Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/openimageio-2.2.7.0+dfsg/src/bmp.imageio/bmp_pvt.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/bmp.imageio/bmp_pvt.h
Examining data/openimageio-2.2.7.0+dfsg/src/bmp.imageio/bmpinput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/bmp.imageio/bmpoutput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/cineoninput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/BaseTypeConverter.h
Examining data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/Cineon.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/Cineon.h
Examining data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/CineonHeader.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/CineonHeader.h
Examining data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/CineonStream.h
Examining data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/Codec.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/Codec.h
Examining data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/ElementReadStream.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/ElementReadStream.h
Examining data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/EndianSwap.h
Examining data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/InStream.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/OutStream.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/Reader.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/ReaderInternal.h
Examining data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/Writer.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/WriterInternal.h
Examining data/openimageio-2.2.7.0+dfsg/src/dds.imageio/dds_pvt.h
Examining data/openimageio-2.2.7.0+dfsg/src/dds.imageio/ddsinput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/dds.imageio/squish/alpha.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/dds.imageio/squish/alpha.h
Examining data/openimageio-2.2.7.0+dfsg/src/dds.imageio/squish/clusterfit.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/dds.imageio/squish/clusterfit.h
Examining data/openimageio-2.2.7.0+dfsg/src/dds.imageio/squish/colourblock.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/dds.imageio/squish/colourblock.h
Examining data/openimageio-2.2.7.0+dfsg/src/dds.imageio/squish/colourfit.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/dds.imageio/squish/colourfit.h
Examining data/openimageio-2.2.7.0+dfsg/src/dds.imageio/squish/colourset.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/dds.imageio/squish/colourset.h
Examining data/openimageio-2.2.7.0+dfsg/src/dds.imageio/squish/config.h
Examining data/openimageio-2.2.7.0+dfsg/src/dds.imageio/squish/maths.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/dds.imageio/squish/maths.h
Examining data/openimageio-2.2.7.0+dfsg/src/dds.imageio/squish/rangefit.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/dds.imageio/squish/rangefit.h
Examining data/openimageio-2.2.7.0+dfsg/src/dds.imageio/squish/simd.h
Examining data/openimageio-2.2.7.0+dfsg/src/dds.imageio/squish/simd_float.h
Examining data/openimageio-2.2.7.0+dfsg/src/dds.imageio/squish/simd_sse.h
Examining data/openimageio-2.2.7.0+dfsg/src/dds.imageio/squish/simd_ve.h
Examining data/openimageio-2.2.7.0+dfsg/src/dds.imageio/squish/singlecolourfit.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/dds.imageio/squish/singlecolourfit.h
Examining data/openimageio-2.2.7.0+dfsg/src/dds.imageio/squish/squish.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/dds.imageio/squish/squish.h
Examining data/openimageio-2.2.7.0+dfsg/src/dicom.imageio/dicominput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/doc/mainpage.h
Examining data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/dpxinput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/dpxoutput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/BaseTypeConverter.h
Examining data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/Codec.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/Codec.h
Examining data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/DPX.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/DPX.h
Examining data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/DPXColorConverter.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/DPXColorConverter.h
Examining data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/DPXHeader.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/DPXHeader.h
Examining data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/DPXStream.h
Examining data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/ElementReadStream.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/ElementReadStream.h
Examining data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/EndianSwap.h
Examining data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/InStream.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/OutStream.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/Reader.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/ReaderInternal.h
Examining data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/RunLengthEncoding.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/RunLengthEncoding.h
Examining data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/Writer.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/WriterInternal.h
Examining data/openimageio-2.2.7.0+dfsg/src/ffmpeg.imageio/ffmpeginput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/field3d.imageio/field3d_backdoor.h
Examining data/openimageio-2.2.7.0+dfsg/src/field3d.imageio/field3d_pvt.h
Examining data/openimageio-2.2.7.0+dfsg/src/field3d.imageio/field3dinput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/field3d.imageio/field3doutput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/fits.imageio/fits_pvt.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/fits.imageio/fits_pvt.h
Examining data/openimageio-2.2.7.0+dfsg/src/fits.imageio/fitsinput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/fits.imageio/fitsoutput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/gif.imageio/gif.h
Examining data/openimageio-2.2.7.0+dfsg/src/gif.imageio/gifinput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/gif.imageio/gifoutput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/hdr.imageio/hdrinput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/hdr.imageio/hdroutput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/hdr.imageio/rgbe.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/hdr.imageio/rgbe.h
Examining data/openimageio-2.2.7.0+dfsg/src/heif.imageio/heifinput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/heif.imageio/heifoutput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/ico.imageio/ico.h
Examining data/openimageio-2.2.7.0+dfsg/src/ico.imageio/icoinput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/ico.imageio/icooutput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/iconvert/iconvert.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/idiff/idiff.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iff_pvt.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iff_pvt.h
Examining data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iffinput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iffoutput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/igrep/igrep.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/iinfo/iinfo.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/argparse.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/array_view.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/atomic.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/attrdelegate.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/benchmark.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/color.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/dassert.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/deepdata.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugiconfig.hpp
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.hpp
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/errorhandler.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/export.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/filesystem.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/filter.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/fmath.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/fstream_mingw.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/function_view.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/hash.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/image_view.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/imagebuf.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/imagebufalgo.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/imagebufalgo_util.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/imagecache.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/imageio.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/missing_math.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/optparser.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/parallel.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/paramlist.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/platform.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/plugin.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/refcnt.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/simd.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/span.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/strided_ptr.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/string_view.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/strutil.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/sysutil.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/texture.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/thread.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/tiffutils.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/timer.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/typedesc.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/unittest.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/unordered_map_concurrent.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/ustring.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/varyingref.h
Examining data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/version.h
Examining data/openimageio-2.2.7.0+dfsg/src/iv/imageviewer.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/iv/imageviewer.h
Examining data/openimageio-2.2.7.0+dfsg/src/iv/ivgl.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/iv/ivgl.h
Examining data/openimageio-2.2.7.0+dfsg/src/iv/ivimage.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/iv/ivinfowin.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/iv/ivmain.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/iv/ivpref.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/iv/ivutils.h
Examining data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpeg_pvt.h
Examining data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpeginput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpegoutput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/jpeg2000.imageio/jpeg2000input.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/jpeg2000.imageio/jpeg2000output.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/color_ocio.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/compute_test.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/deepdata.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/exif-canon.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/exif.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/exif.h
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebuf.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebuf_test.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_addsub.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_channels.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_compare.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_copy.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_deep.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_draw.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_mad.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_muldiv.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_opencv.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_orient.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_pixelmath.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_test.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_xform.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_yee.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagecache_test.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageinout_test.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageinput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageio.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageioplugin.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageoutput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagespec_test.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagespeed_test.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/iptc.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/maketexture.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/xmp.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libtexture/environment.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache_pvt.h
Examining data/openimageio-2.2.7.0+dfsg/src/libtexture/texoptions.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libtexture/texture3d.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libtexture/texture_pvt.h
Examining data/openimageio-2.2.7.0+dfsg/src/libtexture/texturesys.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.h
