Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libavif-0.8.3/apps/avifdec.c
Examining data/libavif-0.8.3/apps/avifenc.c
Examining data/libavif-0.8.3/apps/shared/avifjpeg.c
Examining data/libavif-0.8.3/apps/shared/avifjpeg.h
Examining data/libavif-0.8.3/apps/shared/avifpng.c
Examining data/libavif-0.8.3/apps/shared/avifpng.h
Examining data/libavif-0.8.3/apps/shared/avifutil.c
Examining data/libavif-0.8.3/apps/shared/avifutil.h
Examining data/libavif-0.8.3/apps/shared/iccjpeg.c
Examining data/libavif-0.8.3/apps/shared/iccjpeg.h
Examining data/libavif-0.8.3/apps/shared/y4m.c
Examining data/libavif-0.8.3/apps/shared/y4m.h
Examining data/libavif-0.8.3/contrib/gdk-pixbuf/loader.c
Examining data/libavif-0.8.3/examples/avif_example_decode_file.c
Examining data/libavif-0.8.3/examples/avif_example_decode_memory.c
Examining data/libavif-0.8.3/examples/avif_example_decode_streaming.c
Examining data/libavif-0.8.3/examples/avif_example_encode.c
Examining data/libavif-0.8.3/include/avif/avif.h
Examining data/libavif-0.8.3/include/avif/internal.h
Examining data/libavif-0.8.3/src/alpha.c
Examining data/libavif-0.8.3/src/avif.c
Examining data/libavif-0.8.3/src/codec_aom.c
Examining data/libavif-0.8.3/src/codec_dav1d.c
Examining data/libavif-0.8.3/src/codec_libgav1.c
Examining data/libavif-0.8.3/src/codec_rav1e.c
Examining data/libavif-0.8.3/src/codec_svt.c
Examining data/libavif-0.8.3/src/colr.c
Examining data/libavif-0.8.3/src/io.c
Examining data/libavif-0.8.3/src/mem.c
Examining data/libavif-0.8.3/src/obu.c
Examining data/libavif-0.8.3/src/rawdata.c
Examining data/libavif-0.8.3/src/read.c
Examining data/libavif-0.8.3/src/reformat.c
Examining data/libavif-0.8.3/src/reformat_libyuv.c
Examining data/libavif-0.8.3/src/stream.c
Examining data/libavif-0.8.3/src/utils.c
Examining data/libavif-0.8.3/src/write.c
Examining data/libavif-0.8.3/tests/aviftest.c
Examining data/libavif-0.8.3/tests/avifyuv.c
Examining data/libavif-0.8.3/tests/cJSON.c
Examining data/libavif-0.8.3/tests/cJSON.h
Examining data/libavif-0.8.3/tests/compare.c
Examining data/libavif-0.8.3/tests/compare.h
Examining data/libavif-0.8.3/tests/oss-fuzz/avif_decode_fuzzer.cc
Examining data/libavif-0.8.3/tests/testcase.c
Examining data/libavif-0.8.3/tests/testcase.h
FINAL RESULTS:
data/libavif-0.8.3/tests/aviftest.c:336:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ioDir, dataDir);
data/libavif-0.8.3/tests/aviftest.c:337:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ioDir, ioSuffix);
data/libavif-0.8.3/tests/aviftest.c:353:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fullFilename, ioDir);
data/libavif-0.8.3/tests/aviftest.c:354:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fullFilename, filename);
data/libavif-0.8.3/tests/cJSON.c:406:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(object->valuestring, valuestring);
data/libavif-0.8.3/tests/testcase.c:78:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(basenameBuffer, tc->inputFilename);
data/libavif-0.8.3/apps/avifdec.c:128:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
requestedDepth = atoi(arg);
data/libavif-0.8.3/apps/avifdec.c:135:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jpegQuality = atoi(arg);
data/libavif-0.8.3/apps/avifenc.c:132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/libavif-0.8.3/apps/avifenc.c:139:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cicp[index] = atoi(token);
data/libavif-0.8.3/apps/avifenc.c:157:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/libavif-0.8.3/apps/avifenc.c:164:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
output[index] = (uint32_t)atoi(token);
data/libavif-0.8.3/apps/avifenc.c:240:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * f = fopen(filename, "rb");
data/libavif-0.8.3/apps/avifenc.c:330:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jobs = atoi(arg);
data/libavif-0.8.3/apps/avifenc.c:341:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
input.requestedDepth = atoi(arg);
data/libavif-0.8.3/apps/avifenc.c:364:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
keyframeInterval = atoi(arg);
data/libavif-0.8.3/apps/avifenc.c:367:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
minQuantizer = atoi(arg);
data/libavif-0.8.3/apps/avifenc.c:376:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxQuantizer = atoi(arg);
data/libavif-0.8.3/apps/avifenc.c:385:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
minQuantizerAlpha = atoi(arg);
data/libavif-0.8.3/apps/avifenc.c:394:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxQuantizerAlpha = atoi(arg);
data/libavif-0.8.3/apps/avifenc.c:403:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tileRowsLog2 = atoi(arg);
