Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mtpaint-3.40/src/info.c
Examining data/mtpaint-3.40/src/ani.h
Examining data/mtpaint-3.40/src/mtlib.h
Examining data/mtpaint-3.40/src/wu.c
Examining data/mtpaint-3.40/src/icons.c
Examining data/mtpaint-3.40/src/wu.h
Examining data/mtpaint-3.40/src/spawn.h
Examining data/mtpaint-3.40/src/toolbar.h
Examining data/mtpaint-3.40/src/ani.c
Examining data/mtpaint-3.40/src/help.c
Examining data/mtpaint-3.40/src/viewer.c
Examining data/mtpaint-3.40/src/shifter.h
Examining data/mtpaint-3.40/src/icons.h
Examining data/mtpaint-3.40/src/mygtk.c
Examining data/mtpaint-3.40/src/global.h
Examining data/mtpaint-3.40/src/cpick.h
Examining data/mtpaint-3.40/src/font.c
Examining data/mtpaint-3.40/src/thread.h
Examining data/mtpaint-3.40/src/fpick.h
Examining data/mtpaint-3.40/src/channels.h
Examining data/mtpaint-3.40/src/fpick.c
Examining data/mtpaint-3.40/src/layer.h
Examining data/mtpaint-3.40/src/layer.c
Examining data/mtpaint-3.40/src/csel.c
Examining data/mtpaint-3.40/src/prefs.c
Examining data/mtpaint-3.40/src/inifile.h
Examining data/mtpaint-3.40/src/mainwindow.h
Examining data/mtpaint-3.40/src/prefs.h
Examining data/mtpaint-3.40/src/otherwindow.c
Examining data/mtpaint-3.40/src/mygtk.h
Examining data/mtpaint-3.40/src/polygon.c
Examining data/mtpaint-3.40/src/inifile.c
Examining data/mtpaint-3.40/src/font.h
Examining data/mtpaint-3.40/src/cpick.c
Examining data/mtpaint-3.40/src/mainwindow.c
Examining data/mtpaint-3.40/src/mtlib.c
Examining data/mtpaint-3.40/src/csel.h
Examining data/mtpaint-3.40/src/png.h
Examining data/mtpaint-3.40/src/canvas.c
Examining data/mtpaint-3.40/src/polygon.h
Examining data/mtpaint-3.40/src/memory.h
Examining data/mtpaint-3.40/src/thread.c
Examining data/mtpaint-3.40/src/canvas.h
Examining data/mtpaint-3.40/src/memory.c
Examining data/mtpaint-3.40/src/viewer.h
Examining data/mtpaint-3.40/src/info.h
Examining data/mtpaint-3.40/src/main.c
Examining data/mtpaint-3.40/src/otherwindow.h
Examining data/mtpaint-3.40/src/channels.c
Examining data/mtpaint-3.40/src/toolbar.c
Examining data/mtpaint-3.40/src/shifter.c
Examining data/mtpaint-3.40/src/png.c
Examining data/mtpaint-3.40/src/spawn.c
FINAL RESULTS:
data/mtpaint-3.40/src/png.c:1733:2: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(file_name, 0666 & ~mode);
data/mtpaint-3.40/src/spawn.c:62:3: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(buf, 0755);
data/mtpaint-3.40/src/ani.c:813:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(output_path + l, PATHBUF - l, DIR_SEP_STR "%s%05d.%s",
data/mtpaint-3.40/src/ani.c:860:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(output_path + l, PATHBUF - l, DIR_SEP_STR "%s.gif",
data/mtpaint-3.40/src/fpick.c:762:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (fname) sprintf(tmp = fnm, "%s / %s", _("Delete"), _("Rename"));
data/mtpaint-3.40/src/inifile.c:142:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, tmp);
data/mtpaint-3.40/src/layer.c:666:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, file_name);
data/mtpaint-3.40/src/main.c:187:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf + l + 1, dp->path);
data/mtpaint-3.40/src/main.c:217:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf + l, ep->d_name);
data/mtpaint-3.40/src/mainwindow.c:4215:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sitem%d", s, nsep++);
data/mtpaint-3.40/src/mainwindow.c:4235:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t + l, s);
data/mtpaint-3.40/src/mainwindow.c:4293:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wf.path + l, rnames[i]);
data/mtpaint-3.40/src/png.c:514:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, save ? _("Saving %s image") : _("Loading %s image"), what);
data/mtpaint-3.40/src/png.c:3788:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
k = 0; sscanf(lbuf, tstr, &k, &l);
data/mtpaint-3.40/src/png.c:4059:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, i < h - 1 ? "\",\n" : "\"\n};\n");
data/mtpaint-3.40/src/png.c:6227:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, tpl, cp->red, cp->green, cp->blue);
data/mtpaint-3.40/src/png.c:6828:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(new_name + lenny, "%03i.%s", i,
data/mtpaint-3.40/src/prefs.c:146:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(txt, "%s = %.2f", _("Pressure"), pressure);
data/mtpaint-3.40/src/prefs.c:154:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(txt, "%s = %s", _("Current Device"), device);
data/mtpaint-3.40/src/spawn.c:108:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp->name, name);
data/mtpaint-3.40/src/spawn.c:315:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(txt, faction_ini[1], item);
data/mtpaint-3.40/src/spawn.c:317:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(txt, faction_ini[2], item);
data/mtpaint-3.40/src/spawn.c:361:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(txt, faction_ini[0], i);
data/mtpaint-3.40/src/spawn.c:365:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(txt, faction_ini[1], i);
data/mtpaint-3.40/src/spawn.c:415:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(txt, faction_ini[j], i + 1);
data/mtpaint-3.40/src/spawn.c:434:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(txt, faction_ini[j], i + 1);
data/mtpaint-3.40/src/spawn.c:489:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(txt, faction_ini[j], i);
data/mtpaint-3.40/src/spawn.c:608:6: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argv[0], &argv[0]); /* Run program */
data/mtpaint-3.40/src/spawn.c:735:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
res = system(command);
data/mtpaint-3.40/src/font.c:1503:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *windir = getenv("WINDIR");
data/mtpaint-3.40/src/inifile.c:773:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
homedir = getenv("USERPROFILE"); // Gets the current users home directory in WinXP
data/mtpaint-3.40/src/inifile.c:809:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
homedir = getenv("HOME");
data/mtpaint-3.40/src/spawn.c:38:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("TMPDIR");
data/mtpaint-3.40/src/spawn.c:39:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!env || !*env) env = getenv("TMP");
data/mtpaint-3.40/src/spawn.c:40:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!env || !*env) env = getenv("TEMP");
data/mtpaint-3.40/src/spawn.c:66:8: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
buf = tempnam(base, "mttmp");
data/mtpaint-3.40/src/spawn.c:272:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *argv[4] = { getenv("COMSPEC"), "/C", cline, NULL };
data/mtpaint-3.40/src/spawn.c:827:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
browser = getenv("BROWSER");
data/mtpaint-3.40/src/ani.c:61:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ani_output_path[PATHBUF], ani_file_prefix[ANI_PREFIX_LEN+2];
data/mtpaint-3.40/src/ani.c:317:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[128 + MAX_CYC_ITEMS * 6], *tmp;
data/mtpaint-3.40/src/ani.c:329:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
tmp = txt + sprintf(txt, "%i\t%i\t%i", ani_cycle_table[i].frame0,
data/mtpaint-3.40/src/ani.c:335:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
tmp += sprintf(tmp, ",%i", k);
data/mtpaint-3.40/src/ani.c:356:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[256];
data/mtpaint-3.40/src/ani.c:411:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ani_output_path, "frames");
data/mtpaint-3.40/src/ani.c:725:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_path[PATHBUF], *command, *wild_path;
data/mtpaint-3.40/src/ani.c:1024:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[PATHTXT];
data/mtpaint-3.40/src/ani.c:1114:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(txt, "%i", i); // Layer number
data/mtpaint-3.40/src/ani.c:1174:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tin[2048];
data/mtpaint-3.40/src/ani.h:31:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char layers[MAX_CYC_ITEMS];
data/mtpaint-3.40/src/canvas.c:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[128], txt2[16], *tmp = cspnames[CSPACE_RGB];
data/mtpaint-3.40/src/canvas.c:76:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (mem_img_bpp == 1) sprintf(tmp = txt2, "%i", mem_cols);
data/mtpaint-3.40/src/canvas.c:83:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, " + "); tmp += 3;
data/mtpaint-3.40/src/canvas.c:91:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
tmp += sprintf(tmp, " (%i/%i)", layer_selected, layers_total);
data/mtpaint-3.40/src/canvas.c:93:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
tmp += sprintf(tmp, " (T=%i)", mem_xpm_trans);
data/mtpaint-3.40/src/canvas.c:94:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, " ");
data/mtpaint-3.40/src/canvas.c:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[64] = "";
data/mtpaint-3.40/src/canvas.c:150:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return (txt + sprintf(txt, "%i", mem_img[chan][x + mem_width*y]));
data/mtpaint-3.40/src/canvas.c:155:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[96], *tmp = txt;
data/mtpaint-3.40/src/canvas.c:170:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
tmp += sprintf(tmp, "[%u] = {%i,%i,%i}", pixel,
data/mtpaint-3.40/src/canvas.c:174:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
tmp += sprintf(tmp, "{%i,%i,%i}", INT_2_R(pixel),
data/mtpaint-3.40/src/canvas.c:178:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, " + {"); tmp += 4;
data/mtpaint-3.40/src/canvas.c:192:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[32];
data/mtpaint-3.40/src/canvas.c:196:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(txt, "%i+%i", mem_undo_done, mem_undo_redo);