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/argparse.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/argparse_test.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/atomic_test.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/benchmark.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/errorhandler.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/farmhash.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem_test.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/filter.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/filter_test.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/fmath_test.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/hash_test.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/hashes.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/optparser_test.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/parallel_test.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/paramlist.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/paramlist_test.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/plugin.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/simd_test.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/span_test.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/spin_rw_test.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/spinlock_test.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/stb_sprintf.h
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/strutil.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/sysutil.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/thread.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/thread_test.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/timer.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/timer_test.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/typedesc.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/ustring.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/ustring_test.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/libutil/xxhash.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/maketx/maketx.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/nuke/txReader/txReader.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/nuke/txWriter/txWriter.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/null.imageio/nullimageio.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/oiiotool/diff.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/oiiotool/imagerec.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.h
Examining data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/openexr.imageio/exrinput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/openexr.imageio/exroutput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/openvdb.imageio/openvdbinput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/png.imageio/png_pvt.h
Examining data/openimageio-2.2.7.0+dfsg/src/png.imageio/pnginput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/png.imageio/pngoutput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/pnm.imageio/pnminput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/pnm.imageio/pnmoutput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/psd.imageio/jpeg_memory_src.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/psd.imageio/jpeg_memory_src.h
Examining data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psd_pvt.h
Examining data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/ptex.imageio/ptexinput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/python/py_colorconfig.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/python/py_deepdata.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/python/py_imagebuf.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/python/py_imagebufalgo.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/python/py_imagecache.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/python/py_imageinput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/python/py_imageoutput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/python/py_imagespec.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/python/py_oiio.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/python/py_oiio.h
Examining data/openimageio-2.2.7.0+dfsg/src/python/py_paramvalue.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/python/py_roi.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/python/py_typedesc.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/r3d.imageio/r3dinput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/raw.imageio/rawinput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rla_pvt.h
Examining data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rlainput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rlaoutput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/sgi.imageio/sgi_pvt.h
Examining data/openimageio-2.2.7.0+dfsg/src/sgi.imageio/sgiinput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/sgi.imageio/sgioutput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/socket.imageio/socket_pvt.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/socket.imageio/socket_pvt.h
Examining data/openimageio-2.2.7.0+dfsg/src/socket.imageio/socketinput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/socket.imageio/socketoutput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/softimage.imageio/softimage_pvt.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/softimage.imageio/softimage_pvt.h
Examining data/openimageio-2.2.7.0+dfsg/src/softimage.imageio/softimageinput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targa_pvt.h
Examining data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targaoutput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/term.imageio/termoutput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/testtex/testtex.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/tiff.imageio/tiffinput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/tiff.imageio/tiffoutput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/webp.imageio/webpinput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/webp.imageio/webpoutput.cpp
Examining data/openimageio-2.2.7.0+dfsg/src/zfile.imageio/zfile.cpp
FINAL RESULTS:
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.h:167:9: [5] (buffer) _getts:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
#define _getts gets
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.h:167:16: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
#define _getts gets
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.h:295:8: [5] (buffer) _getts:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
#undef _getts
data/openimageio-2.2.7.0+dfsg/src/libutil/sysutil.cpp:238:25: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
int r = readlink("/proc/self/exe", filename, size);
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/cineoninput.cpp:116:43: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string ch = Strutil::sprintf("I%d", gscount);
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/cineoninput.cpp:124:43: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string ch = Strutil::sprintf("R%d", rcount);
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/cineoninput.cpp:132:43: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string ch = Strutil::sprintf("G%d", gcount);
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/cineoninput.cpp:140:43: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string ch = Strutil::sprintf("B%d", bcount);
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/cineoninput.cpp:146:39: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string ch = Strutil::sprintf("channel%d",
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/cineoninput.cpp:187:39: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("GammaCorrected%.2g", g));
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/cineoninput.cpp:204:35: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("%s %s", m_cin.header.creationDate,
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/cineoninput.cpp:335:35: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("%s %s", m_cin.header.sourceDate,
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/WriterInternal.h:83:85: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
void RleCompress(IB *src, IB *dst, const int bufsize, const int len, BufferAccess &access)
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/WriterInternal.h:118:3: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access.offset = index;
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/WriterInternal.h:119:3: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access.length = bufsize - index;
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/WriterInternal.h:124:92: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
void WritePackedMethod(IB *src, IB *dst, const int len, const bool reverse, BufferAccess &access)
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/WriterInternal.h:145:39: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
U32 value = static_cast<U32>(src[i+access.offset]) >> shift;
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/WriterInternal.h:177:3: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access.offset = 0;
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/WriterInternal.h:178:3: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access.length = (((len * BITDEPTH) / 32) + ((len * BITDEPTH) % 32 ? 1 : 0)) * 2;
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/WriterInternal.h:185:100: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
void WritePackedMethodAB_10bit(IB *src, IB *dst, const int len, const bool reverse, BufferAccess &access)
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/WriterInternal.h:218:40: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
U32 comp = ((static_cast<U32>(src[i+access.offset]) >> shift) << (bitdepth * rem)) << method_shift;
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/WriterInternal.h:230:3: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access.offset = 0;
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/WriterInternal.h:231:3: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access.length = ((len / 3) + (len % 3 ? 1 : 0)) * 2;
data/openimageio-2.2.7.0+dfsg/src/dicom.imageio/dicominput.cpp:272:41: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string name = Strutil::sprintf("dicom:%s", tag.getTagName());
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/dpxinput.cpp:302:39: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string ch = Strutil::sprintf("channel%d", i);
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/dpxinput.cpp:335:39: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("GammaCorrected%.2g", g));
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/dpxinput.cpp:548:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
tmpstr = Strutil::sprintf("Undefined %d", (int)m_dpx.header.Signal());
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/WriterInternal.h:103:85: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
void RleCompress(IB *src, IB *dst, const int bufsize, const int len, BufferAccess &access)
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/WriterInternal.h:144:92: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
void WritePackedMethod(IB *src, IB *dst, const int len, const bool reverse, BufferAccess &access)
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/WriterInternal.h:165:39: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
U32 value = static_cast<U32>(src[i+access.offset]) >> shift;
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/WriterInternal.h:197:3: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access.offset = 0;
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/WriterInternal.h:198:3: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access.length = (((len * BITDEPTH) / 32) + ((len * BITDEPTH) % 32 ? 1 : 0)) * 2;
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/WriterInternal.h:205:100: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
void WritePackedMethodAB_10bit(IB *src, IB *dst, const int len, const bool reverse, BufferAccess &access)
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/WriterInternal.h:238:40: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
U32 comp = ((static_cast<U32>(src[i+access.offset]) >> shift) << (bitdepth * rem)) << method_shift;
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/WriterInternal.h:250:3: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access.offset = 0;
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/WriterInternal.h:251:3: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access.length = ((len / 3) + (len % 3 ? 1 : 0)) * 2;
data/openimageio-2.2.7.0+dfsg/src/field3d.imageio/field3dinput.cpp:201:37: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
= duplicates ? Strutil::sprintf("%s.%u:%s", lay.name,
data/openimageio-2.2.7.0+dfsg/src/field3d.imageio/field3dinput.cpp:203:37: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
: Strutil::sprintf("%s:%s", lay.name, lay.attribute);
data/openimageio-2.2.7.0+dfsg/src/field3d.imageio/field3doutput.cpp:92:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return ustring::sprintf("Field3d %d.%d.%d", FIELD3D_MAJOR_VER,
data/openimageio-2.2.7.0+dfsg/src/fits.imageio/fitsinput.cpp:422:26: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
ndate = Strutil::sprintf("%04u:%02u:%02u", stoi(&date[0]),
data/openimageio-2.2.7.0+dfsg/src/fits.imageio/fitsinput.cpp:425:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
ndate += Strutil::sprintf(" %02u:%02u:%02u", stoi(&date[11]),
data/openimageio-2.2.7.0+dfsg/src/fits.imageio/fitsinput.cpp:432:26: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
ndate = Strutil::sprintf("19%02u:%02u:%02u 00:00:00", stoi(&date[6]),
