Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libxpm-3.5.12/include/X11/xpm.h
Examining data/libxpm-3.5.12/src/RdFToI.c
Examining data/libxpm-3.5.12/src/CrPFrDat.c
Examining data/libxpm-3.5.12/src/misc.c
Examining data/libxpm-3.5.12/src/Info.c
Examining data/libxpm-3.5.12/src/WrFFrDat.c
Examining data/libxpm-3.5.12/src/hashtab.c
Examining data/libxpm-3.5.12/src/data.c
Examining data/libxpm-3.5.12/src/amigax.h
Examining data/libxpm-3.5.12/src/CrDatFrI.c
Examining data/libxpm-3.5.12/src/CrDatFrP.c
Examining data/libxpm-3.5.12/src/scan.c
Examining data/libxpm-3.5.12/src/CrPFrI.c
Examining data/libxpm-3.5.12/src/simx.h
Examining data/libxpm-3.5.12/src/XpmI.h
Examining data/libxpm-3.5.12/src/amigax.c
Examining data/libxpm-3.5.12/src/Attrib.c
Examining data/libxpm-3.5.12/src/CrIFrDat.c
Examining data/libxpm-3.5.12/src/RdFToDat.c
Examining data/libxpm-3.5.12/src/CrPFrBuf.c
Examining data/libxpm-3.5.12/src/Image.c
Examining data/libxpm-3.5.12/src/CrBufFrI.c
Examining data/libxpm-3.5.12/src/RdFToBuf.c
Examining data/libxpm-3.5.12/src/CrBufFrP.c
Examining data/libxpm-3.5.12/src/WrFFrI.c
Examining data/libxpm-3.5.12/src/RdFToP.c
Examining data/libxpm-3.5.12/src/create.c
Examining data/libxpm-3.5.12/src/WrFFrBuf.c
Examining data/libxpm-3.5.12/src/rgb.c
Examining data/libxpm-3.5.12/src/parse.c
Examining data/libxpm-3.5.12/src/CrIFrP.c
Examining data/libxpm-3.5.12/src/rgbtab.h
Examining data/libxpm-3.5.12/src/WrFFrP.c
Examining data/libxpm-3.5.12/src/simx.c
Examining data/libxpm-3.5.12/src/CrIFrBuf.c
Examining data/libxpm-3.5.12/sxpm/sxpm.c
Examining data/libxpm-3.5.12/cxpm/cxpm.c
FINAL RESULTS:
data/libxpm-3.5.12/src/CrBufFrI.c:149:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr, buf);
data/libxpm-3.5.12/src/CrBufFrI.c:202:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr + used_size, buf);
data/libxpm-3.5.12/src/CrBufFrI.c:322:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s + *used_size, buf);
data/libxpm-3.5.12/src/CrDatFrI.c:176:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*header, buf);
data/libxpm-3.5.12/src/CrDatFrI.c:216:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*sptr, *sptr2);
data/libxpm-3.5.12/src/CrDatFrI.c:294:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
*dataptr = strcpy(s, buf);
data/libxpm-3.5.12/src/CrDatFrI.c:411:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*dataptr, *line);
data/libxpm-3.5.12/src/RdFToI.c:164:6: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(cmd, cmd, arg1, (char *)NULL);
data/libxpm-3.5.12/src/RdFToI.c:219:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(compressfile, filename);
data/libxpm-3.5.12/src/RdFToI.c:220:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(compressfile + len, ext = ".Z");
data/libxpm-3.5.12/src/RdFToI.c:224:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(compressfile + len, ext = ".gz");
data/libxpm-3.5.12/src/XpmI.h:57:14: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
extern FILE *popen();
data/libxpm-3.5.12/src/misc.c:52:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s2, s1);
data/libxpm-3.5.12/src/parse.c:60:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dst, src); \
data/libxpm-3.5.12/src/parse.c:64:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst, src); \
data/libxpm-3.5.12/sxpm/sxpm.c:546:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(xString, "Sxpm: %s", input);
data/libxpm-3.5.12/src/CrBufFrI.c:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/libxpm-3.5.12/src/CrBufFrI.c:135:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "/* XPM */\nstatic char * image_name[] = {\n");
data/libxpm-3.5.12/src/CrBufFrI.c:164:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "\"%d %d %d %d", image->width, image->height,
data/libxpm-3.5.12/src/CrBufFrI.c:183:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf + l, " XPMEXT");
data/libxpm-3.5.12/src/CrBufFrI.c:191:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf + l, "\",\n");
data/libxpm-3.5.12/src/CrBufFrI.c:257:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ptr + used_size, "};\n");
data/libxpm-3.5.12/src/CrBufFrI.c:280:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ] = {0};