data/mtpaint-3.40/src/canvas.c:299:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ws, mask, fw);
data/mtpaint-3.40/src/canvas.c:336:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem_clip.img, ti.img, sizeof(chanlist));
data/mtpaint-3.40/src/canvas.c:1383:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mess[256], *txt = NULL;
data/mtpaint-3.40/src/canvas.c:1408:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char real_fname[PATHBUF];
data/mtpaint-3.40/src/canvas.c:1561:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spinnames[FORMAT_SPINS] = {
data/mtpaint-3.40/src/canvas.c:1853:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[PATHTXT], *msg, *f8;
data/mtpaint-3.40/src/canvas.c:2046:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[PATHBUF];
data/mtpaint-3.40/src/canvas.c:3199:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, dest, l);
data/mtpaint-3.40/src/canvas.c:3233:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[64], *t, txt2[PATHTXT];
data/mtpaint-3.40/src/canvas.c:3238:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(txt, "file%i", i + 1);
data/mtpaint-3.40/src/canvas.c:3261:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[64], txt1[64], *c;
data/mtpaint-3.40/src/canvas.c:3278:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( txt, "file%i", i );
data/mtpaint-3.40/src/canvas.c:3287:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( txt, "file%i", i-1 );
data/mtpaint-3.40/src/canvas.c:3288:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( txt1, "file%i", i );
data/mtpaint-3.40/src/channels.c:35:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char channel_rgb[NUM_CHANNELS][3] = {
data/mtpaint-3.40/src/channels.c:43:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char channel_opacity[NUM_CHANNELS] = {128, 128, 128, 128};
data/mtpaint-3.40/src/channels.c:46:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char channel_inv[NUM_CHANNELS] = {0, 255, 0, 0};
data/mtpaint-3.40/src/channels.c:49:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char channel_fill[NUM_CHANNELS] = {0, 255, 0, 0};
data/mtpaint-3.40/src/channels.c:52:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char channel_col_[2][NUM_CHANNELS] = {
data/mtpaint-3.40/src/channels.c:78:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sq1024[1024], *src, *dest, *tmp;
data/mtpaint-3.40/src/channels.c:82:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tlist, mem_img, sizeof(chanlist));
data/mtpaint-3.40/src/channels.c:123:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char p2l[256];
data/mtpaint-3.40/src/channels.c:209:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, j);
data/mtpaint-3.40/src/channels.h:24:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char channel_rgb[NUM_CHANNELS][3];
data/mtpaint-3.40/src/channels.h:25:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char channel_opacity[NUM_CHANNELS];
data/mtpaint-3.40/src/channels.h:26:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char channel_inv[NUM_CHANNELS];
data/mtpaint-3.40/src/channels.h:28:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char channel_fill[NUM_CHANNELS];
data/mtpaint-3.40/src/channels.h:29:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char channel_col_[2][NUM_CHANNELS];
data/mtpaint-3.40/src/cpick.c:93:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char drag_rgba[4]; // The color being dragged out
data/mtpaint-3.40/src/cpick.c:150:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *rgb, *dest, *bw, full[3];
data/mtpaint-3.40/src/cpick.c:199:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cols[6], *dest = rgb;
data/mtpaint-3.40/src/cpick.c:256:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[32];
data/mtpaint-3.40/src/cpick.c:265:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(txt, "#%06X", RGB_2_INT(
data/mtpaint-3.40/src/cpick.c:278:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[128];
data/mtpaint-3.40/src/cpick.c:380:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgba[4];
data/mtpaint-3.40/src/cpick.c:422:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgba[4];
data/mtpaint-3.40/src/cpick.c:541:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char hue[7][3] = {
data/mtpaint-3.40/src/cpick.c:546:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[128];
data/mtpaint-3.40/src/cpick.c:629:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[3];
data/mtpaint-3.40/src/cpick.c:644:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[3] = {
data/mtpaint-3.40/src/cpick.c:747:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[3];
data/mtpaint-3.40/src/cpick.c:896:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char pos[CPICK_AREA_TOT][2] = {
data/mtpaint-3.40/src/cpick.c:901:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *in_txt[CPICK_INPUT_TOT] = { _("Red"), _("Green"), _("Blue"), _("Hue"), _("Saturation"),
data/mtpaint-3.40/src/csel.c:264:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ungamma256[KGAMMA * 4 + 1];
data/mtpaint-3.40/src/font.c:536:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_name[PATHBUF], tmp[2][MAXLEN];
data/mtpaint-3.40/src/font.c:599:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "w")))
data/mtpaint-3.40/src/font.c:706:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buf, *tmp, *tail, *slots[SLOT_TOT];
data/mtpaint-3.40/src/font.c:895:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128], *dirs[TX_MAX_DIRS + 1];
data/mtpaint-3.40/src/font.c:984:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[128];
data/mtpaint-3.40/src/font.c:1040:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[32], buf[128], buf2[256];
data/mtpaint-3.40/src/font.c:1209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[PATHBUF], buf[32];
data/mtpaint-3.40/src/font.c:1233:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[32], txt2[32];
data/mtpaint-3.40/src/font.c:1272:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[PATHBUF];
data/mtpaint-3.40/src/font.c:1423:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *clist_text_titles[FONTSEL_CLISTS][FONTSEL_CLISTS_MAXCOL] = {
data/mtpaint-3.40/src/font.c:1496:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[PATHBUF];
data/mtpaint-3.40/src/font.c:1511:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096], buf2[128], *s;
data/mtpaint-3.40/src/font.c:1513:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen("/etc/X11/xorg.conf", "r")))
data/mtpaint-3.40/src/font.c:1514:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("/etc/X11/XF86Config", "r");
data/mtpaint-3.40/src/font.c:1540:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!new_dirs && (fp = fopen("/etc/fonts/fonts.conf", "r")))
data/mtpaint-3.40/src/fpick.c:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char combo_items[FPICK_COMBO_ITEMS][PATHTXT], // UTF8 in GTK+2
data/mtpaint-3.40/src/fpick.c:387:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[PATHTXT];
data/mtpaint-3.40/src/fpick.c:412:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *empty_row[FPICK_CLIST_COLS + FPICK_CLIST_COLS_HIDDEN] =
data/mtpaint-3.40/src/fpick.c:414:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, buf[PATHBUF]; // More than enough for 26 4-char strings
data/mtpaint-3.40/src/fpick.c:465:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_name[PATHBUF],
data/mtpaint-3.40/src/fpick.c:647:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ndir[PATHBUF], *c;
data/mtpaint-3.40/src/fpick.c:710:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[PATHBUF], *ctxt;
data/mtpaint-3.40/src/fpick.c:745:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fnm[PATHBUF], *tmp, *fname = NULL, *snm = NULL;
data/mtpaint-3.40/src/fpick.c:1027:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[64], *col_titles[FPICK_CLIST_COLS + FPICK_CLIST_COLS_HIDDEN] =
data/mtpaint-3.40/src/fpick.c:1065:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(txt, "fpick_dir_%i", i);
data/mtpaint-3.40/src/fpick.c:1200:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(txt, "fpick_col%i", i + 1);
data/mtpaint-3.40/src/fpick.c:1222:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[PATHTXT], *c;
data/mtpaint-3.40/src/fpick.c:1244:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[64], buf[PATHBUF];
data/mtpaint-3.40/src/fpick.c:1250:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(txt, "fpick_dir_%i", i);
data/mtpaint-3.40/src/fpick.c:1256:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(txt, "fpick_col%i", i + 1);
data/mtpaint-3.40/src/fpick.c:1271:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nm[PATHBUF], fnm[PATHBUF];
data/mtpaint-3.40/src/help.c:24:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *help_titles[HELP_PAGE_COUNT] = {
data/mtpaint-3.40/src/help.c:195:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char **help_pages[HELP_PAGE_COUNT] = {
data/mtpaint-3.40/src/icons.h:68:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
DEF_XPM_ICON(open);
data/mtpaint-3.40/src/info.c:48:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *im, col1[3] = { mem_pal_def[0].red, mem_pal_def[0].green, mem_pal_def[0].blue},
data/mtpaint-3.40/src/info.c:275:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[256];
data/mtpaint-3.40/src/info.c:332:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf( txt, ">1023" );
data/mtpaint-3.40/src/inifile.c:41:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char Integers_Do_Not_Fit_Into_Pointers[2 * (sizeof(int) <= sizeof(char *)) - 1];
data/mtpaint-3.40/src/inifile.c:172:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char shift[4] = { 0, 16, 0, 0 };
data/mtpaint-3.40/src/inifile.c:304:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ra, str, l);