data/openimageio-2.2.7.0+dfsg/src/fits.imageio/fitsoutput.cpp:209:32: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
value = Strutil::sprintf("%04u-%02u-%02uT%02u:%02u:%02u",
data/openimageio-2.2.7.0+dfsg/src/hdr.imageio/hdrinput.cpp:144:39: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("GammaCorrected%.2g", g));
data/openimageio-2.2.7.0+dfsg/src/hdr.imageio/rgbe.cpp:76:23: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
errbuf = Strutil::sprintf ("RGBE bad file format: %s\n", msg);
data/openimageio-2.2.7.0+dfsg/src/hdr.imageio/rgbe.cpp:80:23: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
errbuf = Strutil::sprintf ("RGBE error: %s\n",msg);
data/openimageio-2.2.7.0+dfsg/src/iconvert/iconvert.cpp:323:47: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
: Strutil::sprintf("Could not open \"%s\"",
data/openimageio-2.2.7.0+dfsg/src/iconvert/iconvert.cpp:418:46: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
: Strutil::sprintf("Could not open \"%s\"",
data/openimageio-2.2.7.0+dfsg/src/iinfo/iinfo.cpp:55:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
using Strutil::printf;
data/openimageio-2.2.7.0+dfsg/src/iinfo/iinfo.cpp:410:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return ustring::sprintf("uint%d", bits).c_str();
data/openimageio-2.2.7.0+dfsg/src/iinfo/iinfo.cpp:413:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return ustring::sprintf("int%d", bits).c_str();
data/openimageio-2.2.7.0+dfsg/src/iinfo/iinfo.cpp:430:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return ustring::sprintf("f%d", bits).c_str();
data/openimageio-2.2.7.0+dfsg/src/iinfo/iinfo.cpp:432:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return ustring::sprintf("i%d", bits).c_str();
data/openimageio-2.2.7.0+dfsg/src/iinfo/iinfo.cpp:434:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return ustring::sprintf("u%d", bits).c_str();
data/openimageio-2.2.7.0+dfsg/src/iinfo/iinfo.cpp:686:32: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
err = Strutil::sprintf("Could not open file.");
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/dassert.h:85:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
: (std::fprintf(stderr, \
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/errorhandler.h:153:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
info(Strutil::sprintf(format, args...));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/errorhandler.h:160:30: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
warning(Strutil::sprintf(format, args...));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/errorhandler.h:166:24: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
error(Strutil::sprintf(format, args...));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/errorhandler.h:172:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
severe(Strutil::sprintf(format, args...));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/errorhandler.h:179:30: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
message(Strutil::sprintf(format, args...));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/errorhandler.h:187:24: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
debug(Strutil::sprintf(format, args...));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/imagebuf.h:953:24: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
error(Strutil::sprintf(fmt, args...));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/imageio.h:1592:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
append_error(Strutil::sprintf (fmt, args...));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/imageio.h:2213:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
append_error(Strutil::sprintf (fmt, args...));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/imageio.h:2760:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
debug (Strutil::sprintf(fmt, v1, args...));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/optparser.h:25:14: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
optparse1(C& system, const std::string& opt)
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/optparser.h:44:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return system.attribute(name, Strutil::stof(value)); // float
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/optparser.h:46:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return system.attribute(name, Strutil::stoi(value)); // int
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/optparser.h:55:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return system.attribute(name, value);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/optparser.h:68:14: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
optparser(C& system, const std::string& optstring)
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/optparser.h:99:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ok &= optparse1(system, opt);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/strutil.h:78:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, fmtarg_pos, vararg_pos) ))
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/strutil.h:106:20: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
inline std::string sprintf (const char* fmt, const Args&... args)
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/strutil.h:108:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return ::fmt::sprintf (fmt, args...);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/strutil.h:150:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return Strutil::sprintf (fmt, args...);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/strutil.h:179:13: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
inline void printf (const char* fmt, const Args&... args)
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/strutil.h:181:35: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sync_output (stdout, Strutil::sprintf(fmt, args...));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/strutil.h:185:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
inline void fprintf (FILE *file, const char* fmt, const Args&... args)
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/strutil.h:187:33: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sync_output (file, Strutil::sprintf(fmt, args...));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/strutil.h:191:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
inline void fprintf (std::ostream &file, const char* fmt, const Args&... args)
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/strutil.h:193:33: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sync_output (file, Strutil::sprintf(fmt, args...));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/strutil.h:233:22: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string OIIO_API vsprintf (const char *fmt, va_list ap)
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/ustring.h:642:20: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
static ustring sprintf(const char* fmt, const Args&... args)
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/ustring.h:644:33: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return ustring(Strutil::sprintf(fmt, args...));
data/openimageio-2.2.7.0+dfsg/src/iv/imageviewer.cpp:867:24: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
message = Strutil::sprintf("%s - iv Image Viewer", img->name().c_str());
data/openimageio-2.2.7.0+dfsg/src/iv/imageviewer.cpp:883:24: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
message = Strutil::sprintf("(%d/%d) : ", m_current_image + 1,
data/openimageio-2.2.7.0+dfsg/src/iv/imageviewer.cpp:891:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
message = Strutil::sprintf("RGBA (%d-%d)", m_current_channel,
data/openimageio-2.2.7.0+dfsg/src/iv/imageviewer.cpp:895:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
message = Strutil::sprintf("RGB (%d-%d)", m_current_channel,
data/openimageio-2.2.7.0+dfsg/src/iv/imageviewer.cpp:899:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
message = Strutil::sprintf("Lum (%d-%d)", m_current_channel,
data/openimageio-2.2.7.0+dfsg/src/iv/imageviewer.cpp:908:33: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
message += Strutil::sprintf("%d", m_current_channel);
data/openimageio-2.2.7.0+dfsg/src/iv/imageviewer.cpp:910:32: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
message = Strutil::sprintf("chan %d", m_current_channel);
data/openimageio-2.2.7.0+dfsg/src/iv/imageviewer.cpp:914:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
message += Strutil::sprintf(" %g:%g exp %+.1f gam %.2f",
data/openimageio-2.2.7.0+dfsg/src/iv/imageviewer.cpp:920:33: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
message += Strutil::sprintf(" subimg AUTO (%d/%d)",
data/openimageio-2.2.7.0+dfsg/src/iv/imageviewer.cpp:924:33: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
message += Strutil::sprintf(" subimg %d/%d", cur()->subimage() + 1,
data/openimageio-2.2.7.0+dfsg/src/iv/imageviewer.cpp:929:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
message += Strutil::sprintf(" MIP %d/%d", cur()->miplevel() + 1,
data/openimageio-2.2.7.0+dfsg/src/iv/ivgl.cpp:835:34: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string s = Strutil::sprintf("(%d, %d)", (int)real_xp + spec.x,
data/openimageio-2.2.7.0+dfsg/src/iv/ivgl.cpp:845:30: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
s = Strutil::sprintf("%s: %3d (%5.3f)",
data/openimageio-2.2.7.0+dfsg/src/iv/ivgl.cpp:852:30: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
s = Strutil::sprintf("%s: %3d (%5.3f)",
data/openimageio-2.2.7.0+dfsg/src/iv/ivgl.cpp:857:30: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
s = Strutil::sprintf("%s: %5.3f", spec.channelnames[i].c_str(),
data/openimageio-2.2.7.0+dfsg/src/iv/ivimage.cpp:93:32: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
m_shortinfo = Strutil::sprintf("%d x %d", spec().width, spec().height);
data/openimageio-2.2.7.0+dfsg/src/iv/ivimage.cpp:95:37: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
m_shortinfo += Strutil::sprintf(" x %d", spec().depth);
data/openimageio-2.2.7.0+dfsg/src/iv/ivimage.cpp:96:33: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
m_shortinfo += Strutil::sprintf(" x %d channel %s (%.2f MB)",
data/openimageio-2.2.7.0+dfsg/src/iv/ivimage.cpp:110:33: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string line = Strutil::sprintf("<tr><td><i>%s</i> : </td>",
data/openimageio-2.2.7.0+dfsg/src/iv/ivimage.cpp:112:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
line += Strutil::sprintf("<td>%s</td></tr>\n", value.c_str());
data/openimageio-2.2.7.0+dfsg/src/iv/ivimage.cpp:120:42: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return html_table_row(name, Strutil::sprintf("%d", value));
data/openimageio-2.2.7.0+dfsg/src/iv/ivimage.cpp:127:42: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return html_table_row(name, Strutil::sprintf("%g", value));
data/openimageio-2.2.7.0+dfsg/src/iv/ivimage.cpp:142:51: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("%d x %d pixels",
data/openimageio-2.2.7.0+dfsg/src/iv/ivimage.cpp:147:51: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("%d x %d x %d pixels",
data/openimageio-2.2.7.0+dfsg/src/iv/ivimage.cpp:162:35: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
"Data size", Strutil::sprintf("%.2f MB", (float)m_spec.image_bytes()
data/openimageio-2.2.7.0+dfsg/src/iv/ivimage.cpp:165:47: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("%d, %d, %d", m_spec.x,
data/openimageio-2.2.7.0+dfsg/src/iv/ivimage.cpp:168:47: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("%d x %d x %d",
data/openimageio-2.2.7.0+dfsg/src/iv/ivimage.cpp:174:40: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("%d, %d, %d", m_spec.full_x,
data/openimageio-2.2.7.0+dfsg/src/iv/ivimage.cpp:178:51: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("tiled %d x %d x %d",
data/openimageio-2.2.7.0+dfsg/src/iv/ivinfowin.cpp:59:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
newtitle = Strutil::sprintf("%s - iv Info", img->name().c_str());
data/openimageio-2.2.7.0+dfsg/src/iv/ivinfowin.cpp:62:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
newtitle = Strutil::sprintf("iv Info");
data/openimageio-2.2.7.0+dfsg/src/jpeg2000.imageio/jpeg2000input.cpp:159:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return ustring::sprintf("OpenJpeg %s", opj_version()).c_str();
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/compute_test.cpp:235:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Number of threads (default: %d)", numthreads));
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/compute_test.cpp:237:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Number of iterations (default: %d)", iterations));
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:219:41: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
channelnames.push_back(Strutil::sprintf("channel%d", c));
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:452:36: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
? ustring::sprintf("%dx%d%+d%+d", width, height, x, y)
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:453:36: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
: ustring::sprintf("%dx%dx%d%+d%+d%+d", width, height,
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:460:36: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
? ustring::sprintf("%dx%d%+d%+d", full_width,
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:462:36: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
: ustring::sprintf("%dx%dx%d%+d%+d%+d", full_width,
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:609:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return Strutil::sprintf("%g s", val);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:611:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return Strutil::sprintf("1/%g s", floor(1.0 / val));