data/libavif-0.8.3/apps/avifenc.c:412:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tileColsLog2 = atoi(arg);
data/libavif-0.8.3/apps/avifenc.c:446:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
speed = atoi(arg);
data/libavif-0.8.3/apps/avifenc.c:477:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
duration = atoi(arg);
data/libavif-0.8.3/apps/avifenc.c:485:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timescale = atoi(arg);
data/libavif-0.8.3/apps/avifenc.c:540:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
irotAngle = (uint8_t)atoi(arg);
data/libavif-0.8.3/apps/avifenc.c:548:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
imirAxis = (uint8_t)atoi(arg);
data/libavif-0.8.3/apps/avifenc.c:869:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * f = fopen(outputFilename, "wb");
data/libavif-0.8.3/apps/shared/avifjpeg.c:50:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * f = fopen(inputFilename, "rb");
data/libavif-0.8.3/apps/shared/avifjpeg.c:94:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pixelRow, buffer[0], rgb.rowBytes);
data/libavif-0.8.3/apps/shared/avifjpeg.c:136:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(outputFilename, "wb");
data/libavif-0.8.3/apps/shared/avifpng.c:36:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * f = fopen(inputFilename, "rb");
data/libavif-0.8.3/apps/shared/avifpng.c:187:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(outputFilename, "wb");
data/libavif-0.8.3/apps/shared/avifutil.c:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char codecVersions[256];
data/libavif-0.8.3/apps/shared/avifutil.c:78:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lowercaseExt[8]; // This only needs to fit up to "jpeg", so this is plenty
data/libavif-0.8.3/apps/shared/iccjpeg.c:175:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker_present[MAX_SEQ_NO+1]; /* 1 if marker found */
data/libavif-0.8.3/apps/shared/y4m.c:186:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&frame, *iter, sizeof(struct y4mFrameIterator));
data/libavif-0.8.3/apps/shared/y4m.c:191:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
frame.inputFile = fopen(inputFilename, "rb");
data/libavif-0.8.3/apps/shared/y4m.c:220:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpBuffer[32];
data/libavif-0.8.3/apps/shared/y4m.c:225:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
frame.width = atoi((const char *)p + 1);
data/libavif-0.8.3/apps/shared/y4m.c:228:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
frame.height = atoi((const char *)p + 1);
data/libavif-0.8.3/apps/shared/y4m.c:341:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*iter, &frame, sizeof(struct y4mFrameIterator));
data/libavif-0.8.3/apps/shared/y4m.c:444:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * f = fopen(outputFilename, "wb");
data/libavif-0.8.3/examples/avif_example_decode_memory.c:29:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(inputFilename, "rb");
data/libavif-0.8.3/examples/avif_example_decode_streaming.c:137:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(inputFilename, "rb");
data/libavif-0.8.3/examples/avif_example_encode.c:101:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * f = fopen(outputFilename, "wb");
data/libavif-0.8.3/include/avif/avif.h:61:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void avifCodecVersions(char outBuffer[256]);
data/libavif-0.8.3/include/avif/internal.h:185:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
avifCodecOpenFunc open;
data/libavif-0.8.3/src/avif.c:149:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dstImage->imir, &srcImage->imir, sizeof(dstImage->pasp));
data/libavif-0.8.3/src/avif.c:177:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstRow, srcRow, dstImage->yuvRowBytes[yuvPlane]);
data/libavif-0.8.3/src/avif.c:187:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstAlphaRow, srcAlphaRow, dstImage->alphaRowBytes);
data/libavif-0.8.3/src/avif.c:390:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dup, str, len + 1);
data/libavif-0.8.3/src/avif.c:547:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*writePos, appendStr, appendLen);
data/libavif-0.8.3/src/avif.c:553:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void avifCodecVersions(char outBuffer[256])
data/libavif-0.8.3/src/codec_aom.c:556:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstAlphaRow, srcAlphaRow, image->alphaRowBytes);
data/libavif-0.8.3/src/codec_aom.c:574:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstRow, srcRow, image->yuvRowBytes[yuvPlane]);
data/libavif-0.8.3/src/codec_rav1e.c:32:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int majorVersion = atoi(rav1eVersionString);
