Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libglu-9.0.1/src/libnurbs/interface/glsurfeval.cc
Examining data/libglu-9.0.1/src/libnurbs/interface/glimports.h
Examining data/libglu-9.0.1/src/libnurbs/interface/glinterface.cc
Examining data/libglu-9.0.1/src/libnurbs/interface/bezierEval.h
Examining data/libglu-9.0.1/src/libnurbs/interface/glrenderer.cc
Examining data/libglu-9.0.1/src/libnurbs/interface/glcurveval.cc
Examining data/libglu-9.0.1/src/libnurbs/interface/bezierPatch.cc
Examining data/libglu-9.0.1/src/libnurbs/interface/mystdio.h
Examining data/libglu-9.0.1/src/libnurbs/interface/incurveeval.cc
Examining data/libglu-9.0.1/src/libnurbs/interface/bezierPatchMesh.h
Examining data/libglu-9.0.1/src/libnurbs/interface/glcurveval.h
Examining data/libglu-9.0.1/src/libnurbs/interface/bezierPatch.h
Examining data/libglu-9.0.1/src/libnurbs/interface/insurfeval.cc
Examining data/libglu-9.0.1/src/libnurbs/interface/glsurfeval.h
Examining data/libglu-9.0.1/src/libnurbs/interface/bezierEval.cc
Examining data/libglu-9.0.1/src/libnurbs/interface/mystdlib.h
Examining data/libglu-9.0.1/src/libnurbs/interface/bezierPatchMesh.cc
Examining data/libglu-9.0.1/src/libnurbs/interface/glrenderer.h
Examining data/libglu-9.0.1/src/libnurbs/internals/pwlarc.h
Examining data/libglu-9.0.1/src/libnurbs/internals/arc.h
Examining data/libglu-9.0.1/src/libnurbs/internals/arc.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/slicer.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/flist.h
Examining data/libglu-9.0.1/src/libnurbs/internals/trimvertpool.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/curve.h
Examining data/libglu-9.0.1/src/libnurbs/internals/renderhints.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/basicsurfeval.h
Examining data/libglu-9.0.1/src/libnurbs/internals/subdivider.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/flist.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/curve.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/myassert.h
Examining data/libglu-9.0.1/src/libnurbs/internals/coveandtiler.h
Examining data/libglu-9.0.1/src/libnurbs/internals/knotvector.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/nurbsinterfac.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/uarray.h
Examining data/libglu-9.0.1/src/libnurbs/internals/curvelist.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/varray.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/trimline.h
Examining data/libglu-9.0.1/src/libnurbs/internals/mymath.h
Examining data/libglu-9.0.1/src/libnurbs/internals/flistsorter.h
Examining data/libglu-9.0.1/src/libnurbs/internals/dataTransform.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/trimregion.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/mystring.h
Examining data/libglu-9.0.1/src/libnurbs/internals/reader.h
Examining data/libglu-9.0.1/src/libnurbs/internals/patch.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/jarcloc.h
Examining data/libglu-9.0.1/src/libnurbs/internals/bin.h
Examining data/libglu-9.0.1/src/libnurbs/internals/types.h
Examining data/libglu-9.0.1/src/libnurbs/internals/knotvector.h
Examining data/libglu-9.0.1/src/libnurbs/internals/trimvertex.h
Examining data/libglu-9.0.1/src/libnurbs/internals/splitarcs.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/intersect.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/mycode.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/coveandtiler.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/hull.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/trimvertpool.h
Examining data/libglu-9.0.1/src/libnurbs/internals/bezierarc.h
Examining data/libglu-9.0.1/src/libnurbs/internals/nurbstess.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/displaymode.h
Examining data/libglu-9.0.1/src/libnurbs/internals/quilt.h
Examining data/libglu-9.0.1/src/libnurbs/internals/bin.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/patchlist.h
Examining data/libglu-9.0.1/src/libnurbs/internals/arcsorter.h
Examining data/libglu-9.0.1/src/libnurbs/internals/displaylist.h
Examining data/libglu-9.0.1/src/libnurbs/internals/mesher.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/bufpool.h
Examining data/libglu-9.0.1/src/libnurbs/internals/bufpool.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/gridvertex.h
Examining data/libglu-9.0.1/src/libnurbs/internals/uarray.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/backend.h
Examining data/libglu-9.0.1/src/libnurbs/internals/mapdescv.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/gridtrimvertex.h
Examining data/libglu-9.0.1/src/libnurbs/internals/hull.h
Examining data/libglu-9.0.1/src/libnurbs/internals/quilt.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/basiccrveval.h
Examining data/libglu-9.0.1/src/libnurbs/internals/mapdesc.h
Examining data/libglu-9.0.1/src/libnurbs/internals/arcsorter.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/nurbsconsts.h
Examining data/libglu-9.0.1/src/libnurbs/internals/backend.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/basiccrveval.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/sorter.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/ccw.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/varray.h
Examining data/libglu-9.0.1/src/libnurbs/internals/gridline.h