data/libxpm-3.5.12/src/CrBufFrI.c:312:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, "\",\n");
data/libxpm-3.5.12/src/CrBufFrI.c:357:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, "\",\n");
data/libxpm-3.5.12/src/CrDatFrI.c:111:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/libxpm-3.5.12/src/CrDatFrI.c:152:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%d %d %d %d", image->width, image->height,
data/libxpm-3.5.12/src/CrDatFrI.c:162:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, " %d %d", info->x_hotspot, info->y_hotspot);
data/libxpm-3.5.12/src/CrDatFrI.c:168:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, " XPMEXT");
data/libxpm-3.5.12/src/CrDatFrI.c:256:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/libxpm-3.5.12/src/CrDatFrI.c:418:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(*dataptr, "XPMENDEXT");
data/libxpm-3.5.12/src/RdFToBuf.c:75:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/libxpm-3.5.12/src/RdFToBuf.c:77:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY, NULL);
data/libxpm-3.5.12/src/RdFToI.c:204:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename, O_RDONLY);
data/libxpm-3.5.12/src/RdFToI.c:221:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(compressfile, O_RDONLY);
data/libxpm-3.5.12/src/RdFToI.c:225:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(compressfile, O_RDONLY);
data/libxpm-3.5.12/src/WrFFrBuf.c:48:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(filename, "w");
data/libxpm-3.5.12/src/WrFFrI.c:109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dot, *s, new_name[BUFSIZ] = {0};
data/libxpm-3.5.12/src/WrFFrI.c:333:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename, O_WRONLY|O_CREAT|O_TRUNC, 0644);
data/libxpm-3.5.12/src/XpmI.h:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Comment[XPMMAXCMTLEN];
data/libxpm-3.5.12/src/amigax.c:289:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexstr[10];
data/libxpm-3.5.12/src/amigax.c:309:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512], name[512];
data/libxpm-3.5.12/src/amigax.c:312:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rgbf = fopen ("LIBS:rgb.txt", "r");
data/libxpm-3.5.12/src/create.c:1032:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const _reverse_byte[0x100] = {
data/libxpm-3.5.12/src/create.c:1150:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const _lomask[0x09] = {
data/libxpm-3.5.12/src/create.c:1152:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const _himask[0x09] = {
data/libxpm-3.5.12/src/create.c:2453:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/libxpm-3.5.12/src/data.c:282:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/libxpm-3.5.12/src/data.c:408:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ+1] = {0};
data/libxpm-3.5.12/src/parse.c:94:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ + 1];
data/libxpm-3.5.12/src/parse.c:206:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ+1];
data/libxpm-3.5.12/src/parse.c:207:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curbuf[BUFSIZ]; /* current buffer */
data/libxpm-3.5.12/src/parse.c:282:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, curbuf, len);
data/libxpm-3.5.12/src/parse.c:309:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, curbuf, len);
data/libxpm-3.5.12/src/parse.c:370:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, curbuf, len);
data/libxpm-3.5.12/src/parse.c:506:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/libxpm-3.5.12/src/rgb.c:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512], name[512], *rgbname, *s1, *s2;
data/libxpm-3.5.12/src/rgb.c:69:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((rgbf = fopen(rgb_fname, "r")) == NULL)
data/libxpm-3.5.12/src/scan.c:536:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
adefaults = (char **) oldColorTable[j];
data/libxpm-3.5.12/src/scan.c:558:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/libxpm-3.5.12/src/scan.c:560:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "#%04X%04X%04X",
