Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/matcher/frames.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/matcher/bitmaps.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/matcher/patterns.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/matcher/cuts.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/matcher/bitmaps.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/matcher/common.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/matcher/no_mdjvu.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/proto.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/jb2coder.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/zp.cpp Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/bmpcoder.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/zp.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/jb2const.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/bmpcoder.cpp Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/jb2save.cpp Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/jb2coder.cpp Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/jb2load.cpp Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/bs.cpp Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvudir.cpp Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvuinfo.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/iff.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/bs.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvusave.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvuload.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/pbm.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/tiff.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/tiffload.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/tiffsave.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/alg/clean.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/alg/nosubst.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/alg/split.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/alg/classify.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/alg/blitsort.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/alg/erosion.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/alg/compress.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/alg/adjust_y.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/alg/render.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/alg/delegate.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/alg/average.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/alg/smooth.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/1error.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/4bitmap.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/5image.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/6string.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/3graymap.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/mdjvucfg.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/version.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/0porting.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/djvu/djvu.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/djvu/iff.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/image-io/bmp.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/image-io/tiff.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/image-io/image-io.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/image-io/pbm.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/matcher.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/minidjvu.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/alg.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/classify.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/delegate.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/blitsort.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/average.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/compress.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/clean.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/adjust_y.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/split.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/render.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/erosion.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/nosubst.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/smooth.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/base/5image.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/base/version.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/base/base.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/base/0porting.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/base/6string.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/base/3graymap.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/base/4bitmap.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/base/2io.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/base/1error.h Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/jb2.h FINAL RESULTS: data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/pbm.c:112:9: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(file, data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:80:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pattern, page_name); data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:87:23: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. res = sscanf(elements[i],pattern,&idx); data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:107:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(name, suffix); data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:503:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dict_name, path); data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/djvu/djvu.h:24:78: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). mdjvu_file_t file, mdjvu_file_t tmpfile, mdjvu_error_t *perr); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:10:29: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). { return (mdjvu_file_t) fopen(path, mode); } data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/4bitmap.c:61:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(((Bitmap *) result)->data[0], BMP->data[0], ROW_SIZE * BMP->height); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/4bitmap.c:72:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(((Bitmap *) dst)->data[0], BMP->data[0], ROW_SIZE * BMP->height); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/5image.c:100:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *) artifacts[mdjvu_artifact_not_a_letter_flag])[i] = 0; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/5image.c:103:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *) artifacts[mdjvu_artifact_suspiciously_big_flag])[i] = 0; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/5image.c:285:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_ARTIFACT_SIZE]; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/5image.c:286:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/5image.c:289:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(((char *) IMG->artifacts[a]) + i1 * artifact_sizes[a], data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/5image.c:292:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(((char *) IMG->artifacts[a]) + i2 * artifact_sizes[a], data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/5image.c:357:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) new_artifacts[a] + filled * artifact_sizes[a], data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/5image.c:357:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. memcpy((char *) new_artifacts[a] + filled * artifact_sizes[a], data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/bs.cpp:730:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mtf[256]; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/bs.cpp:731:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rmtf[256]; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/bs.cpp:893:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data+bptr, buffer, bytes); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/bs.cpp:922:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c[1]; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/bs.cpp:929:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c[2]; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/bs.cpp:937:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c[3]; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/bs.cpp:946:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c[4]; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvuload.c:120:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(path, "rb"); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvusave.c:106:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(path, "wb"); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvusave.c:121:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(path, "wb"); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvusave.c:136:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(path, "wb"); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c:124:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, row, bytes_per_row); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c:157:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(path, "wb"); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c:239:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(path, "rb"); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/pbm.c:45:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *file = fopen(path, "wb"); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/pbm.c:85:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *file = fopen(path, "rb"); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/tiffload.c:110:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mdjvu_bitmap_access_packed_row(result, i), data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/jb2save.cpp:265:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(path, "wb"); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/jb2save.cpp:280:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(path, "wb"); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/proto.c:51:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ir + shift_x + 1, image_uncompressed[y], iw); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/proto.c:56:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pr + 1, proto_uncompressed[i], pw); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/zp.cpp:97:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static signed char ZP_FFZ_table[256]; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/zp.cpp:136:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char ZP_up_table[256] = { data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/zp.cpp:149:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char ZP_dn_table[256] = { data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/zp.cpp:472:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/zp.cpp:474:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void ZPDecoder::open()/*{{{*/ data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/zp.h:128:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/matcher/bitmaps.c:86:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst_row, src_row, w); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/matcher/bitmaps.c:112:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst[i], src[i], w); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/matcher/frames.c:318:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pointers[i+1], pixels[i], w); data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:62:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(page_name, ".djvu"); data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:81:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(pattern, "#%d."); data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:96:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(page_name + (extpos - 1),"#%03d.djvu",idx+1); data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:452:14: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). tf = tmpfile(); data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:545:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(outname, "wb"); data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:628:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pages_per_dict = atoi(argv[i]); data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:639:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dpi = atoi(argv[i]); data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:651:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). aggression = atoi(argv[i]); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:57:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int32 r = getc(f) << 24; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:58:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r |= getc(f) << 16; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:59:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r |= getc(f) << 8; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:60:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r |= getc(f); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:67:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int16 r = getc(f) << 8; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:68:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r |= getc(f); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:75:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int32 r = getc(f); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:76:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r |= getc(f) << 8; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:77:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r |= getc(f) << 16; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:78:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r |= getc(f) << 24; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:85:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int32 r = getc(f); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:86:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r |= getc(f) << 8; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/6string.c:31:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sl = strlen(s); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/6string.c:32:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t pl = strlen(prefix); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvudir.cpp:53:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bse.write(elements[i],strlen(elements[i])); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvudir.cpp:97:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bse.write(elements[i],strlen(elements[i])); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvuload.c:12:16: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uint32 r = fgetc(f) << 24; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvuload.c:13:10: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r |= fgetc(f) << 16; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvuload.c:14:10: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r |= fgetc(f) << 8; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvuload.c:15:10: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r |= fgetc(f); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvusave.c:38:27: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char ch = fgetc((FILE *) tempfile); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvusave.c:67:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fwrite(dict_name, 1, strlen(dict_name), (FILE *) file); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/iff.c:14:18: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (pos & 1) fgetc(f); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c:32:16: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uint32 r = fgetc(f); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c:33:10: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r |= fgetc(f) << 8; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c:34:10: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r |= fgetc(f) << 16; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c:35:16: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return r | fgetc(f) << 24;; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c:40:16: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uint32 r = fgetc(f); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c:41:27: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return (uint16) (r | (fgetc(f) << 8)); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c:201:11: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). CHECK(fgetc(f)=='B'); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c:202:11: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). CHECK(fgetc(f)=='M'); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c:228:13: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fgetc(f); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/pbm.c:13:16: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). switch(fgetc(file)) data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/pbm.c:24:13: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int c = fgetc(file); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/pbm.c:30:21: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(file); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/pbm.c:34:21: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(file); data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/pbm.c:109:9: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (fgetc(file) != 'P') COMPLAIN; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/pbm.c:110:9: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (fgetc(file) != '4') COMPLAIN; data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/pbm.c:119:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). switch(fgetc(file)) data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/zp.cpp:463:13: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int c = fgetc(file); data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:44:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (last + pos != strlen(fname)) data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:61:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(page_name, fname, extpos-1); data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:104:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(name); data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:502:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dict_name = MDJVU_MALLOCV(char, strlen(path) + strlen(dict_suffix) - 2); data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:502:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dict_name = MDJVU_MALLOCV(char, strlen(path) + strlen(dict_suffix) - 2); ANALYSIS SUMMARY: Hits = 100 Lines analyzed = 11414 in approximately 0.32 seconds (35856 lines/second) Physical Source Lines of Code (SLOC) = 8203 Hits@level = [0] 90 [1] 45 [2] 50 [3] 0 [4] 5 [5] 0 Hits@level+ = [0+] 190 [1+] 100 [2+] 55 [3+] 5 [4+] 5 [5+] 0 Hits/KSLOC@level+ = [0+] 23.1623 [1+] 12.1907 [2+] 6.70486 [3+] 0.609533 [4+] 0.609533 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.