Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libsoil-1.07~20080707.dfsg/src/SOIL.c
Examining data/libsoil-1.07~20080707.dfsg/src/image_helper.c
Examining data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.16.c
Examining data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.09.c
Examining data/libsoil-1.07~20080707.dfsg/src/image_DXT.h
Examining data/libsoil-1.07~20080707.dfsg/src/SOIL.h
Examining data/libsoil-1.07~20080707.dfsg/src/image_DXT.c
Examining data/libsoil-1.07~20080707.dfsg/src/image_helper.h
Examining data/libsoil-1.07~20080707.dfsg/src/stb_image_aug.h
Examining data/libsoil-1.07~20080707.dfsg/src/stbi_DDS_aug_c.h
Examining data/libsoil-1.07~20080707.dfsg/src/stbi_DDS_aug.h
Examining data/libsoil-1.07~20080707.dfsg/src/stb_image_aug.c
Examining data/libsoil-1.07~20080707.dfsg/src/test_SOIL.cpp
FINAL RESULTS:
data/libsoil-1.07~20080707.dfsg/src/SOIL.c:661:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *filename,
data/libsoil-1.07~20080707.dfsg/src/SOIL.c:662:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char face_order[6],
data/libsoil-1.07~20080707.dfsg/src/SOIL.c:746:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *const buffer,
data/libsoil-1.07~20080707.dfsg/src/SOIL.c:748:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char face_order[6],
data/libsoil-1.07~20080707.dfsg/src/SOIL.c:837:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *const data,
data/libsoil-1.07~20080707.dfsg/src/SOIL.c:839:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char face_order[6],
data/libsoil-1.07~20080707.dfsg/src/SOIL.c:1030:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( img, data, width*height*channels );
data/libsoil-1.07~20080707.dfsg/src/SOIL.c:1568:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( (void*)(&header), (const void *)buffer, sizeof( DDS_header ) );
data/libsoil-1.07~20080707.dfsg/src/SOIL.c:1722:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*)DDS_data, (const void*)(&buffer[buffer_index]), DDS_full_size );
data/libsoil-1.07~20080707.dfsg/src/SOIL.c:1841:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen( filename, "rb" );
data/libsoil-1.07~20080707.dfsg/src/SOIL.h:200:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *filename,
data/libsoil-1.07~20080707.dfsg/src/SOIL.h:201:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char face_order[6],
data/libsoil-1.07~20080707.dfsg/src/SOIL.h:296:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *const buffer,
data/libsoil-1.07~20080707.dfsg/src/SOIL.h:298:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char face_order[6],
data/libsoil-1.07~20080707.dfsg/src/SOIL.h:338:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *const data,
data/libsoil-1.07~20080707.dfsg/src/SOIL.h:340:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char face_order[6],
data/libsoil-1.07~20080707.dfsg/src/image_DXT.c:30:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *const uncompressed,
data/libsoil-1.07~20080707.dfsg/src/image_DXT.c:31:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char compressed[8] );
data/libsoil-1.07~20080707.dfsg/src/image_DXT.c:38:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *const uncompressed,
data/libsoil-1.07~20080707.dfsg/src/image_DXT.c:39:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char compressed[8] );
data/libsoil-1.07~20080707.dfsg/src/image_DXT.c:92:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen( filename, "wb");
data/libsoil-1.07~20080707.dfsg/src/image_DXT.c:108:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ublock[16*3];
data/libsoil-1.07~20080707.dfsg/src/image_DXT.c:109:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cblock[8];
data/libsoil-1.07~20080707.dfsg/src/image_DXT.c:189:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ublock[16*4];
data/libsoil-1.07~20080707.dfsg/src/image_DXT.c:190:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cblock[8];
data/libsoil-1.07~20080707.dfsg/src/image_DXT.c:300:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *const uncompressed,
data/libsoil-1.07~20080707.dfsg/src/image_DXT.c:504:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *const uncompressed,
data/libsoil-1.07~20080707.dfsg/src/image_DXT.c:505:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char compressed[8]
data/libsoil-1.07~20080707.dfsg/src/image_DXT.c:580:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *const uncompressed,
data/libsoil-1.07~20080707.dfsg/src/image_DXT.c:581:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char compressed[8]
data/libsoil-1.07~20080707.dfsg/src/image_helper.c:165:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char scale_LUT[256];
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.09.c:348:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char validate_uint32[sizeof(uint32)==4];
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.09.c:418:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.09.c:484:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.09.c:536:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.09.c:682:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, img_buffer, n);
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.09.c:1687:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.09.c:2009:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zout, zbuffer, len);
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.09.c:2415:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(idata+ioff, img_buffer, c.length);
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.09.c:2500:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.09.c:2809:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.09.c:2889:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char raw_data[4];
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.09.c:2890:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char trans_data[4];