data/mtpaint-3.40/src/inifile.c:380:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!fname || !(fp = fopen(fname, "rb"))) return (NULL);
data/mtpaint-3.40/src/inifile.c:495:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(fname, "w"))) return (FALSE);
data/mtpaint-3.40/src/inifile.h:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *sblock[3];
data/mtpaint-3.40/src/layer.c:51:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char layers_filename[PATHBUF]; // Current filename for layers file
data/mtpaint-3.40/src/layer.c:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[300], txt2[PATHTXT];
data/mtpaint-3.40/src/layer.c:415:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[256];
data/mtpaint-3.40/src/layer.c:553:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tin[300], load_name[PATHBUF], *c;
data/mtpaint-3.40/src/layer.c:562:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file_name, "r")) == NULL) goto fail;
data/mtpaint-3.40/src/layer.c:713:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(image->img, frm->img, sizeof(chanlist));
data/mtpaint-3.40/src/layer.c:723:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tail, ".%03d", i);
data/mtpaint-3.40/src/layer.c:767:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tail, ".txt");
data/mtpaint-3.40/src/layer.c:861:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comp_name[PATHBUF], *c, *msg;
data/mtpaint-3.40/src/layer.c:872:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file_name, "w")) == NULL) goto fail;
data/mtpaint-3.40/src/layer.c:1082:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lim->image_.img[chan], mem_clipboard, j * mem_clip_bpp);
data/mtpaint-3.40/src/layer.c:1089:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (mem_clip_alpha) memcpy(dest, mem_clip_alpha, j);
data/mtpaint-3.40/src/layer.c:1195:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[32];
data/mtpaint-3.40/src/layer.c:1228:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(txt, "%i", i);
data/mtpaint-3.40/src/layer.h:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[LAYER_NAMELEN]; // Layer text name
data/mtpaint-3.40/src/layer.h:59:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char layers_filename[PATHBUF]; // Current filename for layers file
data/mtpaint-3.40/src/main.c:145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pat, buf[PATHBUF];
data/mtpaint-3.40/src/main.c:181:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (lv < 0) memcpy(buf, dp->path, l); // Level 0
data/mtpaint-3.40/src/main.c:388:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (globdata.gl_pathc) memcpy(file_args + j, globdata.gl_pathv,
data/mtpaint-3.40/src/mainwindow.c:47:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char greyz[2] = {GREY_W, GREY_B}; // For opacity squares
data/mtpaint-3.40/src/mainwindow.c:49:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *channames[NUM_CHANNELS + 1], *allchannames[NUM_CHANNELS + 1];
data/mtpaint-3.40/src/mainwindow.c:50:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cspnames[NUM_CSPACES];
data/mtpaint-3.40/src/mainwindow.c:198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[64];
data/mtpaint-3.40/src/mainwindow.c:203:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(txt, "file%i", item);
data/mtpaint-3.40/src/mainwindow.c:420:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(settings->img, mem_clip.img, sizeof(chanlist));
data/mtpaint-3.40/src/mainwindow.c:510:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(settings->img, mem_img, sizeof(chanlist));
data/mtpaint-3.40/src/mainwindow.c:560:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mem_clip_file[PATHBUF];
data/mtpaint-3.40/src/mainwindow.c:564:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clip[PATHBUF];
data/mtpaint-3.40/src/mainwindow.c:584:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clip[PATHBUF];
data/mtpaint-3.40/src/mainwindow.c:1139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cnames[NUM_CHANNELS + 1] =
data/mtpaint-3.40/src/mainwindow.c:1141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cspaces[NUM_CSPACES] =
data/mtpaint-3.40/src/mainwindow.c:1750:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rgb, rgb - fwid, wid3);
data/mtpaint-3.40/src/mainwindow.c:1794:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
else memcpy(bkg_rgb, img->img[CHN_IMAGE], l * 3);
data/mtpaint-3.40/src/mainwindow.c:1848:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, dest - w3, l3);
data/mtpaint-3.40/src/mainwindow.c:2199:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *dest, crgb[3] = {INT_2_R(col), INT_2_G(col), INT_2_B(col)};
data/mtpaint-3.40/src/mainwindow.c:2284:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (g->walpha) memcpy(g->walpha, mem_img[CHN_ALPHA] + l, g->len);
data/mtpaint-3.40/src/mainwindow.c:2289:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g->wimg, tmp, g->len * g->bpp);
data/mtpaint-3.40/src/mainwindow.c:2358:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->tlist, r->tlist, sizeof(chanlist));
data/mtpaint-3.40/src/mainwindow.c:2439:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->pix, mem_img[mem_channel] + ld * bpp, p->lx * bpp);
data/mtpaint-3.40/src/mainwindow.c:2551:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (prstate.alpha) memcpy(tlist[CHN_ALPHA],
data/mtpaint-3.40/src/mainwindow.c:2553:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (prstate.pixf) memcpy(tlist[mem_channel],
data/mtpaint-3.40/src/mainwindow.c:2561:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rgb, rgb - pw, pw23);
data/mtpaint-3.40/src/mainwindow.c:2638:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char lbuf[(MAX_WIDTH * 2 + 2 + 7) / 8 + 2];
data/mtpaint-3.40/src/mainwindow.c:2805:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char lbuf[(MAX_WIDTH * 2 + 7) / 8];
data/mtpaint-3.40/src/mainwindow.c:2900:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, rgb, w);
data/mtpaint-3.40/src/mainwindow.c:3497:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[PATHTXT];
data/mtpaint-3.40/src/mainwindow.c:3499:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[PATHBUF];
data/mtpaint-3.40/src/mainwindow.c:3839:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const signed char arrow_dx[4] = { 0, -1, 1, 0 },
data/mtpaint-3.40/src/mainwindow.c:4191:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *bts[6] = { "<CheckItem>", NULL, "<Branch>", "<Tearoff>",
data/mtpaint-3.40/src/mainwindow.c:4197:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *radio[32], *rnames[MENU_RESIZE_MAX], buf[64];
data/mtpaint-3.40/src/mainwindow.c:4234:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, tmp, l);
data/mtpaint-3.40/src/mainwindow.c:4292:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wf.path, rnames[rn], l);
data/mtpaint-3.40/src/mainwindow.c:4678:77: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ _("//Open ..."), -1, 0, 0, "<control>O", DLG_FSEL, FS_PNG_LOAD, XPM_ICON(open) },
data/mtpaint-3.40/src/mainwindow.c:4856:73: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ _("//Load ..."), -1, 0, 0, NULL, DLG_FSEL, FS_PALETTE_LOAD, XPM_ICON(open) },
data/mtpaint-3.40/src/mainwindow.c:4906:73: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ _("//Load ..."), -1, 0, 0, NULL, DLG_FSEL, FS_CHANNEL_LOAD, XPM_ICON(open) },
data/mtpaint-3.40/src/mainwindow.c:4962:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[PATHBUF];
data/mtpaint-3.40/src/mainwindow.c:5225:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[300], txt2[PATHTXT];
data/mtpaint-3.40/src/mainwindow.h:275:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char greyz[2]; // For opacity squares
data/mtpaint-3.40/src/mainwindow.h:286:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *channames[NUM_CHANNELS + 1], *allchannames[NUM_CHANNELS + 1];
data/mtpaint-3.40/src/mainwindow.h:287:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cspnames[NUM_CSPACES];
data/mtpaint-3.40/src/memory.c:53:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char bayer[16] = {
data/mtpaint-3.40/src/memory.c:91:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mem_brushes[PATCH_WIDTH * PATCH_HEIGHT * 3];
data/mtpaint-3.40/src/memory.c:121:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mem_pattern[8 * 8]; // Original 0-1 pattern
data/mtpaint-3.40/src/memory.c:122:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mem_col_pat[8 * 8]; // Indexed 8x8 colourised pattern using colours A & B
data/mtpaint-3.40/src/memory.c:123:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mem_col_pat24[8 * 8 * 3]; // RGB 8x8 colourised pattern using colours A & B
data/mtpaint-3.40/src/memory.c:141:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mem_pals[PALETTE_WIDTH * PALETTE_HEIGHT * 3];
data/mtpaint-3.40/src/memory.c:293:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char mem_cross[PALETTE_CROSS_H] = {
data/mtpaint-3.40/src/memory.c:702:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(undo->img, image->img, sizeof(chanlist));
data/mtpaint-3.40/src/memory.c:890:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (image->img[i]) memcpy(image->img[i], src->img[i], l);
data/mtpaint-3.40/src/memory.c:1170:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[((MAX_WIDTH + TILE_SIZE - 1) / TILE_SIZE) * 3];
data/mtpaint-3.40/src/memory.c:1171:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *tstrip, tmap[MAX_TILEMAP], *tmp = NULL;
data/mtpaint-3.40/src/memory.c:1317:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, tmap, tsz);
data/mtpaint-3.40/src/memory.c:1584:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(img, frame[i], mem_lim);