data/libavif-0.8.3/src/codec_rav1e.c:46:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int minorVersion = atoi(minorVersionString);
data/libavif-0.8.3/src/colr.c:34:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outPrimaries, avifColorPrimariesTables[i].primaries, sizeof(avifColorPrimariesTables[i].primaries));
data/libavif-0.8.3/src/colr.c:40:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outPrimaries, avifColorPrimariesTables[0].primaries, sizeof(avifColorPrimariesTables[0].primaries));
data/libavif-0.8.3/src/io.c:135:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * f = fopen(filename, "rb");
data/libavif-0.8.3/src/rawdata.c:17:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(raw->data, old, bytesToCopy);
data/libavif-0.8.3/src/rawdata.c:27:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(raw->data, data, len);
data/libavif-0.8.3/src/read.c:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auxType[AUXTYPE_SIZE];
data/libavif-0.8.3/src/read.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char contentType[CONTENTTYPE_SIZE];
data/libavif-0.8.3/src/read.c:632:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outData, &item->mergedExtents, sizeof(avifROData));
data/libavif-0.8.3/src/read.c:720:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&item->mergedExtents, &offsetBuffer, sizeof(avifRWData));
data/libavif-0.8.3/src/read.c:723:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(front, offsetBuffer.data, bytesToRead);
data/libavif-0.8.3/src/read.c:796:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstProp, srcProp, sizeof(avifProperty));
data/libavif-0.8.3/src/read.c:925:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, yaRowBytes);
data/libavif-0.8.3/src/read.c:933:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, yaRowBytes);
data/libavif-0.8.3/src/read.c:949:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstU, srcU, uvRowBytes);
data/libavif-0.8.3/src/read.c:954:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstV, srcV, uvRowBytes);
data/libavif-0.8.3/src/read.c:1337:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prop->type, header.type, 4);
data/libavif-0.8.3/src/read.c:1441:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstProp, srcProp, sizeof(avifProperty));
data/libavif-0.8.3/src/read.c:1550:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(item->type, itemType, sizeof(itemType));
data/libavif-0.8.3/src/read.c:1551:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&item->contentType, &contentType, sizeof(contentType));
data/libavif-0.8.3/src/read.c:2256:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sample->data, &itemContents, sizeof(avifROData));
data/libavif-0.8.3/src/read.c:2282:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sample->data, &sampleContents, sizeof(avifROData));
data/libavif-0.8.3/src/read.c:2336:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tile->codec->open(tile->codec)) {
data/libavif-0.8.3/src/read.c:2669:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&decoder->image->pasp, &paspProp->u.pasp, sizeof(avifPixelAspectRatioBox));
data/libavif-0.8.3/src/read.c:2674:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&decoder->image->clap, &clapProp->u.clap, sizeof(avifCleanApertureBox));
data/libavif-0.8.3/src/read.c:2679:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&decoder->image->irot, &irotProp->u.irot, sizeof(avifImageRotation));
data/libavif-0.8.3/src/read.c:2684:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&decoder->image->imir, &imirProp->u.imir, sizeof(avifImageMirror));
data/libavif-0.8.3/src/read.c:2880:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outTiming, &decoder->imageTiming, sizeof(avifImageTiming));
data/libavif-0.8.3/src/stream.c:61:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, stream->raw->data + stream->offset, size);
data/libavif-0.8.3/src/stream.c:140:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, streamString, stringLen);
data/libavif-0.8.3/src/stream.c:252:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stream->raw->data + stream->offset, data, size);
data/libavif-0.8.3/src/stream.c:272:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stream->raw->data + stream->offset, &noSize, sizeof(uint32_t));
data/libavif-0.8.3/src/stream.c:273:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stream->raw->data + stream->offset + 4, type, 4);
data/libavif-0.8.3/src/stream.c:293:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stream->raw->data + marker, &noSize, sizeof(uint32_t));
data/libavif-0.8.3/src/stream.c:300:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stream->raw->data + stream->offset, &v, size);