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.09.c:3091:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.09.c:3302:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.09.c:3407:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[HDR_BUFLEN];
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.09.c:3599:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "wb");
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.16.c:387:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char validate_uint32[sizeof(uint32)==4];
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.16.c:458:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.16.c:524:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.16.c:576:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.16.c:723:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, s->img_buffer, n);
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.16.c:1830:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.16.c:2157:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a->zout, a->zbuffer, len);
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.16.c:2576:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z->idata+ioff, s->img_buffer, c.length);
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.16.c:2667:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.16.c:2982:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.16.c:3066:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char raw_data[4];
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.16.c:3067:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char trans_data[4];
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.16.c:3268:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.16.c:3482:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.16.c:3591:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[HDR_BUFLEN];
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.16.c:3785:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "wb");
data/libsoil-1.07~20080707.dfsg/src/stb_image_aug.c:99:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char validate_uint32[sizeof(uint32)==4];
data/libsoil-1.07~20080707.dfsg/src/stb_image_aug.c:177:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/stb_image_aug.c:251:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/stb_image_aug.c:303:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/stb_image_aug.c:450:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, s->img_buffer, n);
data/libsoil-1.07~20080707.dfsg/src/stb_image_aug.c:1557:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/stb_image_aug.c:1884:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a->zout, a->zbuffer, len);
data/libsoil-1.07~20080707.dfsg/src/stb_image_aug.c:2303:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z->idata+ioff, s->img_buffer, c.length);
data/libsoil-1.07~20080707.dfsg/src/stb_image_aug.c:2394:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/stb_image_aug.c:2709:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/stb_image_aug.c:2793:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char raw_data[4];
data/libsoil-1.07~20080707.dfsg/src/stb_image_aug.c:2995:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/stb_image_aug.c:3209:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/stb_image_aug.c:3319:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[HDR_BUFLEN];
data/libsoil-1.07~20080707.dfsg/src/stb_image_aug.c:3426:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[HDR_BUFLEN];
data/libsoil-1.07~20080707.dfsg/src/stb_image_aug.c:3548:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/stb_image_aug.c:3644:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "wb");
data/libsoil-1.07~20080707.dfsg/src/stbi_DDS_aug_c.h:117:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uncompressed[16*4],
data/libsoil-1.07~20080707.dfsg/src/stbi_DDS_aug_c.h:118:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char compressed[8] )
data/libsoil-1.07~20080707.dfsg/src/stbi_DDS_aug_c.h:123:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char decode_colors[4*4];
data/libsoil-1.07~20080707.dfsg/src/stbi_DDS_aug_c.h:173:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uncompressed[16*4],
data/libsoil-1.07~20080707.dfsg/src/stbi_DDS_aug_c.h:174:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char compressed[8] )
data/libsoil-1.07~20080707.dfsg/src/stbi_DDS_aug_c.h:187:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uncompressed[16*4],
data/libsoil-1.07~20080707.dfsg/src/stbi_DDS_aug_c.h:188:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char compressed[8] )
data/libsoil-1.07~20080707.dfsg/src/stbi_DDS_aug_c.h:191:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char decode_alpha[8];
data/libsoil-1.07~20080707.dfsg/src/stbi_DDS_aug_c.h:231:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uncompressed[16*4],
data/libsoil-1.07~20080707.dfsg/src/stbi_DDS_aug_c.h:232:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char compressed[8] )
data/libsoil-1.07~20080707.dfsg/src/stbi_DDS_aug_c.h:237:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char decode_colors[4*3];
data/libsoil-1.07~20080707.dfsg/src/stbi_DDS_aug_c.h:498:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.09.c:617:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(img_file);
data/libsoil-1.07~20080707.dfsg/src/original/stb_image-1.16.c:658:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(s->img_file);
data/libsoil-1.07~20080707.dfsg/src/stb_image_aug.c:385:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(s->img_file);
ANALYSIS SUMMARY:
Hits = 95
Lines analyzed = 16162 in approximately 0.43 seconds (37263 lines/second)
Physical Source Lines of Code (SLOC) = 12217
Hits@level = [0] 9 [1] 3 [2] 92 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 104 [1+] 95 [2+] 92 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 8.51273 [1+] 7.77605 [2+] 7.53049 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.