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:620:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return Strutil::sprintf("f/%2.1f", powf(2.0f, *(float*)p.data() / 2.0f));
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:628:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return Strutil::sprintf("%s%s%s%s%s%s%s%s",
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:832:24: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out = Strutil::sprintf("\"%s\"", Strutil::escape_chars(out));
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:852:38: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
nice += Strutil::sprintf("%g", float(num) / float(den));
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:928:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return ustring::sprintf("uint%d", bits).c_str();
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:931:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return ustring::sprintf("int%d", bits).c_str();
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:941:40: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return (spec.depth > 1) ? Strutil::sprintf("%d x %d x %d", w, h, d)
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:942:40: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
: Strutil::sprintf("%d x %d", w, h);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:949:40: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return (spec.depth > 1) ? Strutil::sprintf("%d, %d, %d", x, y, z)
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:950:40: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
: Strutil::sprintf("%d, %d", x, y);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:1031:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
using Strutil::sprintf;
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:1034:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out << ((depth > 1) ? sprintf("%4d x %4d x %4d", width, height, depth)
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:1035:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
: sprintf("%4d x %4d", width, height));
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:1036:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out << sprintf(", %d channel, %s%s", nchannels, deep ? "deep " : "",
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:1040:20: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out << sprintf("%s%s", c ? "/" : "", channelformats[c].c_str());
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:1062:35: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
<< ((depth > 1) ? sprintf("x=%d, y=%d, z=%d", x, y, z)
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:1063:35: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
: sprintf("x=%d, y=%d", x, y))
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:1089:20: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out << sprintf(" %s: ", p.name());
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebuf.cpp:117:24: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
error(Strutil::sprintf(fmt, args...));
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_channels.cpp:261:33: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
name = Strutil::sprintf("channel%d", A.spec().nchannels + c);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_draw.cpp:796:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
result = Strutil::sprintf("Could not set font face to \"%s\"",
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_draw.cpp:804:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
result = Strutil::sprintf("Could not find font \"%s\"", font);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_opencv.cpp:412:41: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string datetime = Strutil::sprintf("%4d:%02d:%02d %02d:%02d:%02d",
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_test.cpp:47:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Number of threads (default: %d)", numthreads));
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_test.cpp:49:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Number of iterations (default: %d)", iterations));
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_test.cpp:908:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::cout << Strutil::sprintf(" %4d %7.3f ms %5.1f Mpels/s\n", nt,
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_test.cpp:925:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::cout << Strutil::sprintf(" %4d %6.2f ms %5.1f Mpels/s\n", nt,
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageinout_test.cpp:127:36: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string memname = Strutil::sprintf("mem.%s", extension);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageinout_test.cpp:178:36: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string memname = Strutil::sprintf("mem.%s", extension);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageinout_test.cpp:223:41: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string bad_filename = Strutil::sprintf("bad/bad.%s", extension);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageinout_test.cpp:268:41: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string filename = Strutil::sprintf("imageinout_test-%s.%s",
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageio.cpp:110:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out << Strutil::sprintf("%-25s%6d %7.3fs (avg %6.2f%s)\n",
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageioplugin.cpp:46:39: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
static std::string pattern = Strutil::sprintf(".imageio.%s",
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageioplugin.cpp:123:34: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
library_list += Strutil::sprintf("%s:%s", format_name, lib_version);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagespeed_test.cpp:56:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Number of threads (default: %d)", numthreads));
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagespeed_test.cpp:58:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Number of iterations (default: %d)", iterations));
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagespeed_test.cpp:62:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Autotile size (when used; default: %d)", autotile_size));
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagespeed_test.cpp:175:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
<< Strutil::sprintf("%5.1f", rate / 1.0e6) << " Mpel/s"
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagespeed_test.cpp:302:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
<< Strutil::sprintf("%5.1f", rate / 1.0e6) << " Mpel/s"
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagespeed_test.cpp:451:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
<< Strutil::sprintf("%5.1f", rate / 1.0e6) << " Mpel/s"
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/maketexture.cpp:133:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return Strutil::sprintf("%4d:%02d:%02d %02d:%02d:%02d", mytm.tm_year + 1900,
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/maketexture.cpp:561:18: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
s = Strutil::sprintf("%dx%d", spec.width, spec.height);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/maketexture.cpp:564:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
s += Strutil::sprintf("%+d%+d", spec.x, spec.y);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/maketexture.cpp:568:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
s += Strutil::sprintf("%dx%d", spec.full_width, spec.full_height);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/maketexture.cpp:570:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
s += Strutil::sprintf("%+d%+d", spec.full_x, spec.full_y);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/maketexture.cpp:847:39: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
outstream << Strutil::sprintf(" %-15s (%s)",
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/maketexture.cpp:929:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out += Strutil::sprintf("\"%s\"", stripped);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/maketexture.cpp:959:35: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
outstream << Strutil::sprintf(" %-25s %s (%s)\n", task, \
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/maketexture.cpp:1102:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
STATUS(Strutil::sprintf("read \"%s\"", src->name()), stat_readtime);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/maketexture.cpp:1561:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
outstream << Strutil::sprintf(
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/maketexture.cpp:1679:30: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
desc += Strutil::sprintf("%soiio:ConstantColor=%s",
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/maketexture.cpp:1695:30: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
desc += Strutil::sprintf("%soiio:AverageColor=%s",
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/xmp.cpp:544:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return Strutil::sprintf("%d", *(const int*)p->data());
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/xmp.cpp:549:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return Strutil::sprintf("%d/%d", num, den);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/xmp.cpp:551:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return Strutil::sprintf("%g", *(const float*)p->data());
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/xmp.cpp:629:30: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
x = Strutil::sprintf("%s=\"%s\"", xmpname, val);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/xmp.cpp:635:35: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
x += Strutil::sprintf("<rdf:li>%s</rdf:li>", val);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/xmp.cpp:638:30: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
x = Strutil::sprintf("<%s>%s</%s>", xmpname, val, xmpname);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/xmp.cpp:675:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
xmp = Strutil::sprintf("<%s><rdf:Bag> %s </rdf:Bag></%s>",
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/xmp.cpp:679:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
xmp = Strutil::sprintf("<%s><rdf:Seq> %s </rdf:Seq></%s>",
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/xmp.cpp:683:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
xmp = Strutil::sprintf("<%s><rdf:Alt> %s </rdf:Alt></%s>",
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/xmp.cpp:688:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
xmp = Strutil::sprintf("<%s>%s</%s>",
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/xmp.cpp:694:23: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r += Strutil::sprintf("<rdf:Description rdf:about=\"\" "
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:1671:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out << Strutil::sprintf("%7d ", i);
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:1675:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out << Strutil::sprintf(
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:1683:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out << Strutil::sprintf(
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:1691:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out << Strutil::sprintf("%3d face x%d.%s", file->subimages(),
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:1694:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out << Strutil::sprintf("%4dx%4dx%d.%s", spec.width, spec.height,
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:1799:38: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
#define INTOPT(name) opt += Strutil::sprintf(#name "=%d ", m_##name)
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:1802:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
opt += Strutil::sprintf(#name "=\"%s\" ", m_##name)
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:1803:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
opt += Strutil::sprintf("max_memory_MB=%0.1f ",
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:1911:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out << Strutil::sprintf(
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:1954:33: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out << Strutil::sprintf(
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:1968:33: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out << Strutil::sprintf(
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:1986:33: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out << Strutil::sprintf(" %d %6.2f MB/s (%.2fMB/%.2fs) ",
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:1994:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out << Strutil::sprintf(" (fastest was %.1f MB/s)\n", fast);
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:2004:37: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out << Strutil::sprintf(
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:2026:37: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out << Strutil::sprintf(" %4d %s\n", nprinted,
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:3428:46: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("%04d", udim_tile), true);
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:3430:46: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("u%d", utile), true);
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:3432:46: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("v%d", vtile), true);