data/mtpaint-3.40/src/memory.c:1595:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(undo->img, frame, sizeof(chanlist));
data/mtpaint-3.40/src/memory.c:1597:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem_img, holder, sizeof(chanlist));
data/mtpaint-3.40/src/memory.c:1658:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_WIDTH * 3], *tmap, *src, *dest;
data/mtpaint-3.40/src/memory.c:1686:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, src + j * l, l);
data/mtpaint-3.40/src/memory.c:1701:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tm, td, *span);
data/mtpaint-3.40/src/memory.c:1702:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(td, ts, *span);
data/mtpaint-3.40/src/memory.c:1708:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (!redo) memcpy(src - l, buf, l);
data/mtpaint-3.40/src/memory.c:1887:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char lookup[8] =
data/mtpaint-3.40/src/memory.c:1890:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[64];
data/mtpaint-3.40/src/memory.c:1971:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem_brushes, mem_img[CHN_IMAGE], j); // Store image for later use
data/mtpaint-3.40/src/memory.c:1980:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(txt, "overlay%i%i", i, j);
data/mtpaint-3.40/src/memory.c:2053:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *tmp, pcol[2] = { 0, 0 };
data/mtpaint-3.40/src/memory.c:2063:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + i * PALETTE_W3, tmp, PALETTE_SWATCH_W * 3);
data/mtpaint-3.40/src/memory.c:2081:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char pcol[2] = { 0, PALETTE_TEXT_GREY };
data/mtpaint-3.40/src/memory.c:2158:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char gamma_table[256], bc_table[256], ps_table[256];
data/mtpaint-3.40/src/memory.c:2161:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[3], fmask;
data/mtpaint-3.40/src/memory.c:2353:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char pal_dupes[256];
data/mtpaint-3.40/src/memory.c:2395:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char conv[256];
data/mtpaint-3.40/src/memory.c:2436:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[256 * 3], *wrk;
data/mtpaint-3.40/src/memory.c:2851:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmap[64 * 64 * 64 + 128 * 64]; /* Index cache */
data/mtpaint-3.40/src/memory.c:2863:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp_[4 * sizeof(double)];
data/mtpaint-3.40/src/memory.c:3161:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char clamp[768], *src, *dest;
data/mtpaint-3.40/src/memory.c:3521:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[3] = {col.red, col.green, col.blue};
data/mtpaint-3.40/src/memory.c:3543:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char table[256];
data/mtpaint-3.40/src/memory.c:3567:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char map[256];
data/mtpaint-3.40/src/memory.c:3845:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line1, line2, sizeof(linedata));
data/mtpaint-3.40/src/memory.c:3952:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mask[ROW_BUFLEN];
data/mtpaint-3.40/src/memory.c:4290:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_WIDTH / 8], *tmp;
data/mtpaint-3.40/src/memory.c:4310:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, tmp = pat + y0 * lw, lw); tmp += lw;
data/mtpaint-3.40/src/memory.c:4649:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, src, k);
data/mtpaint-3.40/src/memory.c:4650:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(src, dest, k);
data/mtpaint-3.40/src/memory.c:4651:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, tmp, k);
data/mtpaint-3.40/src/memory.c:4825:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *src, *dest, *alpha, A_rgb[3];
data/mtpaint-3.40/src/memory.c:5093:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(old_img, mem_img, sizeof(chanlist));
data/mtpaint-3.40/src/memory.c:5096:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_img, mem_img, sizeof(chanlist));
data/mtpaint-3.40/src/memory.c:5114:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(old_img, mem_clip_real_img, sizeof(chanlist));
data/mtpaint-3.40/src/memory.c:5115:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_img, mem_clip.img, sizeof(chanlist));
data/mtpaint-3.40/src/memory.c:5134:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(old_img, mem_img, sizeof(chanlist));
data/mtpaint-3.40/src/memory.c:5363:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp - l, temp + w - l, l * sizeof(*temp));
data/mtpaint-3.40/src/memory.c:5364:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp + w, temp, l * sizeof(*temp));
data/mtpaint-3.40/src/memory.c:5402:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sum_[4 * sizeof(double)];
data/mtpaint-3.40/src/memory.c:5463:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sum_[4 * sizeof(double)];
data/mtpaint-3.40/src/memory.c:5663:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(old_img, mem_img, sizeof(chanlist));
data/mtpaint-3.40/src/memory.c:5753:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, fill, (ow - l) * bpp);
data/mtpaint-3.40/src/memory.c:5775:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(src + 1, fill, i * bpp);
data/mtpaint-3.40/src/memory.c:5796:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(old_img, mem_img, sizeof(chanlist));
data/mtpaint-3.40/src/memory.c:5918:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, l);
data/mtpaint-3.40/src/memory.c:5934:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, span1 * bpp);
data/mtpaint-3.40/src/memory.c:5955:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, span2 * bpp);
data/mtpaint-3.40/src/memory.c:5977:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, l);
data/mtpaint-3.40/src/memory.c:5980:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, tail * bpp);
data/mtpaint-3.40/src/memory.c:6113:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (mask0) memcpy(mask, mask0, j);
data/mtpaint-3.40/src/memory.c:6152:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char hhsv[8 * 3] = {
data/mtpaint-3.40/src/memory.c:6525:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src + ofs, l1);
data/mtpaint-3.40/src/memory.c:6530:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, rep);
data/mtpaint-3.40/src/memory.c:6535:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, rep);
data/mtpaint-3.40/src/memory.c:6540:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, len + rep);
data/mtpaint-3.40/src/memory.c:6558:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp_image[ROW_BUFLEN * 3], mask[ROW_BUFLEN],
data/mtpaint-3.40/src/memory.c:6561:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *old_image, *old_alpha, *srcp, src1[8];
data/mtpaint-3.40/src/memory.c:6763:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char r, g, b, nrgb[3];
data/mtpaint-3.40/src/memory.c:6843:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->img[CHN_IMAGE] + delta, src->img[mem_channel] + ofs, len);
data/mtpaint-3.40/src/memory.c:6854:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->img[CHN_ALPHA] + delta, src->img[CHN_ALPHA] + ofs, w);
data/mtpaint-3.40/src/memory.c:7743:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tlist, mem_img, sizeof(chanlist));
data/mtpaint-3.40/src/memory.c:7889:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *tmp, xtb[256];
data/mtpaint-3.40/src/memory.c:8012:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->rs + dest, info->rs + src, info->rl * 3 * sizeof(double));
data/mtpaint-3.40/src/memory.c:8013:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->avg + dest, info->avg + src, info->l * 3 * sizeof(int));
data/mtpaint-3.40/src/memory.c:8014:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->dis + dest, info->dis + src, info->l * 3 * sizeof(int));
data/mtpaint-3.40/src/memory.c:8247:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, buf + 3, 3);
data/mtpaint-3.40/src/memory.c:8248:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 3, tmp, 3);
data/mtpaint-3.40/src/memory.c:8250:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (!i) memcpy(timg + wbuf * 2, buf, wbuf);
data/mtpaint-3.40/src/memory.c:8276:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timg + wbuf * (i % 3), buf, wbuf);
data/mtpaint-3.40/src/memory.c:8467:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mask[256], img[256 * 2 * 3], alf[256 * 2];
data/mtpaint-3.40/src/memory.c:8529:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(img, ts, w * bpp + delta);
data/mtpaint-3.40/src/memory.c:8538:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(alf, tsa, w + delta1);
data/mtpaint-3.40/src/memory.c:8893:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char grad_def[4 + 8 + NUM_CHANNELS * 4];
data/mtpaint-3.40/src/memory.c:8910:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gmap->vs, data, slot ? 2 : 6);
data/mtpaint-3.40/src/memory.c:9093:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(near + i * 3, lastc, sizeof(lastc));
data/mtpaint-3.40/src/memory.c:9123:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(near + j * 3, newc, sizeof(newc)); // Point
data/mtpaint-3.40/src/memory.c:9125:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lastc, thisc, sizeof(thisc));
data/mtpaint-3.40/src/memory.c:9139:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(near + i * 3, lastc, sizeof(lastc));
data/mtpaint-3.40/src/memory.c:9280:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, filler, sizeof(double) * 7);
data/mtpaint-3.40/src/memory.c:9353:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, filler, sizeof(double) * 3);
