Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp
Examining data/libtwelvemonkeys-java-3.6.1/sandbox/sandbox-common/src/main/java/com/twelvemonkeys/image/inv_cmap.c
FINAL RESULTS:
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:158:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sz, "Opcode: %s\n", optable[Opcode].name);
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1159:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sz, "%s (%d,%d) (%d,%d).\n",
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:95:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sz[256];
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:123:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sz, "PICT version %d found.\n", Version);
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:138:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sz[256];
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:156:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sz, "Opcode: reserved=0x%x\n", Opcode);
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:219:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sz, "Opcode: reserved 0x%x.\n", Opcode);
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:227:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sz, "Opcode: reserved 0x%x.\n", Opcode);
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:233:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sz, "Opcode: reserved 0x%x.\n", Opcode);
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:239:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sz, "Opcode: reserved 0x%x.\n", Opcode);
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:245:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sz[256];
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:246:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sz, "Can't handle Opcode %x.\n", Opcode);
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:720:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pLineArray[i], pRawLine, Width);
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:804:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sz[256];
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:805:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sz,
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:856:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pBuf+(k*4*PixelPerRLEUnit), pBuf,
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:866:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pBuf+(k*PixelPerRLEUnit), pBuf,
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:892:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pDestLine, pLineBuf, 4*Width);
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:894:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pDestLine, pLineBuf, Width);
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1009:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pDestBuf, pSrcBuf, Width);
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1115:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sz[256];
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1116:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sz, "Palette Size: %d\n", *pNumColors);
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1158:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sz[256];
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1170:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sz[256];
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1174:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sz, " version: 0x%x\n", pPixMap->version);
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1176:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sz, " packType: %d\n", pPixMap->packType);
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1178:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sz, " packSize: %ld\n", pPixMap->packSize);
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1180:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sz, " hRes: %ld\n", pPixMap->hRes);
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1182:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sz, " vRes: %ld\n", pPixMap->vRes);
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1184:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sz, " pixelSize: %d\n", pPixMap->pixelSize);
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1186:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sz, " cmpCount: %d\n", pPixMap->cmpCount);
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1188:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sz, " cmpSize: %d.\n", pPixMap->cmpSize);
data/libtwelvemonkeys-java-3.6.1/imageio/imageio-pict/src/main/java/com/twelvemonkeys/imageio/plugins/pict/plpictdec.cpp:1190:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sz, " planeBytes: %ld.\n", pPixMap->planeBytes);
data/libtwelvemonkeys-java-3.6.1/sandbox/sandbox-common/src/main/java/com/twelvemonkeys/image/inv_cmap.c:207:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *colormap[3], *rgbmap;
ANALYSIS SUMMARY:
Hits = 34
Lines analyzed = 1796 in approximately 0.18 seconds (10221 lines/second)
Physical Source Lines of Code (SLOC) = 1222
Hits@level = [0] 0 [1] 0 [2] 32 [3] 0 [4] 2 [5] 0
Hits@level+ = [0+] 34 [1+] 34 [2+] 34 [3+] 2 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 27.8232 [1+] 27.8232 [2+] 27.8232 [3+] 1.63666 [4+] 1.63666 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.