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:3434:46: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("u%d", utile + 1), true);
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:3436:46: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("v%d", vtile + 1), true);
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache_pvt.h:1023:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
append_error(Strutil::sprintf(fmt, args...));
data/openimageio-2.2.7.0+dfsg/src/libtexture/texture_pvt.h:543:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
append_error(Strutil::sprintf(fmt, args...));
data/openimageio-2.2.7.0+dfsg/src/libtexture/texturesys.cpp:382:38: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
#define INTOPT(name) opt += Strutil::sprintf(#name "=%d ", m_##name)
data/openimageio-2.2.7.0+dfsg/src/libtexture/texturesys.cpp:385:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
opt += Strutil::sprintf(#name "=\"%s\" ", m_##name)
data/openimageio-2.2.7.0+dfsg/src/libtexture/texturesys.cpp:410:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out << Strutil::sprintf(" Average anisotropic probes : %.3g\n",
data/openimageio-2.2.7.0+dfsg/src/libtexture/texturesys.cpp:414:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
out << Strutil::sprintf(" Average anisotropic probes : 0\n");
data/openimageio-2.2.7.0+dfsg/src/libtexture/texturesys.cpp:415:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out << Strutil::sprintf(" Max anisotropy in the wild : %.3g\n",
data/openimageio-2.2.7.0+dfsg/src/libtexture/texturesys.cpp:2924:36: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
visualize_ellipse(Strutil::sprintf("%04d.tif", 100 + i), dsdx, dtdx,
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.cpp:267:3: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(tszReport, tszTemp);
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.cpp:272:4: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(tszTemp, 15, lpFmt, m_digest[i]);
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.cpp:273:4: [4] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
_tcscat(tszReport, tszTemp);
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.cpp:279:3: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(tszReport, tszTemp);
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.cpp:284:4: [4] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
_tcscat(tszReport, tszTemp);
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.h:166:18: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _tprintf printf
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.h:170:9: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
#define _tcscpy strcpy
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.h:170:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define _tcscpy strcpy
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.h:171:9: [4] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
#define _tcscat strcat
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.h:171:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define _tcscat strcat
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.h:172:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define _sntprintf snprintf
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.h:172:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define _sntprintf snprintf
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.h:298:8: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
#undef _tcscpy
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.h:299:8: [4] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
#undef _tcscat
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.h:300:8: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#undef _sntprintf
data/openimageio-2.2.7.0+dfsg/src/libutil/argparse.cpp:166:33: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
m_errmessage = Strutil::sprintf(fmt, args...);
data/openimageio-2.2.7.0+dfsg/src/libutil/argparse.cpp:966:35: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
h += Strutil::sprintf(" (default: %s)",
data/openimageio-2.2.7.0+dfsg/src/libutil/atomic_test.cpp:188:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Number of threads (default: %d)", numthreads));
data/openimageio-2.2.7.0+dfsg/src/libutil/atomic_test.cpp:190:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Number of iterations (default: %d)", iterations));
data/openimageio-2.2.7.0+dfsg/src/libutil/benchmark.cpp:147:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out << Strutil::sprintf("%-16s: %s", bench.m_name,
data/openimageio-2.2.7.0+dfsg/src/libutil/benchmark.cpp:150:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out << Strutil::sprintf("%-16s: %6.1f %s (+/-%4.1f%s), ", bench.name(),
data/openimageio-2.2.7.0+dfsg/src/libutil/benchmark.cpp:158:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out << Strutil::sprintf("%6.1f %c/s", (1.0f / ratescale) / bench.avg(),
data/openimageio-2.2.7.0+dfsg/src/libutil/benchmark.cpp:161:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out << Strutil::sprintf("%6.1f %cvals/s, %.1f %ccalls/s",
data/openimageio-2.2.7.0+dfsg/src/libutil/benchmark.cpp:166:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out << Strutil::sprintf(" (%dx%d, rng=%.1f%%, med=%.1f)",
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem.cpp:43:31: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
using error_code = boost::system::error_code;
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem.cpp:702:24: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
fmt = Strutil::sprintf("%%0%dd", padding);
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem.cpp:722:34: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string f = Strutil::sprintf(pattern.c_str(), n);
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem.cpp:744:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
f = Strutil::sprintf(f.c_str(), numbers[i]);
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem_test.cpp:425:35: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string fn = Strutil::sprintf("foo.%04d.exr", i);
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem_test.cpp:446:35: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string fn = Strutil::sprintf("left/l/foo_left_l.%04d.exr", i);
data/openimageio-2.2.7.0+dfsg/src/libutil/filter_test.cpp:43:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Number of iterations (default: %d)", iterations));
data/openimageio-2.2.7.0+dfsg/src/libutil/fmath_test.cpp:42:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Number of iterations (default: %d)", iterations));
data/openimageio-2.2.7.0+dfsg/src/libutil/hash_test.cpp:175:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Number of iterations (default: %d)", iterations));
data/openimageio-2.2.7.0+dfsg/src/libutil/parallel_test.cpp:42:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Number of threads (default: %d)", numthreads));
data/openimageio-2.2.7.0+dfsg/src/libutil/parallel_test.cpp:44:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Number of iterations (default: %d)", iterations));
data/openimageio-2.2.7.0+dfsg/src/libutil/paramlist.cpp:89:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(temp.c_str(), type_code, &data[i]);
data/openimageio-2.2.7.0+dfsg/src/libutil/paramlist.cpp:256:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out += Strutil::sprintf(formatString, f[0]);
data/openimageio-2.2.7.0+dfsg/src/libutil/paramlist.cpp:296:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out += Strutil::sprintf(
data/openimageio-2.2.7.0+dfsg/src/libutil/paramlist.cpp:323:39: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out = Strutil::sprintf("%d/%d", val[0], val[1]);
data/openimageio-2.2.7.0+dfsg/src/libutil/paramlist.cpp:331:39: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out = Strutil::sprintf("%d/%d", val[0], val[1]);
data/openimageio-2.2.7.0+dfsg/src/libutil/paramlist.cpp:340:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out += Strutil::sprintf("%02d:%02d:%02d:%02d", hours, minutes,
data/openimageio-2.2.7.0+dfsg/src/libutil/paramlist.cpp:361:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out += Strutil::sprintf("<unknown data type> (base %d, agg %d vec %d)",
data/openimageio-2.2.7.0+dfsg/src/libutil/simd_test.cpp:50:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Number of iterations (default: %d)", iterations));
data/openimageio-2.2.7.0+dfsg/src/libutil/simd_test.cpp:527:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
test_heading (Strutil::sprintf("test converting %s to uint16", VEC::type_name()));
data/openimageio-2.2.7.0+dfsg/src/libutil/simd_test.cpp:543:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
test_heading (Strutil::sprintf("test converting %s to uint8", VEC::type_name()));
data/openimageio-2.2.7.0+dfsg/src/libutil/spin_rw_test.cpp:88:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Number of threads (default: %d)", numthreads));
data/openimageio-2.2.7.0+dfsg/src/libutil/spin_rw_test.cpp:90:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Number of iterations (default: %d)", iterations));
data/openimageio-2.2.7.0+dfsg/src/libutil/spin_rw_test.cpp:94:23: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Reader::writer ratio (default: %d)", read_write_ratio));
data/openimageio-2.2.7.0+dfsg/src/libutil/spinlock_test.cpp:98:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Number of threads (default: %d)", numthreads));
data/openimageio-2.2.7.0+dfsg/src/libutil/spinlock_test.cpp:100:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Number of iterations (default: %d)", iterations));
data/openimageio-2.2.7.0+dfsg/src/libutil/stb_sprintf.h:176:43: [4] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
STBSP__PUBLICDEF int STB_SPRINTF_DECORATE(vsprintf)(char *buf, char const *fmt, va_list va);
data/openimageio-2.2.7.0+dfsg/src/libutil/stb_sprintf.h:177:43: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
STBSP__PUBLICDEF int STB_SPRINTF_DECORATE(vsnprintf)(char *buf, int count, char const *fmt, va_list va);
data/openimageio-2.2.7.0+dfsg/src/libutil/stb_sprintf.h:178:43: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
STBSP__PUBLICDEF int STB_SPRINTF_DECORATE(sprintf)(char *buf, char const *fmt, ...);
data/openimageio-2.2.7.0+dfsg/src/libutil/stb_sprintf.h:179:43: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
STBSP__PUBLICDEF int STB_SPRINTF_DECORATE(snprintf)(char *buf, int count, char const *fmt, ...);
data/openimageio-2.2.7.0+dfsg/src/libutil/stb_sprintf.h:1332:43: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
STBSP__PUBLICDEF int STB_SPRINTF_DECORATE(sprintf)(char *buf, char const *fmt, ...)
data/openimageio-2.2.7.0+dfsg/src/libutil/stb_sprintf.h:1382:44: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
STBSP__PUBLICDEF int STB_SPRINTF_DECORATE( vsnprintf )( char * buf, int count, char const * fmt, va_list va )
data/openimageio-2.2.7.0+dfsg/src/libutil/stb_sprintf.h:1414:43: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
STBSP__PUBLICDEF int STB_SPRINTF_DECORATE(snprintf)(char *buf, int count, char const *fmt, ...)
data/openimageio-2.2.7.0+dfsg/src/libutil/stb_sprintf.h:1420:34: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
result = STB_SPRINTF_DECORATE(vsnprintf)(buf, count, fmt, va);
data/openimageio-2.2.7.0+dfsg/src/libutil/stb_sprintf.h:1426:43: [4] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
STBSP__PUBLICDEF int STB_SPRINTF_DECORATE(vsprintf)(char *buf, char const *fmt, va_list va)
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil.cpp:154:10: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::vsprintf(const char* fmt, va_list ap)
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil.cpp:205:12: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
return vsprintf(fmt, ap);
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil.cpp:371:35: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string allsep = Strutil::sprintf("%s%s", sep, presep);
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:24:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
OIIO_CHECK_EQUAL(Strutil::sprintf("%d %f %g", int(3), 3.14f, 3.14f),
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:28:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
OIIO_CHECK_EQUAL(Strutil::sprintf("'%3d' '%03d' '%-3d'", 3, 3, 3),
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:30:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
OIIO_CHECK_EQUAL(Strutil::sprintf("%+d%+d%+d", 3, -3, 0), "+3-3+0");
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:31:31: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
OIIO_CHECK_EQUAL(Strutil::sprintf("foo"), "foo");
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:32:31: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
OIIO_CHECK_EQUAL(Strutil::sprintf("%%foo"), "%foo");
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:33:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
OIIO_CHECK_EQUAL(Strutil::sprintf("%d", int16_t(0xffff)), "-1");
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:34:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
OIIO_CHECK_EQUAL(Strutil::sprintf("%u", uint16_t(0xffff)), "65535");
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:35:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
OIIO_CHECK_EQUAL(Strutil::sprintf("%d", int32_t(0xffffffff)), "-1");
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:36:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
OIIO_CHECK_EQUAL(Strutil::sprintf("%u", uint32_t(0xffffffff)), "4294967295");
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:37:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
OIIO_CHECK_EQUAL(Strutil::sprintf("%d", int64_t(0xffffffffffffffff)), "-1");
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:38:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
OIIO_CHECK_EQUAL(Strutil::sprintf("%u", uint64_t(0xffffffffffffffff)), "18446744073709551615");