data/mtpaint-3.40/src/memory.c:9580:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(thisbuf, thatbuf, len * bpp * sizeof(double));
data/mtpaint-3.40/src/memory.c:9819:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(old_img, mem_img, sizeof(chanlist));
data/mtpaint-3.40/src/memory.c:9822:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_img, mem_img, sizeof(chanlist));
data/mtpaint-3.40/src/memory.c:9934:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char dist_scales[NUM_CSPACES] = { 1, 255, 1 };
data/mtpaint-3.40/src/memory.h:116:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char *chanlist[NUM_CHANNELS];
data/mtpaint-3.40/src/memory.h:179:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prot_mask[256]; // 256 bytes used for indexed images
data/mtpaint-3.40/src/memory.h:210:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char grad_store[(6 + NUM_CHANNELS * 4) * GRAD_POINTS];
data/mtpaint-3.40/src/memory.h:248:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char bayer[16];
data/mtpaint-3.40/src/memory.h:395:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mem_pattern[8 * 8]; // Current pattern
data/mtpaint-3.40/src/memory.h:396:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mem_col_pat[8 * 8]; // Indexed 8x8 colourised pattern using colours A & B
data/mtpaint-3.40/src/memory.h:397:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mem_col_pat24[8 * 8 * 3]; // RGB 8x8 colourised pattern using colours A & B
data/mtpaint-3.40/src/memory.h:482:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define copy4(D,S) memcpy(D, S, 4 * sizeof(int))
data/mtpaint-3.40/src/memory.h:618:28: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define mem_pal_copy(A, B) memcpy((A), (B), SIZEOF_PALETTE)
data/mtpaint-3.40/src/mygtk.c:503:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[128];
data/mtpaint-3.40/src/mygtk.c:507:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num + 1, "%.*f", spin->digits, spin->adjustment->lower);
data/mtpaint-3.40/src/mygtk.c:509:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num + 1, "%.*f", spin->digits, spin->adjustment->upper);
data/mtpaint-3.40/src/mygtk.c:618:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(w, s, ll);
data/mtpaint-3.40/src/mygtk.c:1045:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/mtpaint-3.40/src/mygtk.c:1049:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, inikey, l);
data/mtpaint-3.40/src/mygtk.c:1063:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/mtpaint-3.40/src/mygtk.c:1066:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, inikey, l);
data/mtpaint-3.40/src/mygtk.c:1788:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char xlat[128], *dest;
data/mtpaint-3.40/src/mygtk.c:2081:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/mtpaint-3.40/src/mygtk.c:2083:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
snprintf(name, sizeof(name), "mtpaint_%s", (char *)xpm[0]);
data/mtpaint-3.40/src/mygtk.c:2094:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char **)xpm[1]);
data/mtpaint-3.40/src/mygtk.c:3496:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wbuf[PATHBUF], *tmp, *tm2, *src, *dest;
data/mtpaint-3.40/src/mygtk.c:3508:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[PATHBUF];
data/mtpaint-3.40/src/mygtk.c:3513:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wbuf, tbuf, PATHBUF);
data/mtpaint-3.40/src/mygtk.c:3901:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(class, defstyle->klass, sizeof(GtkStyleClass));
data/mtpaint-3.40/src/otherwindow.c:354:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rgb + j * row, tmp, row);
data/mtpaint-3.40/src/otherwindow.c:1389:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[64], *tmp = txt;
data/mtpaint-3.40/src/otherwindow.c:1438:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(txt, "%i", i);
data/mtpaint-3.40/src/otherwindow.c:1731:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[64];
data/mtpaint-3.40/src/otherwindow.c:1751:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(txt, "overlay%i%i", i, j);
data/mtpaint-3.40/src/otherwindow.c:1819:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char csel_save[CSEL_SVSIZE];
data/mtpaint-3.40/src/otherwindow.c:1829:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(csel_data, csel_save, CSEL_SVSIZE);
data/mtpaint-3.40/src/otherwindow.c:1906:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(grid_rgb, gw->color0, sizeof(gw->color0));
data/mtpaint-3.40/src/otherwindow.c:2013:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lc + NUM_CHANNELS * 3, lc, NUM_CHANNELS * 3);
data/mtpaint-3.40/src/otherwindow.c:2014:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(opctable + NUM_CHANNELS, opctable, NUM_CHANNELS);
data/mtpaint-3.40/src/otherwindow.c:2034:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lc + 2 * 3, lc, 2 * 3);
data/mtpaint-3.40/src/otherwindow.c:2089:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(csel_save, csel_data, CSEL_SVSIZE);
data/mtpaint-3.40/src/otherwindow.c:2129:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *grid_txt[GRID_MAX] = { _("Opaque"), _("Border"),
data/mtpaint-3.40/src/otherwindow.c:2290:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem_pal, newpal, new_cols * sizeof(*mem_pal));
data/mtpaint-3.40/src/otherwindow.c:2495:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char grad_pad[GRAD_POINTS * 3], grad_mpad[GRAD_POINTS];
data/mtpaint-3.40/src/otherwindow.c:2604:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(grad_tbytes + GRAD_CUSTOM_OPAC(idx), grad_pad, GRAD_POINTS);
data/mtpaint-3.40/src/otherwindow.c:2605:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(grad_tbytes + GRAD_CUSTOM_OMAP(idx), grad_mpad, GRAD_POINTS);
data/mtpaint-3.40/src/otherwindow.c:2610:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(grad_tbytes + GRAD_CUSTOM_DATA(idx), grad_pad,
data/mtpaint-3.40/src/otherwindow.c:2612:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(grad_tbytes + GRAD_CUSTOM_DMAP(idx), grad_mpad, GRAD_POINTS);
data/mtpaint-3.40/src/otherwindow.c:2721:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[SLOT_SIZE * 2 * 3];
data/mtpaint-3.40/src/otherwindow.c:2781:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(grad_pad, grad_tbytes + GRAD_CUSTOM_OPAC(idx), GRAD_POINTS);
data/mtpaint-3.40/src/otherwindow.c:2782:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(grad_mpad, grad_tbytes + GRAD_CUSTOM_OMAP(idx), GRAD_POINTS);
data/mtpaint-3.40/src/otherwindow.c:2787:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(grad_pad, grad_tbytes + GRAD_CUSTOM_DATA(idx),
data/mtpaint-3.40/src/otherwindow.c:2789:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(grad_mpad, grad_tbytes + GRAD_CUSTOM_DMAP(idx), GRAD_POINTS);
data/mtpaint-3.40/src/otherwindow.c:2891:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char gtmap[NUM_GTYPES * 2] = { GRAD_TYPE_RGB, 1, GRAD_TYPE_RGB, 2,
data/mtpaint-3.40/src/otherwindow.c:2894:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char opmap[NUM_OTYPES] = { GRAD_TYPE_RGB, GRAD_TYPE_CONST,
data/mtpaint-3.40/src/otherwindow.c:2966:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gradient, grad_temps, sizeof(grad_temps));
data/mtpaint-3.40/src/otherwindow.c:2967:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(graddata, grad_tmaps, sizeof(grad_tmaps));
data/mtpaint-3.40/src/otherwindow.c:2968:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gradbytes, grad_tbytes, sizeof(grad_tbytes));
data/mtpaint-3.40/src/otherwindow.c:3101:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[256];
data/mtpaint-3.40/src/otherwindow.c:3110:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (mem_clipboard) memcpy(mem_clipboard, buf, len);
data/mtpaint-3.40/src/otherwindow.c:3309:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *srcs[4] = { _("Unchanged"), _("None"), _("Image"), _("Clipboard") };
data/mtpaint-3.40/src/otherwindow.c:3358:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ids[3]; // For binding updaters
data/mtpaint-3.40/src/png.c:183:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(settings->pal, wb, sizeof(wb));
data/mtpaint-3.40/src/png.c:219:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame->img, w_set->img, sizeof(chanlist));
data/mtpaint-3.40/src/png.c:285:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(settings->img, mem_clip.img, sizeof(chanlist));
data/mtpaint-3.40/src/png.c:379:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, mf->buf + mf->here, l);
data/mtpaint-3.40/src/png.c:393:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mf->buf + mf->here, ptr, l);
data/mtpaint-3.40/src/png.c:424:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, tmi, w * bpp);
data/mtpaint-3.40/src/png.c:477:58: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int palette_trans(ls_settings *settings, unsigned char ttb[256])
data/mtpaint-3.40/src/png.c:512:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/mtpaint-3.40/src/png.c:543:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, mf->buf + mf->here, l);
data/mtpaint-3.40/src/png.c:557:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mf->buf + mf->here, data, length);
data/mtpaint-3.40/src/png.c:570:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *chunk_names[NUM_CHANNELS] = { "", "alPh", "seLc", "maSk" };
data/mtpaint-3.40/src/png.c:575:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char png_interlace[8][4] = {
data/mtpaint-3.40/src/png.c:591:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PNG_BYTES_TO_CHECK + 1];
data/mtpaint-3.40/src/png.c:592:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char trans[256], *src, *dest, *dsta;
data/mtpaint-3.40/src/png.c:600:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file_name, "rb")) == NULL) return -1;