data/libxpm-3.5.12/src/scan.c:563:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "#%02x%02x%02x",
data/libxpm-3.5.12/src/simx.h:146:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open _open
data/libxpm-3.5.12/sxpm/sxpm.c:320:33: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
symbols[numsymbols++].pixel = atol(argv[++n]);
data/libxpm-3.5.12/sxpm/sxpm.c:329:33: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
symbols[numsymbols++].pixel = atol(argv[++n]);
data/libxpm-3.5.12/cxpm/cxpm.c:60:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = getc(data->stream.file);
data/libxpm-3.5.12/src/CrBufFrI.c:137:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
used_size = strlen(buf);
data/libxpm-3.5.12/src/CrBufFrI.c:158:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
used_size += strlen(info->hints_cmt) + 5;
data/libxpm-3.5.12/src/CrBufFrI.c:167:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(buf);
data/libxpm-3.5.12/src/CrBufFrI.c:176:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(buf);
data/libxpm-3.5.12/src/CrBufFrI.c:185:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(buf);
data/libxpm-3.5.12/src/CrBufFrI.c:193:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(buf);
data/libxpm-3.5.12/src/CrBufFrI.c:212:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
used_size += strlen(info->colors_cmt) + 5;
data/libxpm-3.5.12/src/CrBufFrI.c:245:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
used_size += strlen(info->pixels_cmt) + 5;
data/libxpm-3.5.12/src/CrBufFrI.c:292:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, *defaults++, cpp);
data/libxpm-3.5.12/src/CrBufFrI.c:303:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/libxpm-3.5.12/src/CrBufFrI.c:352:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, colors[*pixels].string, cpp); /* how can we trust *pixels? :-\ */
data/libxpm-3.5.12/src/CrBufFrI.c:365:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, colors[*pixels].string, cpp); /* how can we trust *pixels? */
data/libxpm-3.5.12/src/CrBufFrI.c:385:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen(ext->name) + 11;
data/libxpm-3.5.12/src/CrBufFrI.c:389:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen(*line) + 4;
data/libxpm-3.5.12/src/CrBufFrI.c:415:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(ext->name) + 11;
data/libxpm-3.5.12/src/CrBufFrI.c:424:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(*line) + 4;
data/libxpm-3.5.12/src/CrBufFrI.c:428:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(s, ",\n\"XPMENDEXT\"", data_size - (s-dataptr)-1);
data/libxpm-3.5.12/src/CrBufFrI.c:440:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += 5 + strlen(info->hints_cmt);
data/libxpm-3.5.12/src/CrBufFrI.c:443:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += 5 + strlen(info->colors_cmt);
data/libxpm-3.5.12/src/CrBufFrI.c:446:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += 5 + strlen(info->pixels_cmt);
data/libxpm-3.5.12/src/CrDatFrI.c:155:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/libxpm-3.5.12/src/CrDatFrI.c:164:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/libxpm-3.5.12/src/CrDatFrI.c:217:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(sptr + 1) = *sptr + strlen(*sptr2) + 1;
data/libxpm-3.5.12/src/CrDatFrI.c:267:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, *defaults++, cpp);
data/libxpm-3.5.12/src/CrDatFrI.c:281:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/libxpm-3.5.12/src/CrDatFrI.c:329:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, colors[*pixels].string, cpp); /* why trust pixel? */
data/libxpm-3.5.12/src/CrDatFrI.c:343:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, colors[*pixels].string, cpp); /* why should we trust *pixel? */
data/libxpm-3.5.12/src/CrDatFrI.c:368:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ext->name) + 8;
data/libxpm-3.5.12/src/CrDatFrI.c:374:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(*line) + 1;
data/libxpm-3.5.12/src/CrDatFrI.c:407:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(dataptr + 1) = *dataptr + strlen(ext->name) + 8;