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:72:71: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
bench ("Strutil::sprintf(\"%g\")", [&](){ DoNotOptimize (Strutil::sprintf("%g",123.45f)); });
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:77:71: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
bench ("Strutil::sprintf(\"%d\")", [&](){ DoNotOptimize (Strutil::sprintf("%g",123.0f)); });
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:82:36: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
DoNotOptimize (std::sprintf(buffer,"%g %d %s %d %s %g", 123.45f, 1234, "foobar", 42, "kablooey", 3.14159f));
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:85:40: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
DoNotOptimize (Strutil::sprintf("%g %d %s %d %s %g", 123.45f, 1234, "foobar", 42, "kablooey", 3.14159f));
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:526:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("%s%s", longstring, longstring));
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:654:50: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
OIIO_CHECK_EQUAL (Strutil::stoi(Strutil::sprintf("%d",i)), i);
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:1060:35: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
OIIO_CHECK_EQUAL(Strutil::sprintf("%g", 123.45f), "123.45");
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:1061:35: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
OIIO_CHECK_EQUAL(Strutil::sprintf("%d", 12345), "12345");
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:1098:37: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string tiny = Strutil::sprintf("%.9g", *f);
data/openimageio-2.2.7.0+dfsg/src/libutil/sysutil.cpp:466:24: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
ret = Strutil::sprintf("\033[38;2;%d;%d;%dm", r, g, b);
data/openimageio-2.2.7.0+dfsg/src/libutil/sysutil.cpp:481:24: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
ret = Strutil::sprintf("\033[48;2;%d;%d;%dm", r, g, b);
data/openimageio-2.2.7.0+dfsg/src/libutil/sysutil.cpp:525:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(newcmd.c_str()) != -1)
data/openimageio-2.2.7.0+dfsg/src/libutil/thread_test.cpp:41:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Number of threads (default: %d)", numthreads));
data/openimageio-2.2.7.0+dfsg/src/libutil/thread_test.cpp:43:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Number of iterations (default: %d)", iterations));
data/openimageio-2.2.7.0+dfsg/src/libutil/thread_test.cpp:120:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::cout << Strutil::sprintf("%2d\t%5.1f launch %8.1f threads/sec\n",
data/openimageio-2.2.7.0+dfsg/src/libutil/typedesc.cpp:214:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
result += Strutil::sprintf("[%d]", arraylen);
data/openimageio-2.2.7.0+dfsg/src/libutil/typedesc.cpp:358:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
val += Strutil::sprintf(format, *v);
data/openimageio-2.2.7.0+dfsg/src/libutil/typedesc.cpp:387:33: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
val += Strutil::sprintf(format, *v ? Strutil::escape_chars(*v)
data/openimageio-2.2.7.0+dfsg/src/libutil/typedesc.cpp:390:33: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
val += Strutil::sprintf(format, *v ? *v : "");
data/openimageio-2.2.7.0+dfsg/src/libutil/typedesc.cpp:527:33: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out += Strutil::sprintf("%u/%u", val[0], val[1]);
data/openimageio-2.2.7.0+dfsg/src/libutil/typedesc.cpp:538:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return Strutil::sprintf("%02d:%02d:%02d:%02d", hours, minutes,
data/openimageio-2.2.7.0+dfsg/src/libutil/typedesc.cpp:553:33: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out += Strutil::sprintf("%d/%d", val[0], val[1]);
data/openimageio-2.2.7.0+dfsg/src/libutil/typedesc.cpp:595:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return Strutil::sprintf("<unknown data type> (base %d, agg %d vec %d)",
data/openimageio-2.2.7.0+dfsg/src/libutil/ustring_test.cpp:62:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Number of threads (default: %d)", numthreads));
data/openimageio-2.2.7.0+dfsg/src/libutil/ustring_test.cpp:64:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Number of iterations (default: %d)", iterations));
data/openimageio-2.2.7.0+dfsg/src/libutil/ustring_test.cpp:92:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
ustring::sprintf("%s%s", longstring, longstring));
data/openimageio-2.2.7.0+dfsg/src/maketx/maketx.cpp:429:20: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
= Strutil::sprintf("OpenImageIO %s : %s", OIIO_VERSION_STRING,
data/openimageio-2.2.7.0+dfsg/src/nuke/txWriter/txWriter.cpp:323:41: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string software = Strutil::sprintf("OpenImageIO %s, Nuke %s",
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:193:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return Strutil::sprintf("%dx%d%+d%+d", w, h, x, y);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:201:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return Strutil::sprintf("%dx%dx%d%+d%+d%+d", w, h, d, x, y, z);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:730:41: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string software = Strutil::sprintf("OpenImageIO %s : %s",
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:1167:40: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("unknown attribute name `%s'",
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:1174:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
result = Strutil::sprintf("%g", floatval);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:1178:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
result = Strutil::sprintf("%d", ot.frame_number);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:1182:42: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
: Strutil::sprintf("\"%%0%dd\"",
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:1184:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
result = Strutil::sprintf(fmt.c_str(), ot.frame_number);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:1247:40: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("expected number but got `%s'",
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:1268:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
result = Strutil::sprintf("%g", lval);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:1323:40: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("`%s' is not a number", atom));
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:1336:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
result = Strutil::sprintf("%g", lval);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:1388:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
ustring result = ustring::sprintf("%s%s%s", prefix, express_impl(expr),
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:2275:36: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
newname = Strutil::sprintf("channel%d", c);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:3619:33: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
command += Strutil::sprintf(":filter=%s", filtername);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:4490:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
configspec.attribute("wrapmodes", Strutil::sprintf("%s,%s", swrap, twrap));
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:4614:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
= ustring::sprintf(filename.c_str(), i + startnumber).c_str();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:5185:20: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
= Strutil::sprintf("OIIO %s built %s, running on %d cores %.1fGB %s",
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:6057:22: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
Strutil::printf(timeformat, func->first, t);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:6060:18: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
Strutil::printf(timeformat, "unaccounted", std::max(unaccounted, 0.0));
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.h:232:33: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
error(command, Strutil::sprintf(fmt, args...));
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.h:239:35: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
warning(command, Strutil::sprintf(fmt, args...));
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.h:269:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
err = Strutil::sprintf("\"%s\": %s", filename, err);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.h:502:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
append_error(Strutil::sprintf(fmt, args...));
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:110:22: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
Strutil::printf(std::is_signed<T>::value ? "%s%d" : "%s%u",
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:200:47: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::cout << Strutil::sprintf("%d, %d, %d", x + spec.x,
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:203:47: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::cout << Strutil::sprintf("%d, %d", x + spec.x,
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:556:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return ustring::sprintf("f%d", bits).c_str();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:558:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return ustring::sprintf("i%d", bits).c_str();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:560:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return ustring::sprintf("u%d", bits).c_str();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:575:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
using Strutil::sprintf;
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:594:45: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
lines.insert(lines.begin() + 1, sprintf(" SHA-1: %s", sha));
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:596:45: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
lines.insert(lines.begin() + 1, sprintf("<SHA1>%s</SHA1>", sha));
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:602:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string mipdesc = sprintf(" MIP-map levels: %dx%d", spec.width,
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:605:24: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
mipdesc += sprintf(" %dx%d", mipspec.width, mipspec.height);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:616:37: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
lines[0] = Strutil::sprintf("%s%s : ", filename, padding)
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:619:37: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
lines[0] = Strutil::sprintf(" subimage %2d: ", current_subimage)
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:624:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
lines[0] += sprintf(" (%.2f MB)",
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:627:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
lines[0] += sprintf(" %s", input->format_name());
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:631:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
lines[0] += sprintf(" (%d subimages%s)", num_of_subimages,
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:637:30: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(" subimage 0: %s %s", orig_line0,
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:645:26: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf("<miplevels>%d</miplevels>", nmip));
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:647:45: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
lines.insert(lines.begin() + 1, sprintf("<subimages>%d</subimages>",
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:655:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string s = sprintf(" %d subimages: ", num_of_subimages);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:664:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
s += sprintf("%dx%dx%d ", spec.width, spec.height, spec.depth);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:666:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
s += sprintf("%dx%d ", spec.width, spec.height);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:668:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
s += sprintf("%c%s", c ? ',' : '[',
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:716:30: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::cout << sprintf("%s : ", filename);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:718:30: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::cout << sprintf(" MIP %d of %d (%d x %d):\n", m, nmip,
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:737:30: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
error = Strutil::sprintf("Could not open \"%s\"", filename);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:761:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
= Strutil::sprintf("Regex error '%s' on metamatch regex \"%s\"",
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:779:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
= Strutil::sprintf("Regex error '%s' on metamatch regex \"%s\"",
data/openimageio-2.2.7.0+dfsg/src/openexr.imageio/exroutput.cpp:654:55: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
: Strutil::sprintf("unknown %d", c);
data/openimageio-2.2.7.0+dfsg/src/openexr.imageio/exroutput.cpp:703:37: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string date = Strutil::sprintf("%4d:%02d:%02d %02d:%02d:%02d",
data/openimageio-2.2.7.0+dfsg/src/openexr.imageio/exroutput.cpp:752:34: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string n = Strutil::sprintf("subimage%02d", subimage);
