p, strlen(p));
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2113:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dsc_alloc_string(dsc, p, strlen(p));
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2146:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dsc_alloc_string(dsc, p, strlen(p));
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2362:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, dsc->line, dsc->line_length);
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2365:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf+strlen(buf), "\n%%%%Begin%.40s: / %%%%End%.40s\n", str, str);
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:2366:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return dsc_error(dsc, CDSC_MESSAGE_BEGIN_END, buf, strlen(buf));
data/kdegraphics-thumbnailers-20.04.3/ps/dscparse.cpp:3364:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (page_ordinal == 0) || (strlen(page_label) == 0) ||
data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:395:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int count = write(input[1], prolog, strlen(prolog));
data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:397:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(input[1], translation, strlen(translation));
data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:400:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (count == static_cast<int>(strlen(prolog))) {
data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:416:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = read(output[0], data.data() + offset, 1024);
data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:507:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( f.read( (char *)test,2)<2 || test[0] != 247 || test[1] != 2 )
data/kdegraphics-thumbnailers-20.04.3/ps/gscreator.cpp:517:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( f.read( (char *)test, 4 )<4 || strncmp( (char *)test, (char*) trailer, 4 ) )
ANALYSIS SUMMARY:
Hits = 67
Lines analyzed = 5677 in approximately 0.16 seconds (35905 lines/second)
Physical Source Lines of Code (SLOC) = 4253
Hits@level = [0] 5 [1] 21 [2] 42 [3] 0 [4] 4 [5] 0
Hits@level+ = [0+] 72 [1+] 67 [2+] 46 [3+] 4 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 16.9292 [1+] 15.7536 [2+] 10.8159 [3+] 0.940513 [4+] 0.940513 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.