data/mtpaint-3.40/src/png.c:638:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(settings->pal, png_palette, settings->colors * sizeof(png_color));
data/mtpaint-3.40/src/png.c:775:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(trans, ptrans, ltrans);
data/mtpaint-3.40/src/png.c:835:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(settings->icc, icc, len);
data/mtpaint-3.40/src/png.c:862:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char trans[256], *tmp, *rgba_row = NULL;
data/mtpaint-3.40/src/png.c:896:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!mf && ((fp = fopen(file_name, "wb")) == NULL)) goto exit0;
data/mtpaint-3.40/src/png.c:1011:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char lmap[MAX_DIM];
data/mtpaint-3.40/src/png.c:1019:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char xlat[513];
data/mtpaint-3.40/src/png.c:1068:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmap[513], *lmap, *fg, *bg;
data/mtpaint-3.40/src/png.c:1333:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[513 * 3], *tmp, *fg = fg0, *bg = bg0;
data/mtpaint-3.40/src/png.c:1450:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char interlace[10] =
data/mtpaint-3.40/src/png.c:1587:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame->img, w_set.img, sizeof(chanlist));
data/mtpaint-3.40/src/png.c:1670:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gif_ext_data[8];
data/mtpaint-3.40/src/png.c:1744:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char cmsHTRANSFORM_Does_Not_Fit_Into_Pointer[2 * (sizeof(cmsHTRANSFORM) <= sizeof(char *)) - 1];
data/mtpaint-3.40/src/png.c:1836:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file_name, "rb")) == NULL) return (-1);
data/mtpaint-3.40/src/png.c:1887:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *tmp, *parts[256];
data/mtpaint-3.40/src/png.c:1914:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, parts[i], lparts[i]);
data/mtpaint-3.40/src/png.c:1962:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file_name, "wb")) == NULL) return -1;
data/mtpaint-3.40/src/png.c:2027:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char xtb[256], *dest, *buf = NULL;
data/mtpaint-3.40/src/png.c:2033:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file_name, "rb")) == NULL) return (-1);
data/mtpaint-3.40/src/png.c:2143:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file_name, "wb")) == NULL) return -1;
data/mtpaint-3.40/src/png.c:2225:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char xtb[256], *dest;
data/mtpaint-3.40/src/png.c:2377:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], *opts = NULL;
data/mtpaint-3.40/src/png.c:2443:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opts = buf, "rate=%g", 1.0 / settings->jp2_rate);
data/mtpaint-3.40/src/png.c:2501:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[1024];
data/mtpaint-3.40/src/png.c:2654:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(settings->icc, data, size);
data/mtpaint-3.40/src/png.c:2701:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char xtable[256], *src, *tbuf = NULL;
data/mtpaint-3.40/src/png.c:2865:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, src, w);
data/mtpaint-3.40/src/png.c:3008:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
i = sprintf(buf, "VERSION=%d\n", TIFFX_VERSION);
data/mtpaint-3.40/src/png.c:3009:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
i += sprintf(buf + i, "CHANNELS=%d\n", cmask);
data/mtpaint-3.40/src/png.c:3010:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
i += sprintf(buf + i, "COLORS=%d\n", settings->colors);
data/mtpaint-3.40/src/png.c:3011:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
i += sprintf(buf + i, "TRANSPARENCY=%d\n",
data/mtpaint-3.40/src/png.c:3115:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hdr[BMP5_HSIZE], xlat[256], *dest, *tmp, *buf = NULL;
data/mtpaint-3.40/src/png.c:3126:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(file_name, "rb"))) return (-1);
data/mtpaint-3.40/src/png.c:3212:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tbuf[1024];
data/mtpaint-3.40/src/png.c:3357:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + j, tmp, dx);
data/mtpaint-3.40/src/png.c:3450:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(file_name, "wb")))
data/mtpaint-3.40/src/png.c:3530:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char ctypes[256] = {
data/mtpaint-3.40/src/png.c:3590:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + in_comment, buf + i + 1, l - i);
data/mtpaint-3.40/src/png.c:3692:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, str, cpp); p[cpp] = 0;
data/mtpaint-3.40/src/png.c:3723:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *cmodes[XPM_COL_DEFS] =
data/mtpaint-3.40/src/png.c:3725:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *src, *dest, pal[XPM_MAXCOL * 3];
data/mtpaint-3.40/src/png.c:3726:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[4096], tstr[20], *buf = lbuf;
data/mtpaint-3.40/src/png.c:3727:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckeys[XPM_MAXCOL * 32], *cdefs[XPM_COL_DEFS], *r, *r2;
data/mtpaint-3.40/src/png.c:3734:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(file_name, "r"))) return (-1);
data/mtpaint-3.40/src/png.c:3782:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tstr, " \"%%n%%*%dc %%n", cpp);
data/mtpaint-3.40/src/png.c:3871:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmap[XPM_MAXCOL + 1];
data/mtpaint-3.40/src/png.c:3948:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgbmem[XPM_MAXCOL * 4], *src;
data/mtpaint-3.40/src/png.c:3950:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ws[3], *buf, *tmp;
data/mtpaint-3.40/src/png.c:3982:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trgb[3];
data/mtpaint-3.40/src/png.c:4008:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(file_name, "w")))
data/mtpaint-3.40/src/png.c:4077:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ctb[256], *dest;
data/mtpaint-3.40/src/png.c:4078:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[4096];
data/mtpaint-3.40/src/png.c:4084:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(file_name, "r"))) return (-1);
data/mtpaint-3.40/src/png.c:4179:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char row[MAX_WIDTH / 8];
data/mtpaint-3.40/src/png.c:4180:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CPB * BPL + 16], *tmp;
data/mtpaint-3.40/src/png.c:4190:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(file_name, "w"))) return -1;
data/mtpaint-3.40/src/png.c:4233:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf + l * CPB - 1, " };\n");
data/mtpaint-3.40/src/png.c:4253:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hdr[LSS_HSIZE], *dest, *tmp, *buf = NULL;
data/mtpaint-3.40/src/png.c:4258:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(file_name, "rb"))) return (-1);
data/mtpaint-3.40/src/png.c:4358:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(file_name, "wb")))
data/mtpaint-3.40/src/png.c:4473:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hdr[TGA_HSIZE], ftr[TGA_FSIZE], ext[TGA_EXTSIZE];
data/mtpaint-3.40/src/png.c:4474:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pal[256 * 4], xlat5[32], xlat67[128], trans[256];
data/mtpaint-3.40/src/png.c:4484:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(file_name, "rb"))) return (-1);
data/mtpaint-3.40/src/png.c:4724:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, buf + bstart, j);
data/mtpaint-3.40/src/png.c:4888:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hdr[TGA_HSIZE], ftr[TGA_FSIZE], pal[256 * 4];
data/mtpaint-3.40/src/png.c:4902:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(file_name, "wb")))
data/mtpaint-3.40/src/png.c:4995:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, tmp, l *= bpp);
data/mtpaint-3.40/src/png.c:5003:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, srca, bpp);
data/mtpaint-3.40/src/png.c:5013:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ftr + TGA_SIGN, "TRUEVISION-XFILE.", TGA_FSIZE - TGA_SIGN);
data/mtpaint-3.40/src/png.c:5068:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char planarconfig[8] = {
data/mtpaint-3.40/src/png.c:5072:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hdr[PCX_HSIZE], pbuf[769];
data/mtpaint-3.40/src/png.c:5080:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(file_name, "rb"))) return (-1);
data/mtpaint-3.40/src/png.c:5111:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(settings->pal, def_pal, sizeof(def_pal));
data/mtpaint-3.40/src/png.c:5120:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char cga_pals[8 * 3] = {
data/mtpaint-3.40/src/png.c:5224:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(settings->img[CHN_ALPHA] + y * w, row, w);
data/mtpaint-3.40/src/png.c:5258:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(file_name, "wb")))
data/mtpaint-3.40/src/png.c:5265:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, "\x0A\x05\x01\x08", 4); // Version 5 PCX, 8 bits/plane
data/mtpaint-3.40/src/png.c:5363:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tb[256];
data/mtpaint-3.40/src/png.c:5375:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/mtpaint-3.40/src/png.c:5398:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wbuf[512], *t1, *t2, *tail;
data/mtpaint-3.40/src/png.c:5528:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PNM_BUFSIZE + 2];
data/mtpaint-3.40/src/png.c:5742:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(file_name, "rb"))) return (-1);
data/mtpaint-3.40/src/png.c:5765:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(file_name, "rb"))) return (-1);