Examining data/libglu-9.0.1/src/libnurbs/internals/trimregion.h
Examining data/libglu-9.0.1/src/libnurbs/internals/simplemath.h
Examining data/libglu-9.0.1/src/libnurbs/internals/monotonizer.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/slicer.h
Examining data/libglu-9.0.1/src/libnurbs/internals/sorter.h
Examining data/libglu-9.0.1/src/libnurbs/internals/flistsorter.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/patchlist.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/tobezier.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/monoTriangulationBackend.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/defines.h
Examining data/libglu-9.0.1/src/libnurbs/internals/maplist.h
Examining data/libglu-9.0.1/src/libnurbs/internals/trimline.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/monotonizer.h
Examining data/libglu-9.0.1/src/libnurbs/internals/reader.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/cachingeval.h
Examining data/libglu-9.0.1/src/libnurbs/internals/cachingeval.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/patch.h
Examining data/libglu-9.0.1/src/libnurbs/internals/basicsurfeval.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/subdivider.h
Examining data/libglu-9.0.1/src/libnurbs/internals/curvelist.h
Examining data/libglu-9.0.1/src/libnurbs/internals/mesher.h
Examining data/libglu-9.0.1/src/libnurbs/internals/arctess.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/displaylist.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/mysetjmp.h
Examining data/libglu-9.0.1/src/libnurbs/internals/arctess.h
Examining data/libglu-9.0.1/src/libnurbs/internals/mapdesc.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/nurbstess.h
Examining data/libglu-9.0.1/src/libnurbs/internals/renderhints.h
Examining data/libglu-9.0.1/src/libnurbs/internals/dataTransform.h
Examining data/libglu-9.0.1/src/libnurbs/internals/curvesub.cc
Examining data/libglu-9.0.1/src/libnurbs/internals/maplist.cc
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/definitions.h
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/sampleCompBot.h
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/partitionY.cc
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/monoTriangulation.cc
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/rectBlock.h
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/monoPolyPart.cc
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/directedLine.cc
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/searchTree.cc
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/sampleMonoPoly.h
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/quicksort.h
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/sampleCompTop.h
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/partitionY.h
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/glimports.h
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/searchTree.h
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/monoChain.cc
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/sampleCompRight.cc
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/gridWrap.cc
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/partitionX.cc
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/primitiveStream.h
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/sampledLine.h
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/monoChain.h
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/sampleCompRight.h
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/polyDBG.h
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/monoPolyPart.h
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/sampledLine.cc
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/polyDBG.cc
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/polyUtil.cc
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/rectBlock.cc
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/directedLine.h
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/zlassert.h
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/mystdio.h
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/sampleComp.h
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/sampleCompTop.cc
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/sampleComp.cc
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/gridWrap.h
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/monoTriangulation.h
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/polyUtil.h
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/sampleMonoPoly.cc
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/primitiveStream.cc
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/sampleCompBot.cc
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/partitionX.h
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/mystdlib.h
Examining data/libglu-9.0.1/src/libnurbs/nurbtess/quicksort.cc
Examining data/libglu-9.0.1/src/libutil/project.c
Examining data/libglu-9.0.1/src/libutil/gluint.h
Examining data/libglu-9.0.1/src/libutil/mipmap.c
Examining data/libglu-9.0.1/src/libutil/quad.c
Examining data/libglu-9.0.1/src/libutil/glue.c
Examining data/libglu-9.0.1/src/libutil/error.c
Examining data/libglu-9.0.1/src/libutil/registry.c
