Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/matcher/frames.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/matcher/bitmaps.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/matcher/patterns.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/matcher/cuts.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/matcher/bitmaps.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/matcher/common.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/matcher/no_mdjvu.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/proto.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/jb2coder.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/zp.cpp
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/bmpcoder.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/zp.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/jb2const.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/bmpcoder.cpp
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/jb2save.cpp
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/jb2coder.cpp
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/jb2load.cpp
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/bs.cpp
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvudir.cpp
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvuinfo.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/iff.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/bs.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvusave.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvuload.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/pbm.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/tiff.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/tiffload.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/tiffsave.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/alg/clean.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/alg/nosubst.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/alg/split.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/alg/classify.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/alg/blitsort.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/alg/erosion.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/alg/compress.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/alg/adjust_y.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/alg/render.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/alg/delegate.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/alg/average.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/alg/smooth.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/1error.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/4bitmap.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/5image.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/6string.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/3graymap.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/mdjvucfg.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/version.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/0porting.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/djvu/djvu.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/djvu/iff.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/image-io/bmp.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/image-io/tiff.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/image-io/image-io.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/image-io/pbm.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/matcher.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/minidjvu.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/alg.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/classify.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/delegate.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/blitsort.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/average.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/compress.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/clean.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/adjust_y.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/split.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/render.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/erosion.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/nosubst.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/alg/smooth.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/base/5image.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/base/version.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/base/base.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/base/0porting.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/base/6string.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/base/3graymap.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/base/4bitmap.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/base/2io.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/base/1error.h
Examining data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/jb2.h
FINAL RESULTS:
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/pbm.c:112:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(file,
data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:80:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pattern, page_name);
data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:87:23: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
res = sscanf(elements[i],pattern,&idx);
data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:107:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(name, suffix);
data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:503:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dict_name, path);
data/minidjvu-0.8.svn.2010.05.06+dfsg/include/minidjvu/djvu/djvu.h:24:78: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
mdjvu_file_t file, mdjvu_file_t tmpfile, mdjvu_error_t *perr);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:10:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ return (mdjvu_file_t) fopen(path, mode); }
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/4bitmap.c:61:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((Bitmap *) result)->data[0], BMP->data[0], ROW_SIZE * BMP->height);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/4bitmap.c:72:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((Bitmap *) dst)->data[0], BMP->data[0], ROW_SIZE * BMP->height);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/5image.c:100:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *) artifacts[mdjvu_artifact_not_a_letter_flag])[i] = 0;
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/5image.c:103:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *) artifacts[mdjvu_artifact_suspiciously_big_flag])[i] = 0;
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/5image.c:285:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_ARTIFACT_SIZE];
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/5image.c:286:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/5image.c:289:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((char *) IMG->artifacts[a]) + i1 * artifact_sizes[a],
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/5image.c:292:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((char *) IMG->artifacts[a]) + i2 * artifact_sizes[a],
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/5image.c:357:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) new_artifacts[a] + filled * artifact_sizes[a],
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/5image.c:357:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memcpy((char *) new_artifacts[a] + filled * artifact_sizes[a],
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/bs.cpp:730:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mtf[256];
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/bs.cpp:731:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rmtf[256];
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/bs.cpp:893:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+bptr, buffer, bytes);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/bs.cpp:922:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[1];
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/bs.cpp:929:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[2];
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/bs.cpp:937:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[3];
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/bs.cpp:946:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[4];
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvuload.c:120:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(path, "rb");
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvusave.c:106:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(path, "wb");
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvusave.c:121:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(path, "wb");
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvusave.c:136:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(path, "wb");
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c:124:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, row, bytes_per_row);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c:157:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(path, "wb");
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c:239:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(path, "rb");
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/pbm.c:45:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file = fopen(path, "wb");
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/pbm.c:85:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file = fopen(path, "rb");
