Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mypaint-2.0.1/lib/helpers2.hpp
Examining data/mypaint-2.0.1/lib/pythontiledsurface.h
Examining data/mypaint-2.0.1/lib/python_brush.hpp
Examining data/mypaint-2.0.1/lib/tiledsurface.hpp
Examining data/mypaint-2.0.1/lib/pythontiledsurface.cpp
Examining data/mypaint-2.0.1/lib/mypaintlib.hpp
Examining data/mypaint-2.0.1/lib/colorchanger_wash.hpp
Examining data/mypaint-2.0.1/lib/gdkpixbuf2numpy.hpp
Examining data/mypaint-2.0.1/lib/compositing.hpp
Examining data/mypaint-2.0.1/lib/fastapprox/fasttrig.h
Examining data/mypaint-2.0.1/lib/fastapprox/fastexp.h
Examining data/mypaint-2.0.1/lib/fastapprox/fastgamma.h
Examining data/mypaint-2.0.1/lib/fastapprox/sse.h
Examining data/mypaint-2.0.1/lib/fastapprox/fastlambertw.h
Examining data/mypaint-2.0.1/lib/fastapprox/fasterf.h
Examining data/mypaint-2.0.1/lib/fastapprox/fastonebigheader.h
Examining data/mypaint-2.0.1/lib/fastapprox/cast.h
Examining data/mypaint-2.0.1/lib/fastapprox/fastpow.h
Examining data/mypaint-2.0.1/lib/fastapprox/fastlog.h
Examining data/mypaint-2.0.1/lib/fastapprox/fastsigmoid.h
Examining data/mypaint-2.0.1/lib/fastapprox/fasthyperbolic.h
Examining data/mypaint-2.0.1/lib/blending.hpp
Examining data/mypaint-2.0.1/lib/common.hpp
Examining data/mypaint-2.0.1/lib/colorchanger_crossed_bowl.hpp
Examining data/mypaint-2.0.1/lib/pixops.hpp
Examining data/mypaint-2.0.1/lib/fix15.hpp
Examining data/mypaint-2.0.1/lib/colorring.hpp
Examining data/mypaint-2.0.1/lib/surface.hpp
Examining data/mypaint-2.0.1/lib/fastpng.cpp
Examining data/mypaint-2.0.1/lib/brushsettings.cpp
Examining data/mypaint-2.0.1/lib/gdkpixbuf2numpy.cpp
Examining data/mypaint-2.0.1/lib/mapping.hpp
Examining data/mypaint-2.0.1/lib/pixops.cpp
Examining data/mypaint-2.0.1/lib/brush.hpp
Examining data/mypaint-2.0.1/lib/fastpng.hpp
Examining data/mypaint-2.0.1/lib/brushsettings.hpp
Examining data/mypaint-2.0.1/lib/fill/gap_detection.hpp
Examining data/mypaint-2.0.1/lib/fill/floodfill.hpp
Examining data/mypaint-2.0.1/lib/fill/gap_closing_fill.cpp
Examining data/mypaint-2.0.1/lib/fill/morphology.hpp
Examining data/mypaint-2.0.1/lib/fill/fill_common.cpp
Examining data/mypaint-2.0.1/lib/fill/fill_constants.hpp
Examining data/mypaint-2.0.1/lib/fill/blur.cpp
Examining data/mypaint-2.0.1/lib/fill/blur_swig.hpp
Examining data/mypaint-2.0.1/lib/fill/morphology.cpp
Examining data/mypaint-2.0.1/lib/fill/fill_common.hpp
Examining data/mypaint-2.0.1/lib/fill/floodfill.cpp
Examining data/mypaint-2.0.1/lib/fill/gap_detection.cpp
Examining data/mypaint-2.0.1/lib/fill/blur.hpp
Examining data/mypaint-2.0.1/lib/fill/morphology_swig.hpp
Examining data/mypaint-2.0.1/lib/fill/fill_constants.cpp
FINAL RESULTS:
data/mypaint-2.0.1/lib/fastpng.cpp:494:11: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
len = MultiByteToWideChar(CP_UTF8, MB_ERR_INVALID_CHARS, filename, -1, NULL, 0);
data/mypaint-2.0.1/lib/fastpng.cpp:500:13: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, MB_ERR_INVALID_CHARS, filename, -1, buf, len);
data/mypaint-2.0.1/lib/fastpng.cpp:509:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "rb");
data/mypaint-2.0.1/lib/pixops.cpp:76:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, MYPAINT_TILE_SIZE*MYPAINT_TILE_SIZE*4*sizeof(uint16_t));
data/mypaint-2.0.1/lib/fill/fill_common.cpp:89:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
input[y_i][x_i] = in_px.read();
data/mypaint-2.0.1/lib/fill/fill_common.hpp:115:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const C read() { return *pixel; }
data/mypaint-2.0.1/lib/fill/fill_common.hpp:172:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
C first = px.read();
data/mypaint-2.0.1/lib/fill/fill_common.hpp:175:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (first != px.read()) return false;
data/mypaint-2.0.1/lib/fill/floodfill.cpp:330:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (dst_px.read()) {
data/mypaint-2.0.1/lib/fill/floodfill.cpp:334:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
chan_t alpha = pixel_fill_alpha(src_px.read());
data/mypaint-2.0.1/lib/fill/floodfill.cpp:383:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dst_px.write(pixel_fill_alpha(src_px.read()));
data/mypaint-2.0.1/lib/fill/floodfill.cpp:403:62: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dst_px.write(rgba(fill_r, fill_g, fill_b, src_px.read()));
ANALYSIS SUMMARY:
Hits = 12
Lines analyzed = 10714 in approximately 1.13 seconds (9482 lines/second)
Physical Source Lines of Code (SLOC) = 6920
Hits@level = [0] 8 [1] 8 [2] 4 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 20 [1+] 12 [2+] 4 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 2.89017 [1+] 1.7341 [2+] 0.578035 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.