data/openimageio-2.2.7.0+dfsg/src/openexr.imageio/exroutput.cpp:1266:51: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
m_spec.channelnames[c] = Strutil::sprintf("channel%d", c);
data/openimageio-2.2.7.0+dfsg/src/png.imageio/png_pvt.h:185:41: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("GammaCorrected%.2g", g));
data/openimageio-2.2.7.0+dfsg/src/png.imageio/png_pvt.h:208:37: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string date = Strutil::sprintf("%4d:%02d:%02d %02d:%02d:%02d",
data/openimageio-2.2.7.0+dfsg/src/png.imageio/png_pvt.h:350:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return Strutil::sprintf("Image resolution must be at least 1x1, "
data/openimageio-2.2.7.0+dfsg/src/png.imageio/png_pvt.h:376:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return Strutil::sprintf("PNG only supports 1-4 channels, not %d",
data/openimageio-2.2.7.0+dfsg/src/png.imageio/png_pvt.h:548:37: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string date = Strutil::sprintf("%4d:%02d:%02d %02d:%02d:%02d",
data/openimageio-2.2.7.0+dfsg/src/ptex.imageio/ptexinput.cpp:87:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return ustring::sprintf("Ptex %d.%d", PtexLibraryMajorVersion,
data/openimageio-2.2.7.0+dfsg/src/python/py_imageoutput.cpp:222:34: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("Unknown open mode '%s'", modestr));
data/openimageio-2.2.7.0+dfsg/src/python/py_oiio.cpp:97:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
error = Strutil::sprintf(
data/openimageio-2.2.7.0+dfsg/src/python/py_oiio.cpp:141:35: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
error = Strutil::sprintf(
data/openimageio-2.2.7.0+dfsg/src/python/py_oiio.cpp:151:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
error = Strutil::sprintf(
data/openimageio-2.2.7.0+dfsg/src/python/py_oiio.cpp:166:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
error = Strutil::sprintf(
data/openimageio-2.2.7.0+dfsg/src/python/py_oiio.cpp:171:26: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
error = Strutil::sprintf(
data/openimageio-2.2.7.0+dfsg/src/python/py_roi.cpp:65:58: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
[](const ROI& roi) { return PY_STR(Strutil::sprintf("%s", roi)); })
data/openimageio-2.2.7.0+dfsg/src/raw.imageio/rawinput.cpp:211:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return ustring::sprintf("libraw %s", libraw_version()).c_str();
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rla_pvt.h:155:30: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string s = Strutil::sprintf(fmt, args...);
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rlainput.cpp:120:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out << Strutil::sprintf("%d/%u %d/%u %d/%u %d/%u (%d %d) (%u)\n",
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rlainput.cpp:359:43: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("%4d:%02d:%02d %02d:%02d:00",
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rlainput.cpp:401:39: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("GammaCorrected%.2g", gamma));
data/openimageio-2.2.7.0+dfsg/src/socket.imageio/socketinput.cpp:100:21: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
} catch (boost::system::system_error& err) {
data/openimageio-2.2.7.0+dfsg/src/socket.imageio/socketinput.cpp:123:21: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
} catch (boost::system::system_error& err) {
data/openimageio-2.2.7.0+dfsg/src/socket.imageio/socketinput.cpp:164:21: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
} catch (boost::system::system_error& err) {
data/openimageio-2.2.7.0+dfsg/src/socket.imageio/socketinput.cpp:191:21: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
} catch (boost::system::system_error& err) {
data/openimageio-2.2.7.0+dfsg/src/socket.imageio/socketoutput.cpp:68:21: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
} catch (boost::system::system_error& err) {
data/openimageio-2.2.7.0+dfsg/src/socket.imageio/socketoutput.cpp:92:21: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
} catch (boost::system::system_error& err) {
data/openimageio-2.2.7.0+dfsg/src/socket.imageio/socketoutput.cpp:133:21: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
} catch (boost::system::system_error& err) {
data/openimageio-2.2.7.0+dfsg/src/socket.imageio/socketoutput.cpp:166:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code err = error::host_not_found;
data/openimageio-2.2.7.0+dfsg/src/socket.imageio/socketoutput.cpp:175:21: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
} catch (boost::system::system_error& err) {
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:364:47: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("GammaCorrected%.2g",
data/openimageio-2.2.7.0+dfsg/src/testtex/testtex.cpp:149:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Set max anisotropy (default: %d)", anisomax));
data/openimageio-2.2.7.0+dfsg/src/testtex/testtex.cpp:161:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
.help(Strutil::sprintf("Use batched shading, batch size = %d", Tex::BatchWidth));
data/openimageio-2.2.7.0+dfsg/src/testtex/testtex.cpp:1036:37: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
ustring filename = ustring::sprintf("%06d.tif", f);
data/openimageio-2.2.7.0+dfsg/src/testtex/testtex.cpp:1056:47: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::cout << "Hashing rate: " << Strutil::sprintf("%3.2f", rate)
data/openimageio-2.2.7.0+dfsg/src/testtex/testtex.cpp:1540:35: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::cout << Strutil::sprintf(
data/openimageio-2.2.7.0+dfsg/src/testtex/testtex.cpp:1631:35: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::cout << Strutil::sprintf(
data/openimageio-2.2.7.0+dfsg/src/tiff.imageio/tiffinput.cpp:490:39: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
oiio_tiff_last_error() = Strutil::vsprintf(format, ap);
data/openimageio-2.2.7.0+dfsg/src/tiff.imageio/tiffinput.cpp:1023:55: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
m_spec.channelnames[c] = Strutil::sprintf("channel%d", c);
data/openimageio-2.2.7.0+dfsg/src/tiff.imageio/tiffinput.cpp:1262:59: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
m_spec.channelnames.emplace_back(Strutil::sprintf("ink%d", i));
data/openimageio-2.2.7.0+dfsg/src/tiff.imageio/tiffoutput.cpp:562:50: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Strutil::sprintf("ink%d", i));
data/openimageio-2.2.7.0+dfsg/src/tiff.imageio/tiffoutput.cpp:623:37: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string date = Strutil::sprintf("%4d:%02d:%02d %02d:%02d:%02d",
data/openimageio-2.2.7.0+dfsg/src/webp.imageio/webpinput.cpp:177:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return ustring::sprintf("Webp %d.%d.%d", v >> 16, (v >> 8) & 255, v & 255)
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/fstream_mingw.h:117:15: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
this->setstate(std::ios_base::failbit);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/fstream_mingw.h:125:15: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
this->setstate(std::ios_base::failbit);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/fstream_mingw.h:130:15: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
this->setstate(std::ios_base::failbit);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/fstream_mingw.h:175:15: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
this->setstate(std::ios_base::failbit);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/fstream_mingw.h:245:15: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
this->setstate(std::ios_base::failbit);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/fstream_mingw.h:253:15: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
this->setstate(std::ios_base::failbit);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/fstream_mingw.h:258:15: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
this->setstate(std::ios_base::failbit);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/fstream_mingw.h:305:15: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
this->setstate(std::ios_base::failbit);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/sysutil.h:68:1: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
getenv(string_view name);
data/openimageio-2.2.7.0+dfsg/src/iv/imageviewer.cpp:105:40: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
float gam = Strutil::stof(Sysutil::getenv("GAMMA"));
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/color_ocio.cpp:309:44: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
string_view ocioenv = Sysutil::getenv("OCIO");
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_draw.cpp:719:37: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
string_view home = Sysutil::getenv("HOME");
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_draw.cpp:726:43: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
string_view systemRoot = Sysutil::getenv("SystemRoot");
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_draw.cpp:740:51: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
string_view OpenImageIOrootdir = Sysutil::getenv("OpenImageIO_ROOT");
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_draw.cpp:747:44: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
string_view oiiorootdir = Sysutil::getenv("OPENIMAGEIO_ROOT_DIR");
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_draw.cpp:754:44: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
string_view oiiohomedir = Sysutil::getenv("OPENIMAGEIOHOME");
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageio.cpp:30:48: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
int n = Strutil::from_string<int>(Sysutil::getenv("OPENIMAGEIO_THREADS"));
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageio.cpp:50:37: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
static const char* oiio_debug_env = getenv("OPENIMAGEIO_DEBUG");
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageio.cpp:57:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
Sysutil::getenv("OPENIMAGEIO_LOG_TIMES"));
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageio.cpp:134:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
auto options = Sysutil::getenv("OPENIMAGEIO_OPTIONS");
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageio.cpp:245:36: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* filename = getenv("OPENIMAGEIO_DEBUG_FILE");
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageioplugin.cpp:411:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* path = getenv(env);
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:1621:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* options = getenv("OPENIMAGEIO_IMAGECACHE_OPTIONS");
data/openimageio-2.2.7.0+dfsg/src/libtexture/texturesys.cpp:345:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* options = getenv("OPENIMAGEIO_TEXTURE_OPTIONS");
data/openimageio-2.2.7.0+dfsg/src/libutil/sysutil.cpp:274:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
Sysutil::getenv(string_view name)
data/openimageio-2.2.7.0+dfsg/src/libutil/sysutil.cpp:276:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
return string_view(::getenv(name.c_str()));
data/openimageio-2.2.7.0+dfsg/src/libutil/sysutil.cpp:403:41: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
string_view TERM = Sysutil::getenv("TERM");
data/openimageio-2.2.7.0+dfsg/src/libutil/thread.cpp:91:48: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
int n = Strutil::from_string<int>(Sysutil::getenv("OPENIMAGEIO_THREADS"));
data/openimageio-2.2.7.0+dfsg/src/term.imageio/termoutput.cpp:137:31: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
string_view TERM(Sysutil::getenv("TERM"));
data/openimageio-2.2.7.0+dfsg/src/term.imageio/termoutput.cpp:138:39: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
string_view TERM_PROGRAM(Sysutil::getenv("TERM_PROGRAM"));
data/openimageio-2.2.7.0+dfsg/src/term.imageio/termoutput.cpp:139:47: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
string_view TERM_PROGRAM_VERSION(Sysutil::getenv("TERM_PROGRAM_VERSION"));
data/openimageio-2.2.7.0+dfsg/src/testtex/testtex.cpp:1436:42: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
string_view testtex_batch = Sysutil::getenv("TESTTEX_BATCH");
data/openimageio-2.2.7.0+dfsg/src/bmp.imageio/bmp_pvt.h:125:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& spec) override;
data/openimageio-2.2.7.0+dfsg/src/bmp.imageio/bmp_pvt.h:159:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, const ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/bmp.imageio/bmpinput.cpp:35:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = Filesystem::fopen(filename, "rb");
data/openimageio-2.2.7.0+dfsg/src/bmp.imageio/bmpinput.cpp:47:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
BmpInput::open(const std::string& name, ImageSpec& spec)
data/openimageio-2.2.7.0+dfsg/src/bmp.imageio/bmpinput.cpp:52:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_fd = Filesystem::fopen(m_filename, "rb");
data/openimageio-2.2.7.0+dfsg/src/bmp.imageio/bmpinput.cpp:160:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, fscanline.get(), m_spec.scanline_bytes());
data/openimageio-2.2.7.0+dfsg/src/bmp.imageio/bmpinput.cpp:211:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &mscanline[0], scanline_bytes);
data/openimageio-2.2.7.0+dfsg/src/bmp.imageio/bmpoutput.cpp:38:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
BmpOutput::open(const std::string& name, const ImageSpec& spec, OpenMode mode)
data/openimageio-2.2.7.0+dfsg/src/bmp.imageio/bmpoutput.cpp:65:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_fd = Filesystem::fopen(m_filename, "wb");
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/cineoninput.cpp:24:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec) override;