data/libavif-0.8.3/src/stream.c:309:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stream->raw->data + stream->offset, &v, size);
data/libavif-0.8.3/src/stream.c:318:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stream->raw->data + stream->offset, &v, size);
data/libavif-0.8.3/src/stream.c:327:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stream->raw->data + stream->offset, &v, size);
data/libavif-0.8.3/src/utils.c:22:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&result, data, sizeof(uint16_t));
data/libavif-0.8.3/src/utils.c:42:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&result, data, sizeof(uint32_t));
data/libavif-0.8.3/src/utils.c:66:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&result, data, sizeof(uint64_t));
data/libavif-0.8.3/src/utils.c:99:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arr->ptr, oldPtr, oldByteCount);
data/libavif-0.8.3/src/utils.c:118:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newElement, element, arr->elementSize);
data/libavif-0.8.3/src/write.c:441:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(exifItem->metadataPayload.data, &exifTiffHeaderOffset, sizeof(uint32_t));
data/libavif-0.8.3/src/write.c:442:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(exifItem->metadataPayload.data + sizeof(uint32_t), image->exif.data, image->exif.size);
data/libavif-0.8.3/src/write.c:531:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&item->av1C, &sequenceHeader.av1C, sizeof(avifCodecConfigurationBox));
data/libavif-0.8.3/tests/aviftest.c:39:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filenameBuffer[2048];
data/libavif-0.8.3/tests/aviftest.c:155:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char testJSONFilename[2048];
data/libavif-0.8.3/tests/aviftest.c:158:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * f = fopen(testJSONFilename, "wb");
data/libavif-0.8.3/tests/aviftest.c:179:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char testJSONFilename[2048];
data/libavif-0.8.3/tests/aviftest.c:182:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * f = fopen(testJSONFilename, "rb");
data/libavif-0.8.3/tests/aviftest.c:328:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ioDir[FILENAME_MAX_LENGTH + 1];
data/libavif-0.8.3/tests/aviftest.c:347:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullFilename[FILENAME_MAX_LENGTH + 1];
data/libavif-0.8.3/tests/aviftest.c:356:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * f = fopen(fullFilename, "rb");
data/libavif-0.8.3/tests/aviftest.c:478:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char codecVersions[256];
data/libavif-0.8.3/tests/avifyuv.c:69:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mode = atoi(arg);
data/libavif-0.8.3/tests/cJSON.c:122:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char version[15];
data/libavif-0.8.3/tests/cJSON.c:123:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(version, "%i.%i.%i", CJSON_VERSION_MAJOR, CJSON_VERSION_MINOR, CJSON_VERSION_PATCH);
data/libavif-0.8.3/tests/cJSON.c:200:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, string, length);
data/libavif-0.8.3/tests/cJSON.c:305:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char number_c_string[64];
data/libavif-0.8.3/tests/cJSON.c:512:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newbuffer, p->buffer, p->offset + 1);
data/libavif-0.8.3/tests/cJSON.c:549:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char number_buffer[26] = {0}; /* temporary buffer to print the number into */
data/libavif-0.8.3/tests/cJSON.c:561:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
length = sprintf((char*)number_buffer, "null");
data/libavif-0.8.3/tests/cJSON.c:566:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
length = sprintf((char*)number_buffer, "%1.15g", d);
data/libavif-0.8.3/tests/cJSON.c:572:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
length = sprintf((char*)number_buffer, "%1.17g", d);
data/libavif-0.8.3/tests/cJSON.c:918:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)output, "\"\"");
data/libavif-0.8.3/tests/cJSON.c:959:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output + 1, input, output_length);
data/libavif-0.8.3/tests/cJSON.c:1005:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char*)output_pointer, "u%04x", *input_pointer);
data/libavif-0.8.3/tests/cJSON.c:1222:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(printed, buffer->buffer, cjson_min(buffer->length, buffer->offset + 1));
data/libavif-0.8.3/tests/cJSON.c:1378:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)output, "null");