data/mtpaint-3.40/src/png.c:5774:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_WIDTH / 8], *src;
data/mtpaint-3.40/src/png.c:5781:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(file_name, "wb"))) return (-1);
data/mtpaint-3.40/src/png.c:5812:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(file_name, "wb"))) return (-1);
data/mtpaint-3.40/src/png.c:5852:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(file_name, "wb")))
data/mtpaint-3.40/src/png.c:5949:28: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (settings->bpp == 3) memcpy(dest, src, l);
data/mtpaint-3.40/src/png.c:6165:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[4096];
data/mtpaint-3.40/src/png.c:6171:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(file_name, "r"))) return (-1);
data/mtpaint-3.40/src/png.c:6210:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file_name, "w")) == NULL) return (-1);
data/mtpaint-3.40/src/png.c:6508:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem_img, settings.img, sizeof(chanlist));
data/mtpaint-3.40/src/png.c:6530:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(settings.img, mem_clip.img, sizeof(chanlist));
data/mtpaint-3.40/src/png.c:6586:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lim->image_.img, settings.img, sizeof(chanlist));
data/mtpaint-3.40/src/png.c:6715:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_name[PATHBUF + 32], *tmp;
data/mtpaint-3.40/src/png.c:6729:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, ".%03d", ani->cnt);
data/mtpaint-3.40/src/png.c:6735:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(w_set.img, frame->img, sizeof(chanlist));
data/mtpaint-3.40/src/png.c:6805:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_name[PATHBUF + 32];
data/mtpaint-3.40/src/png.c:6830:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(settings->img, mem_img, sizeof(chanlist));
data/mtpaint-3.40/src/png.c:6855:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch[16] = " .,:;+=itIYVXRBM";
data/mtpaint-3.40/src/png.c:6860:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file_name, "w")) == NULL) return -1;
data/mtpaint-3.40/src/png.c:6878:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[66], *stop;
data/mtpaint-3.40/src/png.c:6923:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char pnms[3] = { FT_PBM, FT_PGM, FT_PPM };
data/mtpaint-3.40/src/png.c:6934:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(++stop);
data/mtpaint-3.40/src/png.c:6996:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(name, "rb"))) return (-1);
data/mtpaint-3.40/src/png.c:7023:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/mtpaint-3.40/src/polygon.c:43:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char borders[MAX_WIDTH];
data/mtpaint-3.40/src/polygon.c:161:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (buf) memcpy(buf + y * wbuf + x0, borders + x0, x1);
data/mtpaint-3.40/src/prefs.c:80:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pref_lang_ini_code[PREF_LANGS] = { "system",
data/mtpaint-3.40/src/prefs.c:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[32];
data/mtpaint-3.40/src/prefs.c:125:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(txt, "tablet_axes_v%i", i);
data/mtpaint-3.40/src/prefs.c:144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[64];
data/mtpaint-3.40/src/prefs.c:152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[64];
data/mtpaint-3.40/src/prefs.c:250:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATHBUF];
data/mtpaint-3.40/src/prefs.c:431:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pref_langs[PREF_LANGS] = { _("Default System Language"),
data/mtpaint-3.40/src/prefs.c:451:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[PATHTXT];
data/mtpaint-3.40/src/prefs.c:727:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *devname, txt[64];
data/mtpaint-3.40/src/prefs.c:766:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(txt, "tablet_axes_v%i", i);
data/mtpaint-3.40/src/shifter.c:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[130];
data/mtpaint-3.40/src/shifter.c:269:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[32];
data/mtpaint-3.40/src/shifter.c:288:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(txt, "%i", i);
data/mtpaint-3.40/src/spawn.c:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1];
data/mtpaint-3.40/src/spawn.c:138:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATHBUF], nstub[NAMEBUF], ids[32], *c, *f = "tmp.png";
data/mtpaint-3.40/src/spawn.c:169:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(nstub, "tmp");
data/mtpaint-3.40/src/spawn.c:181:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (idx) sprintf(ids, "%d", idx);
data/mtpaint-3.40/src/spawn.c:184:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(buf, O_WRONLY | O_CREAT | O_EXCL, 0644);
data/mtpaint-3.40/src/spawn.c:190:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(nstub, "tmp"); /* Try again with "tmp" */
data/mtpaint-3.40/src/spawn.c:196:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(settings.img, mem_img, sizeof(chanlist));
data/mtpaint-3.40/src/spawn.c:272:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[4] = { getenv("COMSPEC"), "/C", cline, NULL };
data/mtpaint-3.40/src/spawn.c:274:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[4] = { "sh", "-c", cline, NULL };
data/mtpaint-3.40/src/spawn.c:308:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *faction_ini[3] = { "fact%dName", "fact%dCommand", "fact%dDir" };
data/mtpaint-3.40/src/spawn.c:313:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *comm, *dir, txt[64];
data/mtpaint-3.40/src/spawn.c:353:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[64], *nm, *cm;
data/mtpaint-3.40/src/spawn.c:426:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[64], path[PATHBUF];
data/mtpaint-3.40/src/spawn.c:452:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
spawn_expansion((char *)gtk_entry_get_text(GTK_ENTRY(faction_entry[1])),
data/mtpaint-3.40/src/spawn.c:453:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *)gtk_entry_get_text(GTK_ENTRY(faction_entry[2])));
data/mtpaint-3.40/src/spawn.c:461:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[64], paths[2][PATHTXT];
data/mtpaint-3.40/src/spawn.c:768:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATHBUF + 2], buf2[PATHBUF];
data/mtpaint-3.40/src/spawn.c:785:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[5];
data/mtpaint-3.40/src/thread.c:183:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tdata = res->threads[0]->data, data, dsize);
data/mtpaint-3.40/src/thread.c:194:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res->threads[i]->data, tdata, dsize);
data/mtpaint-3.40/src/thread.c:214:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, res->threads[0]->data, dsize);
data/mtpaint-3.40/src/thread.c:384:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tdata = res->threads[0]->data, data, dsize);
data/mtpaint-3.40/src/thread.c:409:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, res->threads[0]->data, dsize);
data/mtpaint-3.40/src/toolbar.c:55:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char mem_prev[PREVIEW_WIDTH * PREVIEW_HEIGHT * 3];
data/mtpaint-3.40/src/toolbar.c:159:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[32];
data/mtpaint-3.40/src/toolbar.c:296:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *rgbnames[3] = { _("Red"), _("Green"), _("Blue") };
data/mtpaint-3.40/src/toolbar.c:297:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *blends[BLEND_NMODES] = {
data/mtpaint-3.40/src/toolbar.c:904:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ts_titles[4] = { _("Size"), _("Flow"), _("Opacity"), "" };
data/mtpaint-3.40/src/toolbar.c:1039:52: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ _("Load Image File"), -1, MTB_OPEN, 0, XPM_ICON(open), DLG_FSEL, FS_PNG_LOAD },
data/mtpaint-3.40/src/toolbar.c:1218:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *xbm_list[TOTAL_CURSORS] = { xbm_square_bits, xbm_circle_bits,
data/mtpaint-3.40/src/toolbar.c:1230:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char cursor_tip[TOTAL_CURSORS][2] = { {0, 0}, {0, 0},
data/mtpaint-3.40/src/toolbar.c:1237:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[32];
data/mtpaint-3.40/src/toolbar.c:1250:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(txt, "toolbar%i", i);
data/mtpaint-3.40/src/toolbar.c:1303:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[GP_WIDTH * GP_HEIGHT * 3], cset[3];
data/mtpaint-3.40/src/toolbar.c:1304:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pal[256 * 3], *tmp = NULL, *dest;
data/mtpaint-3.40/src/toolbar.c:1381:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[32];
data/mtpaint-3.40/src/toolbar.c:1600:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[32];
data/mtpaint-3.40/src/toolbar.c:1604:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(txt, "toolbar%i", i);
data/mtpaint-3.40/src/toolbar.c:1623:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char bar[4] =
data/mtpaint-3.40/src/toolbar.c:1669:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem_prev + o, mem_brushes + o2, 32 * 3);
data/mtpaint-3.40/src/toolbar.c:1702:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, dest - 8 * 3, 8 * 3);
data/mtpaint-3.40/src/toolbar.c:1703:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + 8 * 3, dest - 8 * 3, 2 * 8 * 3);
data/mtpaint-3.40/src/toolbar.c:1705:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, dest - PAT_8ROW_L, PAT_8ROW_L);
data/mtpaint-3.40/src/toolbar.c:1706:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + PAT_8ROW_L, dest - PAT_8ROW_L, 2 * PAT_8ROW_L);