Examining data/libglu-9.0.1/src/include/gluos.h
Examining data/libglu-9.0.1/src/libtess/mesh.h
Examining data/libglu-9.0.1/src/libtess/tess.c
Examining data/libglu-9.0.1/src/libtess/priorityq-heap.h
Examining data/libglu-9.0.1/src/libtess/dict.c
Examining data/libglu-9.0.1/src/libtess/tess.h
Examining data/libglu-9.0.1/src/libtess/mesh.c
Examining data/libglu-9.0.1/src/libtess/memalloc.c
Examining data/libglu-9.0.1/src/libtess/priorityq-heap.c
Examining data/libglu-9.0.1/src/libtess/dict.h
Examining data/libglu-9.0.1/src/libtess/sweep.c
Examining data/libglu-9.0.1/src/libtess/dict-list.h
Examining data/libglu-9.0.1/src/libtess/sweep.h
Examining data/libglu-9.0.1/src/libtess/priorityq.c
Examining data/libglu-9.0.1/src/libtess/tessmono.h
Examining data/libglu-9.0.1/src/libtess/render.c
Examining data/libglu-9.0.1/src/libtess/tessmono.c
Examining data/libglu-9.0.1/src/libtess/priorityq-sort.h
Examining data/libglu-9.0.1/src/libtess/render.h
Examining data/libglu-9.0.1/src/libtess/memalloc.h
Examining data/libglu-9.0.1/src/libtess/priorityq.h
Examining data/libglu-9.0.1/src/libtess/normal.h
Examining data/libglu-9.0.1/src/libtess/geom.c
Examining data/libglu-9.0.1/src/libtess/normal.c
Examining data/libglu-9.0.1/src/libtess/geom.h
Examining data/libglu-9.0.1/include/GL/glu_mangle.h
Examining data/libglu-9.0.1/include/GL/glu.h
FINAL RESULTS:
data/libglu-9.0.1/src/libnurbs/interface/mystdio.h:46:22: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _glu_dprintf printf
data/libglu-9.0.1/src/libnurbs/nurbtess/mystdio.h:46:22: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _glu_dprintf printf
data/libglu-9.0.1/src/libutil/registry.c:76:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lookHere,(const char *)extString);
data/libglu-9.0.1/src/libtess/geom.c:192:15: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
a = 1.2 * drand48() - 0.1;
data/libglu-9.0.1/src/libtess/normal.c:174:36: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define S_UNIT_X (RandomSweep ? (2*drand48()-1) : 1.0)
data/libglu-9.0.1/src/libtess/normal.c:175:36: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define S_UNIT_Y (RandomSweep ? (2*drand48()-1) : 0.0)
data/libglu-9.0.1/src/libnurbs/internals/bufpool.h:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *blocklist[NBLOCKS]; /* blocks of malloced memory */
data/libglu-9.0.1/src/libnurbs/internals/mapdesc.cc:149:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( d, s, hcoords * sizeof( REAL ) );
data/libglu-9.0.1/src/libnurbs/internals/mystring.h:41:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
extern "C" void * memcpy(void *, const void *, size_t);
data/libglu-9.0.1/src/libnurbs/internals/mystring.h:46:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memcpy(a,b,c) bcopy(b,a,c)
data/libglu-9.0.1/src/libnurbs/internals/mystring.h:46:23: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memcpy(a,b,c) bcopy(b,a,c)
data/libglu-9.0.1/src/libnurbs/internals/mystring.h:48:18: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
extern "C" void bcopy(const void *, void *, int);
data/libglu-9.0.1/src/libnurbs/internals/patch.cc:203:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( lower.bb, upper.bb, sizeof( bb ) );
data/libglu-9.0.1/src/libnurbs/internals/slicer.cc:876:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen(name, "r");
data/libglu-9.0.1/src/libnurbs/internals/tobezier.cc:660:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( topt, frompt, ncoords * sizeof( REAL ) );
data/libglu-9.0.1/src/libnurbs/internals/trimvertpool.cc:112:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( nvlist, vlist, nextvlistslot * sizeof(TrimVertex_p) );
data/libglu-9.0.1/src/libnurbs/nurbtess/directedLine.cc:758:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen(filename, "w");
data/libglu-9.0.1/src/libnurbs/nurbtess/directedLine.cc:795:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen(filename, "r");
data/libglu-9.0.1/src/libutil/mipmap.c:41:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ub[4];
data/libglu-9.0.1/src/libutil/mipmap.c:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[4];
data/libglu-9.0.1/src/libutil/mipmap.c:464:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert(src == &((const char *)dataIn)[ysize*height]);
data/libglu-9.0.1/src/libutil/mipmap.c:465:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert((char *)dest == &((char *)dataOut)
data/libglu-9.0.1/src/libutil/mipmap.c:562:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert(src == &((const char *)dataIn)[ysize*height]);
data/libglu-9.0.1/src/libutil/mipmap.c:565:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert((char *)dest == &((char *)dataOut)
data/libglu-9.0.1/src/libutil/mipmap.c:699:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert(src == &((const char *)dataIn)[ysize*height]);
data/libglu-9.0.1/src/libutil/mipmap.c:702:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert((char *)dest == &((char *)dataOut)
data/libglu-9.0.1/src/libutil/mipmap.c:845:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert(src == &((const char *)dataIn)[ysize*height]);
data/libglu-9.0.1/src/libutil/mipmap.c:848:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert((char *)dest == &((char *)dataOut)