data/libavif-0.8.3/tests/cJSON.c:1387:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)output, "false");
data/libavif-0.8.3/tests/cJSON.c:1396:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)output, "true");
data/libavif-0.8.3/tests/cJSON.c:1416:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, item->valuestring, raw_length);
data/libavif-0.8.3/tests/cJSON.c:1935:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reference, item, sizeof(cJSON));
data/libavif-0.8.3/tests/testcase.c:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basenameBuffer[1024];
data/libavif-0.8.3/tests/testcase.c:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nameBuffer[1024];
data/libavif-0.8.3/tests/testcase.c:205:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char y4mFilename[2048];
data/libavif-0.8.3/apps/avifenc.c:133:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, arg, 127);
data/libavif-0.8.3/apps/avifenc.c:158:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, arg, 127);
data/libavif-0.8.3/apps/avifenc.c:178:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ungetc(fgetc(stdin), stdin); // Kick stdin to force EOF
data/libavif-0.8.3/apps/shared/avifutil.c:79:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t fileExtLen = strlen(fileExt);
data/libavif-0.8.3/apps/shared/y4m.c:130:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(out, (const char *)p, formatLen);
data/libavif-0.8.3/apps/shared/y4m.c:336:20: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ungetc(fgetc(frame.inputFile), frame.inputFile); // Kick frame.inputFile to force EOF
data/libavif-0.8.3/include/avif/avif.h:565:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
avifIOReadFunc read;
data/libavif-0.8.3/src/avif.c:388:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str);
data/libavif-0.8.3/src/avif.c:542:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t appendLen = strlen(appendStr);
data/libavif-0.8.3/src/read.c:710:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
avifResult readResult = io->read(io, 0, extent->offset, bytesToRead, &offsetBuffer);
data/libavif-0.8.3/src/read.c:2074:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readResult = decoder->io->read(decoder->io, 0, parseOffset, 32, &headerContents);
data/libavif-0.8.3/src/read.c:2096:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readResult = decoder->io->read(decoder->io, 0, parseOffset, header.size, &boxContents);
data/libavif-0.8.3/src/read.c:2271:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
avifResult readResult = decoder->io->read(decoder->io, 0, sample->offset, bytesToRead, &sampleContents);
data/libavif-0.8.3/src/read.c:2293:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!decoder->io || !decoder->io->read) {
data/libavif-0.8.3/src/read.c:2746:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!decoder->io || !decoder->io->read) {
data/libavif-0.8.3/src/stream.c:132:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t stringLen = strlen(streamString);
data/libavif-0.8.3/tests/aviftest.c:329:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t dataDirLen = strlen(dataDir);
data/libavif-0.8.3/tests/aviftest.c:330:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ioSuffixLen = strlen(ioSuffix);
data/libavif-0.8.3/tests/aviftest.c:338:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ioDirLen = strlen(ioDir);
data/libavif-0.8.3/tests/aviftest.c:348:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t filenameLen = strlen(filename);
data/libavif-0.8.3/tests/cJSON.c:194:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen((const char*)string) + sizeof("");
data/libavif-0.8.3/tests/cJSON.c:404:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valuestring) <= strlen(object->valuestring))
data/libavif-0.8.3/tests/cJSON.c:404:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valuestring) <= strlen(object->valuestring))
data/libavif-0.8.3/tests/cJSON.c:532:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer->offset += strlen((const char*)buffer_pointer);
data/libavif-0.8.3/tests/cJSON.c:1083:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_length = strlen(value) + sizeof("");
data/libavif-0.8.3/tests/cJSON.c:1410:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
raw_length = strlen(item->valuestring) + sizeof("");
ANALYSIS SUMMARY:
Hits = 160
Lines analyzed = 19047 in approximately 0.56 seconds (33872 lines/second)
Physical Source Lines of Code (SLOC) = 14735
Hits@level = [0] 274 [1] 26 [2] 128 [3] 0 [4] 6 [5] 0
Hits@level+ = [0+] 434 [1+] 160 [2+] 134 [3+] 6 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 29.4537 [1+] 10.8585 [2+] 9.09399 [3+] 0.407194 [4+] 0.407194 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.