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/tiffload.c:110:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mdjvu_bitmap_access_packed_row(result, i),
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/jb2save.cpp:265:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(path, "wb");
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/jb2save.cpp:280:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(path, "wb");
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/proto.c:51:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ir + shift_x + 1, image_uncompressed[y], iw);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/proto.c:56:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pr + 1, proto_uncompressed[i], pw);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/zp.cpp:97:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static signed char ZP_FFZ_table[256];
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/zp.cpp:136:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char ZP_up_table[256] = {
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/zp.cpp:149:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char ZP_dn_table[256] = {
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/zp.cpp:472:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open();
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/zp.cpp:474:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void ZPDecoder::open()/*{{{*/
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/zp.h:128:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/matcher/bitmaps.c:86:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_row, src_row, w);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/matcher/bitmaps.c:112:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst[i], src[i], w);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/matcher/frames.c:318:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pointers[i+1], pixels[i], w);
data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:62:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(page_name, ".djvu");
data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:81:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(pattern, "#%d.");
data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:96:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_name + (extpos - 1),"#%03d.djvu",idx+1);
data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:452:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
tf = tmpfile();
data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:545:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(outname, "wb");
data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:628:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pages_per_dict = atoi(argv[i]);
data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:639:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dpi = atoi(argv[i]);
data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:651:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
aggression = atoi(argv[i]);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:57:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int32 r = getc(f) << 24;
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:58:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r |= getc(f) << 16;
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:59:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r |= getc(f) << 8;
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:60:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r |= getc(f);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:67:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int16 r = getc(f) << 8;
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:68:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r |= getc(f);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:75:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int32 r = getc(f);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:76:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r |= getc(f) << 8;
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:77:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r |= getc(f) << 16;
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:78:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r |= getc(f) << 24;
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:85:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int32 r = getc(f);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/2io.c:86:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r |= getc(f) << 8;
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/6string.c:31:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sl = strlen(s);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/base/6string.c:32:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t pl = strlen(prefix);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvudir.cpp:53:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bse.write(elements[i],strlen(elements[i]));
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvudir.cpp:97:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bse.write(elements[i],strlen(elements[i]));
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvuload.c:12:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32 r = fgetc(f) << 24;
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvuload.c:13:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r |= fgetc(f) << 16;
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvuload.c:14:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r |= fgetc(f) << 8;
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvuload.c:15:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r |= fgetc(f);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvusave.c:38:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char ch = fgetc((FILE *) tempfile);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/djvusave.c:67:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(dict_name, 1, strlen(dict_name), (FILE *) file);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/djvu/iff.c:14:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (pos & 1) fgetc(f);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c:32:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32 r = fgetc(f);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c:33:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r |= fgetc(f) << 8;
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c:34:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r |= fgetc(f) << 16;
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c:35:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return r | fgetc(f) << 24;;
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c:40:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32 r = fgetc(f);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c:41:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (uint16) (r | (fgetc(f) << 8));
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c:201:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CHECK(fgetc(f)=='B');
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c:202:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CHECK(fgetc(f)=='M');
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/bmp.c:228:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(f);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/pbm.c:13:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch(fgetc(file))
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/pbm.c:24:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(file);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/pbm.c:30:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(file);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/pbm.c:34:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(file);
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/pbm.c:109:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(file) != 'P') COMPLAIN;
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/pbm.c:110:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(file) != '4') COMPLAIN;
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/image-io/pbm.c:119:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch(fgetc(file))
data/minidjvu-0.8.svn.2010.05.06+dfsg/src/jb2/zp.cpp:463:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(file);
data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:44:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (last + pos != strlen(fname))
data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:61:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(page_name, fname, extpos-1);
data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:104:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(name);
data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:502:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dict_name = MDJVU_MALLOCV(char, strlen(path) + strlen(dict_suffix) - 2);
data/minidjvu-0.8.svn.2010.05.06+dfsg/tools/minidjvu.c:502:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dict_name = MDJVU_MALLOCV(char, strlen(path) + strlen(dict_suffix) - 2);
ANALYSIS SUMMARY:
Hits = 100
Lines analyzed = 11414 in approximately 0.32 seconds (35856 lines/second)
Physical Source Lines of Code (SLOC) = 8203
Hits@level = [0] 90 [1] 45 [2] 50 [3] 0 [4] 5 [5] 0
Hits@level+ = [0+] 190 [1+] 100 [2+] 55 [3+] 5 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 23.1623 [1+] 12.1907 [2+] 6.70486 [3+] 0.609533 [4+] 0.609533 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.