Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp Examining data/libtwelvemonkeys-java-3.6.1/sandbox/sandbox-common/src/main/java/com/twelvemonkeys/image/inv_cmap.c FINAL RESULTS: data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:158:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sz, "Opcode: %s\n", optable[Opcode].name); data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1159:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sz, "%s (%d,%d) (%d,%d).\n", data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:95:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sz[256]; data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:123:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sz, "PICT version %d found.\n", Version); data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:138:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sz[256]; data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:156:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sz, "Opcode: reserved=0x%x\n", Opcode); data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:219:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sz, "Opcode: reserved 0x%x.\n", Opcode); data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:227:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sz, "Opcode: reserved 0x%x.\n", Opcode); data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:233:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sz, "Opcode: reserved 0x%x.\n", Opcode); data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:239:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sz, "Opcode: reserved 0x%x.\n", Opcode); data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:245:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sz[256]; data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:246:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sz, "Can't handle Opcode %x.\n", Opcode); data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:720:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pLineArray[i], pRawLine, Width); data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:804:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sz[256]; data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:805:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sz, data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:856:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pBuf+(k*4*PixelPerRLEUnit), pBuf, data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:866:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pBuf+(k*PixelPerRLEUnit), pBuf, data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:892:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pDestLine, pLineBuf, 4*Width); data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:894:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pDestLine, pLineBuf, Width); data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1009:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pDestBuf, pSrcBuf, Width); data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1115:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sz[256]; data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1116:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sz, "Palette Size: %d\n", *pNumColors); data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1158:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sz[256]; data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1170:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sz[256]; data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1174:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sz, " version: 0x%x\n", pPixMap->version); data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1176:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sz, " packType: %d\n", pPixMap->packType); data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1178:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sz, " packSize: %ld\n", pPixMap->packSize); data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1180:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sz, " hRes: %ld\n", pPixMap->hRes); data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1182:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sz, " vRes: %ld\n", pPixMap->vRes); data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1184:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sz, " pixelSize: %d\n", pPixMap->pixelSize); data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1186:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sz, " cmpCount: %d\n", pPixMap->cmpCount); data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1188:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sz, " cmpSize: %d.\n", pPixMap->cmpSize); data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1190:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sz, " planeBytes: %ld.\n", pPixMap->planeBytes); data/libtwelvemonkeys-java-3.6.1/sandbox/sandbox-common/src/main/java/com/twelvemonkeys/image/inv_cmap.c:207:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *colormap[3], *rgbmap; ANALYSIS SUMMARY: Hits = 34 Lines analyzed = 1796 in approximately 0.18 seconds (10221 lines/second) Physical Source Lines of Code (SLOC) = 1222 Hits@level = [0] 0 [1] 0 [2] 32 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 34 [1+] 34 [2+] 34 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 27.8232 [1+] 27.8232 [2+] 27.8232 [3+] 1.63666 [4+] 1.63666 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.