data/mtpaint-3.40/src/toolbar.c:1767:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char AA[3], BB[3], *tmp;
data/mtpaint-3.40/src/viewer.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt2[PATHTXT];
data/mtpaint-3.40/src/viewer.c:120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[128], **tmp, *res, *strs[HELP_PAGE_MAX + 1];
data/mtpaint-3.40/src/viewer.c:640:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, tmp - step, mw * 3);
data/mtpaint-3.40/src/viewer.c:1102:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bkg[3], *src, *dest, *tmp, *pix = img, *mask = NULL;
data/mtpaint-3.40/src/viewer.c:1167:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, tmp + l8 * j, w8);
data/mtpaint-3.40/src/viewer.c:1173:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(src + k8, src, k);
data/mtpaint-3.40/src/ani.c:337:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "\n");
data/mtpaint-3.40/src/ani.c:383:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(txt) );
data/mtpaint-3.40/src/ani.c:412:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ani_file_prefix, "f");
data/mtpaint-3.40/src/ani.c:462:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( tx == NULL ) tot = strlen(txt);
data/mtpaint-3.40/src/ani.c:502:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( tx == NULL ) tot = strlen(txt);
data/mtpaint-3.40/src/ani.c:740:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(output_path);
data/mtpaint-3.40/src/canvas.c:184:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "}");
data/mtpaint-3.40/src/canvas.c:1907:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(fname);
data/mtpaint-3.40/src/canvas.c:1908:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(ext);
data/mtpaint-3.40/src/canvas.c:1911:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fname + i + 1, ext, j + 1);
data/mtpaint-3.40/src/canvas.c:1992:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(gif2) - 1; i >= 0; i--)
data/mtpaint-3.40/src/canvas.c:2052:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(txt, mem_filename, PATHBUF);
data/mtpaint-3.40/src/canvas.c:2054:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(txt, layers_filename, PATHBUF);
data/mtpaint-3.40/src/canvas.c:3241:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(t) < 2) // Hide if empty
data/mtpaint-3.40/src/font.c:756:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nspace += strlen(fo->font_name) + 1;
data/mtpaint-3.40/src/font.c:763:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nspace += strlen(st->style_name) + 1;
data/mtpaint-3.40/src/font.c:778:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nspace += strlen(fl->filename) + 1;
data/mtpaint-3.40/src/font.c:827:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( inifile_get( "textString", "" ) ),
data/mtpaint-3.40/src/font.c:1217:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(txt)>0 && i<TX_MAX_DIRS )
data/mtpaint-3.40/src/fpick.c:396:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(win->combo_items[i], win->combo_items[i-1], PATHTXT);
data/mtpaint-3.40/src/fpick.c:398:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(win->combo_items[0], txt, PATHTXT); // Add item to list
data/mtpaint-3.40/src/fpick.c:437:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (cp = buf; *cp; cp += strlen(cp) + 1)
data/mtpaint-3.40/src/fpick.c:491:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(full_name);
data/mtpaint-3.40/src/fpick.c:508:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(full_name);
data/mtpaint-3.40/src/fpick.c:530:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(win->txt_directory, full_name, PATHBUF);
data/mtpaint-3.40/src/fpick.c:650:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ndir, fp->txt_directory, PATHBUF);
data/mtpaint-3.40/src/fpick.c:651:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(ndir);
data/mtpaint-3.40/src/fpick.c:809:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fnm, fp->txt_directory, PATHBUF);
data/mtpaint-3.40/src/fpick.c:810:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(fnm);
data/mtpaint-3.40/src/fpick.c:994:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(mask);
data/mtpaint-3.40/src/fpick.c:1394:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
raw = strlen(buf);
data/mtpaint-3.40/src/inifile.c:79:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t2 = tmp = calloc(1, strlen(src) * 2 + 1);
data/mtpaint-3.40/src/inifile.c:293:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(str) + 1;
data/mtpaint-3.40/src/layer.c:504:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(layers_filename, name, PATHBUF);
data/mtpaint-3.40/src/layer.c:533:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cp = txt + strlen(txt) - 1;
data/mtpaint-3.40/src/layer.c:663:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lname = strlen(file_name);
data/mtpaint-3.40/src/layer.c:783:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, file + i, PATHBUF);
data/mtpaint-3.40/src/main.c:183:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (l + 1 + strlen(dp->path) >= PATHBUF) // Too long
data/mtpaint-3.40/src/main.c:190:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dp->lpath = strlen(buf);
data/mtpaint-3.40/src/main.c:215:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (l + strlen(ep->d_name) >= PATHBUF) // Too long
data/mtpaint-3.40/src/main.c:227:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dp[1].lpath = strlen(buf);
data/mtpaint-3.40/src/mainwindow.c:4233:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = wjmalloc(mem, l + strlen(s) + 1, 1);
data/mtpaint-3.40/src/mainwindow.c:4275:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(rnames[rn]);
data/mtpaint-3.40/src/mainwindow.c:4291:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wf.path = wjmalloc(mem, l + strlen(rnames[i]) + 1, 1);
data/mtpaint-3.40/src/mygtk.c:575:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u = strlen(src);
data/mtpaint-3.40/src/mygtk.c:588:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(dest);
data/mtpaint-3.40/src/mygtk.c:589:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (max > l) strncpy(dest + l, src, max - l - 1);
data/mtpaint-3.40/src/mygtk.c:606:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((s = va_arg(args, char *))) max += strlen(s);
data/mtpaint-3.40/src/mygtk.c:623:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ll = strlen(s);
data/mtpaint-3.40/src/mygtk.c:634:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int dl = strlen(dir);
data/mtpaint-3.40/src/mygtk.c:1047:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, l = strlen(inikey);
data/mtpaint-3.40/src/mygtk.c:1064:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, l = strlen(inikey), xywh[4] = { defx, defy, defw, defh };
data/mtpaint-3.40/src/mygtk.c:3559:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, tmp, buflen);
data/mtpaint-3.40/src/mygtk.h:147:26: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define strncpy0(A,B,C) (strncpy((A), (B), (C))[(C) - 1] = 0)
data/mtpaint-3.40/src/png.c:978:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(unknown0.name, chunk_names[i], 5);
data/mtpaint-3.40/src/png.c:1731:9: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mode = umask(0022);
data/mtpaint-3.40/src/png.c:1732:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(mode);
data/mtpaint-3.40/src/png.c:3575:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(buf);
data/mtpaint-3.40/src/png.c:3816:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(r2);
data/mtpaint-3.40/src/png.c:3880:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
settings->rgb_trans = j = strlen(cmap);
data/mtpaint-3.40/src/png.c:4148:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc(fp)) == EOF) goto fail2;
data/mtpaint-3.40/src/png.c:6215:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!l) tpl = "mtPaint" , l = strlen("mtPaint");
data/mtpaint-3.40/src/png.c:6728:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = new_name + strlen(new_name);
data/mtpaint-3.40/src/png.c:6809:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_name, file_name, PATHBUF);
data/mtpaint-3.40/src/png.c:6810:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenny = strlen( file_name );
data/mtpaint-3.40/src/png.c:6927:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!memcmp(buf, "GIMP Palette", strlen("GIMP Palette"))) return (FT_GPL);
data/mtpaint-3.40/src/png.c:6930:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!memcmp(buf, LAYERS_HEADER, strlen(LAYERS_HEADER)))
data/mtpaint-3.40/src/spawn.c:44:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!env || !*env || (strlen(env) >= PATHBUF)) // Bad if too long
data/mtpaint-3.40/src/spawn.c:104:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(name) + 1, ALIGNOF(tempfile))))
data/mtpaint-3.40/src/spawn.c:172:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wjstrcat(nstub, NAMEBUF, f, c ? c - f : strlen(f), NULL);
data/mtpaint-3.40/src/spawn.c:620:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (grandchild > 0) res = read(fds[0], &err, sizeof(err));
data/mtpaint-3.40/src/spawn.c:807:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(docs);
data/mtpaint-3.40/src/toolbar.c:142:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(txt) > 2) // Weed out bogus calls
ANALYSIS SUMMARY:
Hits = 627
Lines analyzed = 53600 in approximately 1.33 seconds (40397 lines/second)
Physical Source Lines of Code (SLOC) = 41804
Hits@level = [0] 150 [1] 73 [2] 516 [3] 9 [4] 27 [5] 2
Hits@level+ = [0+] 777 [1+] 627 [2+] 554 [3+] 38 [4+] 29 [5+] 2
Hits/KSLOC@level+ = [0+] 18.5867 [1+] 14.9986 [2+] 13.2523 [3+] 0.909004 [4+] 0.693714 [5+] 0.0478423
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.