data/libxpm-3.5.12/src/CrDatFrI.c:414:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(dataptr + 1) = *dataptr + strlen(*line) + 1;
data/libxpm-3.5.12/src/RdFToI.c:215:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(filename);
data/libxpm-3.5.12/src/WrFFrBuf.c:53:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buffer);
data/libxpm-3.5.12/src/WrFFrI.c:132:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_name, name, sizeof(new_name));
data/libxpm-3.5.12/src/WrFFrI.c:143:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_name, name, sizeof(new_name));
data/libxpm-3.5.12/src/WrFFrI.c:271:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, colors[*pixels].string, cpp);
data/libxpm-3.5.12/src/WrFFrI.c:281:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, colors[*pixels].string, cpp);
data/libxpm-3.5.12/src/WrFFrI.c:337:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(filename);
data/libxpm-3.5.12/src/XpmI.h:231:23: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(*mdata->cptr++) : (getc(mdata->stream.file)))
data/libxpm-3.5.12/src/amigax.c:285:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
spec_length = strlen(spec);
data/libxpm-3.5.12/src/amigax.c:296:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (hexstr, spec + 1, hexlen);
data/libxpm-3.5.12/src/amigax.c:298:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (hexstr, spec + 1 + hexlen, hexlen);
data/libxpm-3.5.12/src/amigax.c:300:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (hexstr, spec + 1 + 2 * hexlen, hexlen);
data/libxpm-3.5.12/src/data.c:53:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define Getc(data, file) getc(file)
data/libxpm-3.5.12/src/data.c:311:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p, start, n);
data/libxpm-3.5.12/src/data.c:336:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(q, buf, i);
data/libxpm-3.5.12/src/data.c:359:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(q, buf, i);
data/libxpm-3.5.12/src/data.c:386:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*cmt, data->Comment, data->CommentLength);
data/libxpm-3.5.12/src/misc.c:49:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(s1) + 1;
data/libxpm-3.5.12/src/parse.c:59:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(dst) + strlen(src)) < (dstsize)) \
data/libxpm-3.5.12/src/parse.c:59:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(dst) + strlen(src)) < (dstsize)) \
data/libxpm-3.5.12/src/parse.c:63:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src) < (dstsize)) \
data/libxpm-3.5.12/src/parse.c:270:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(*sptr) == l) && (!strncmp(*sptr, buf, l)))
data/libxpm-3.5.12/src/parse.c:275:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(curbuf) + 1;
data/libxpm-3.5.12/src/parse.c:303:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(curbuf) + 1; /* integer overflow just theoretically possible */
data/libxpm-3.5.12/src/parse.c:364:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(curbuf) + 1;
data/libxpm-3.5.12/src/parse.c:623:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ext->name, s + a, l - a - 6);
data/libxpm-3.5.12/src/rgb.c:93:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(rgbname = (char *) XpmMalloc(strlen(name) + 1)))
data/libxpm-3.5.12/src/simx.c:168:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(hex);
data/libxpm-3.5.12/sxpm/sxpm.c:284:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(argv[n]) == 1) && (argv[n][0] == '-'))
data/libxpm-3.5.12/sxpm/sxpm.c:289:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(argv[n + 1]) == 1) && (argv[n + 1][0] == '-'))
data/libxpm-3.5.12/sxpm/sxpm.c:545:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xString = (char *) XtMalloc((sizeof(char) * strlen(input)) + 20);
ANALYSIS SUMMARY:
Hits = 128
Lines analyzed = 11654 in approximately 0.33 seconds (35591 lines/second)
Physical Source Lines of Code (SLOC) = 8071
Hits@level = [0] 43 [1] 63 [2] 49 [3] 0 [4] 16 [5] 0
Hits@level+ = [0+] 171 [1+] 128 [2+] 65 [3+] 16 [4+] 16 [5+] 0
Hits/KSLOC@level+ = [0+] 21.187 [1+] 15.8592 [2+] 8.05352 [3+] 1.98241 [4+] 1.98241 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.