data/libglu-9.0.1/src/libutil/mipmap.c:991:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert(src == &((const char *)dataIn)[ysize*height]);
data/libglu-9.0.1/src/libutil/mipmap.c:994:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert((char *)dest == &((char *)dataOut)
data/libglu-9.0.1/src/libutil/mipmap.c:1137:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert(src == &((const char *)dataIn)[ysize*height]);
data/libglu-9.0.1/src/libutil/mipmap.c:1140:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert((char *)dest == &((char *)dataOut)
data/libglu-9.0.1/src/libutil/mipmap.c:1284:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert(src == &((const char *)dataIn)[ysize*height]);
data/libglu-9.0.1/src/libutil/mipmap.c:1285:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert((char *)dest == &((char *)dataOut)
data/libglu-9.0.1/src/libutil/mipmap.c:4525:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstTrav,srcTrav,rowsize);
data/libglu-9.0.1/src/libutil/mipmap.c:6500:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert(src == &((const char *)dataIn)[rowSizeInBytes*height]);
data/libglu-9.0.1/src/libutil/mipmap.c:6566:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert(src == &((const char *)dataIn)[rowSizeInBytes]);
data/libglu-9.0.1/src/libutil/mipmap.c:6607:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert(src == &((const char *)dataIn)[rowSizeInBytes*height]);
data/libglu-9.0.1/src/libutil/mipmap.c:7716:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert(src == &((const char *)dataIn)[rowSizeInBytes*height*depth]);
data/libglu-9.0.1/src/libutil/mipmap.c:8721:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert(src == &((const char *)dataIn)[rowSizeInBytes*height*depth]);
data/libglu-9.0.1/src/libutil/mipmap.c:8770:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert(src == &((const char *)dataIn)[rowSizeInBytes*height*depth]);
data/libglu-9.0.1/src/libutil/mipmap.c:8820:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert(src == &((const char *)dataIn)[rowSizeInBytes*height*depth]);
data/libglu-9.0.1/src/libutil/mipmap.c:8934:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert(src == &((const char *)dataIn)[rowSizeInBytes*height*depth]);
data/libglu-9.0.1/src/libnurbs/internals/mesher.cc:240:9: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
Mesher::equal( int x, int y )
data/libglu-9.0.1/src/libnurbs/internals/mesher.cc:282:6: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if( equal( 0, 1 ) ) {
data/libglu-9.0.1/src/libnurbs/internals/mesher.cc:290:13: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
} else if( equal( ilast-2, ilast-1) ) {
data/libglu-9.0.1/src/libnurbs/internals/mesher.cc:309:6: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if( equal( 1, 0) ) {
data/libglu-9.0.1/src/libnurbs/internals/mesher.cc:317:13: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
} else if( equal( ilast-1, ilast-2) ) {
data/libglu-9.0.1/src/libnurbs/internals/mesher.cc:346:6: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if( equal( 0, 1 ) ) {
data/libglu-9.0.1/src/libnurbs/internals/mesher.cc:354:13: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
} else if( equal( ilast-2, ilast-1) ) {
data/libglu-9.0.1/src/libnurbs/internals/mesher.cc:383:6: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if( equal( ilast-1, ilast-2 ) ) {
data/libglu-9.0.1/src/libnurbs/internals/mesher.cc:391:13: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
} else if( equal( itop, itop-1 ) ) {
data/libglu-9.0.1/src/libnurbs/internals/mesher.cc:420:6: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if( equal( 1, 0) ) {
data/libglu-9.0.1/src/libnurbs/internals/mesher.cc:428:13: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
} else if( equal( ilast-1, ilast-2) ) {
data/libglu-9.0.1/src/libnurbs/internals/mesher.cc:458:6: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if( equal( ilast-2, ilast-1) ) {
data/libglu-9.0.1/src/libnurbs/internals/mesher.cc:466:13: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
} else if( equal( itop-1, itop) ) {
data/libglu-9.0.1/src/libnurbs/internals/mesher.h:74:18: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
inline int equal( int, int );
data/libglu-9.0.1/src/libnurbs/internals/reader.cc:56:9: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
#define equal(x,y) ( glu_abs(x-y) <= 0.00001)
data/libglu-9.0.1/src/libnurbs/internals/reader.cc:81:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(equal(prev->param[0], array[0]) && equal(prev->param[1], array[1]))
data/libglu-9.0.1/src/libnurbs/internals/reader.cc:81:45: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(equal(prev->param[0], array[0]) && equal(prev->param[1], array[1]))
data/libglu-9.0.1/src/libutil/registry.c:72:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
deleteThis = lookHere = (char *)malloc(strlen((const char *)extString)+1);
ANALYSIS SUMMARY:
Hits = 61
Lines analyzed = 56856 in approximately 1.49 seconds (38137 lines/second)
Physical Source Lines of Code (SLOC) = 38069
Hits@level = [0] 105 [1] 18 [2] 37 [3] 3 [4] 3 [5] 0
Hits@level+ = [0+] 166 [1+] 61 [2+] 43 [3+] 6 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 4.3605 [1+] 1.60235 [2+] 1.12953 [3+] 0.157609 [4+] 0.0788043 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.