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/cineoninput.cpp:77:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
CineonInput::open(const std::string& name, ImageSpec& newspec)
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/cineoninput.cpp:111:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3];
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/CineonHeader.cpp:511:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(edge, "%02u%02u%02u%06u%04u",
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/CineonHeader.cpp:522:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[7];
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/CineonHeader.cpp:544:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32];
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/CineonHeader.cpp:561:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32];
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/CineonHeader.h:1456:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xy, this->whitePoint, sizeof(xy[0]) * 2);
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/CineonHeader.h:1461:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->whitePoint, xy, sizeof(this->whitePoint[0]) * 2);
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/CineonHeader.h:1466:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xy, this->redPrimary, sizeof(xy[0]) * 2);
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/CineonHeader.h:1471:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->redPrimary, xy, sizeof(this->redPrimary[0]) * 2);
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/CineonHeader.h:1476:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xy, this->greenPrimary, sizeof(xy[0]) * 2);
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/CineonHeader.h:1481:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->greenPrimary, xy, sizeof(this->greenPrimary[0]) * 2);
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/CineonHeader.h:1486:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xy, this->bluePrimary, sizeof(xy[0]) * 2);
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/CineonHeader.h:1491:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->bluePrimary, xy, sizeof(this->bluePrimary[0]) * 2);
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/InStream.cpp:58:36: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((this->fp = OIIO::Filesystem::fopen(f, "rb")) == 0)
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/OutStream.cpp:58:36: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((this->fp = OIIO::Filesystem::fopen(f, "wb")) == 0)
data/openimageio-2.2.7.0+dfsg/src/dds.imageio/ddsinput.cpp:30:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec) override;
data/openimageio-2.2.7.0+dfsg/src/dds.imageio/ddsinput.cpp:131:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
DDSInput::open(const std::string& name, ImageSpec& newspec)
data/openimageio-2.2.7.0+dfsg/src/dds.imageio/ddsinput.cpp:135:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_file = Filesystem::fopen(name, "rb");
data/openimageio-2.2.7.0+dfsg/src/dds.imageio/ddsinput.cpp:637:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &m_buf[0] + z * m_spec.height * size + y * size, size);
data/openimageio-2.2.7.0+dfsg/src/dds.imageio/ddsinput.cpp:680:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &m_buf[0], m_spec.tile_bytes());
data/openimageio-2.2.7.0+dfsg/src/dicom.imageio/dicominput.cpp:44:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec) override;
data/openimageio-2.2.7.0+dfsg/src/dicom.imageio/dicominput.cpp:45:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/dicom.imageio/dicominput.cpp:90:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
DICOMInput::open(const std::string& name, ImageSpec& newspec)
data/openimageio-2.2.7.0+dfsg/src/dicom.imageio/dicominput.cpp:94:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(name, newspec, config);
data/openimageio-2.2.7.0+dfsg/src/dicom.imageio/dicominput.cpp:100:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
DICOMInput::open(const std::string& name, ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/dicom.imageio/dicominput.cpp:337:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, m_internal_data + y * size, size);
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/dpxinput.cpp:33:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec) override;
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/dpxinput.cpp:34:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/dpxinput.cpp:138:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
DPXInput::open(const std::string& name, ImageSpec& newspec)
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/dpxinput.cpp:175:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
DPXInput::open(const std::string& name, ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/dpxinput.cpp:185:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(name, newspec);
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/dpxinput.cpp:373:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[24];
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/dpxinput.cpp:381:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32 + 1];
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/dpxinput.cpp:499:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[24];
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/dpxoutput.cpp:41:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, const ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/dpxoutput.cpp:43:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, int subimages,
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/dpxoutput.cpp:145:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
DPXOutput::open(const std::string& name, int subimages, const ImageSpec* specs)
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/dpxoutput.cpp:155:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(name, m_subimage_specs[0], Create);
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/dpxoutput.cpp:161:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
DPXOutput::open(const std::string& name, const ImageSpec& userspec,
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/dpxoutput.cpp:631:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, data, m_spec.scanline_bytes());
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/dpxoutput.cpp:729:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_dpx.header.filmManufacturingIdCode, ss.str().c_str(), 2);
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/dpxoutput.cpp:737:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_dpx.header.filmType, ss.str().c_str(), 2);
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/dpxoutput.cpp:745:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_dpx.header.prefix, ss.str().c_str(), 6);
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/dpxoutput.cpp:753:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_dpx.header.count, ss.str().c_str(), 4);
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/dpxoutput.cpp:761:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_dpx.header.perfsOffset, ss.str().c_str(), 2);
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/DPXColorConverter.cpp:45:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, &input[i * 4], sizeof(DATA) * 2);
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/DPXColorConverter.cpp:117:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&output[i * 3], RGB, sizeof(DATA) * 3);
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/DPXColorConverter.cpp:132:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&output[i * 4], RGBA, sizeof(DATA) * 4);
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/DPXColorConverter.cpp:420:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&output[i * 3], CbYCr, sizeof(DATA) * 3);
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/DPXColorConverter.cpp:435:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&output[i * 4], CbYCrA, sizeof(DATA) * 4);
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/DPXHeader.cpp:690:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
::sprintf(str, "%c%c:%c%c:%c%c:%c%c",
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/DPXHeader.cpp:701:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
::sprintf(str, "%c%c:%c%c:%c%c:%c%c",
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/DPXHeader.cpp:768:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32];
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/DPXHeader.cpp:784:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32];
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/OutStream.cpp:56:36: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((this->fp = OIIO::Filesystem::fopen(f, "wb")) == 0)
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/ReaderInternal.h:517:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(srcU8 + (y * lineSize) + (block.x1 * numberOfComponents * byteCount), dstU8, copySize);
data/openimageio-2.2.7.0+dfsg/src/ffmpeg.imageio/ffmpeginput.cpp:127:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& spec) override;
data/openimageio-2.2.7.0+dfsg/src/ffmpeg.imageio/ffmpeginput.cpp:247:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FFmpegInput::open(const std::string& name, ImageSpec& spec)
data/openimageio-2.2.7.0+dfsg/src/ffmpeg.imageio/ffmpeginput.cpp:581:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, m_rgb_frame->data[0] + y * m_rgb_frame->linesize[0], m_stride);
data/openimageio-2.2.7.0+dfsg/src/field3d.imageio/field3dinput.cpp:41:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec) override;
data/openimageio-2.2.7.0+dfsg/src/field3d.imageio/field3dinput.cpp:355:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ok = input->open(filename);
data/openimageio-2.2.7.0+dfsg/src/field3d.imageio/field3dinput.cpp:366:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Field3DInput::open(const std::string& name, ImageSpec& newspec)
data/openimageio-2.2.7.0+dfsg/src/field3d.imageio/field3dinput.cpp:387:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ok = m_input->open(name);
data/openimageio-2.2.7.0+dfsg/src/field3d.imageio/field3doutput.cpp:29:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, const ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/field3d.imageio/field3doutput.cpp:31:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, int subimages,
data/openimageio-2.2.7.0+dfsg/src/field3d.imageio/field3doutput.cpp:141:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Field3DOutput::open(const std::string& name, const ImageSpec& userspec,
data/openimageio-2.2.7.0+dfsg/src/field3d.imageio/field3doutput.cpp:147:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(name, 1, &userspec);
data/openimageio-2.2.7.0+dfsg/src/field3d.imageio/field3doutput.cpp:174:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Field3DOutput::open(const std::string& name, int subimages,
data/openimageio-2.2.7.0+dfsg/src/fits.imageio/fits_pvt.h:51:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& spec) override;
data/openimageio-2.2.7.0+dfsg/src/fits.imageio/fits_pvt.h:122:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, const ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/fits.imageio/fitsinput.cpp:43:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = Filesystem::fopen(filename, "rb");
data/openimageio-2.2.7.0+dfsg/src/fits.imageio/fitsinput.cpp:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[6] = { 0 };
data/openimageio-2.2.7.0+dfsg/src/fits.imageio/fitsinput.cpp:57:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FitsInput::open(const std::string& name, ImageSpec& spec)
data/openimageio-2.2.7.0+dfsg/src/fits.imageio/fitsinput.cpp:63:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_fd = Filesystem::fopen(m_filename, "rb");
data/openimageio-2.2.7.0+dfsg/src/fits.imageio/fitsinput.cpp:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[6] = { 0 };
data/openimageio-2.2.7.0+dfsg/src/fits.imageio/fitsinput.cpp:138:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &data_tmp[0], data_tmp.size());
data/openimageio-2.2.7.0+dfsg/src/fits.imageio/fitsinput.cpp:233:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&card[0], &fits_header[i * CARD_SIZE], CARD_SIZE);
data/openimageio-2.2.7.0+dfsg/src/fits.imageio/fitsoutput.cpp:42:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FitsOutput::open(const std::string& name, const ImageSpec& spec, OpenMode mode)
data/openimageio-2.2.7.0+dfsg/src/fits.imageio/fitsoutput.cpp:61:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_fd = Filesystem::fopen(m_filename, mode == AppendSubimage ? "r+b" : "wb");
data/openimageio-2.2.7.0+dfsg/src/fits.imageio/fitsoutput.cpp:103:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data_tmp[0], data, m_spec.scanline_bytes());
data/openimageio-2.2.7.0+dfsg/src/gif.imageio/gif.h:390:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(destroyableImage, nextFrame, imageSize);
data/openimageio-2.2.7.0+dfsg/src/gif.imageio/gif.h:774:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
writer->f = fopen(filename, "wb");
data/openimageio-2.2.7.0+dfsg/src/gif.imageio/gifinput.cpp:38:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec) override;
data/openimageio-2.2.7.0+dfsg/src/gif.imageio/gifinput.cpp:134:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GIFInput::open(const std::string& name, ImageSpec& newspec)
data/openimageio-2.2.7.0+dfsg/src/gif.imageio/gifinput.cpp:174:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &m_canvas[y * m_spec.width * m_spec.nchannels],
data/openimageio-2.2.7.0+dfsg/src/gif.imageio/gifoutput.cpp:36:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, const ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/gif.imageio/gifoutput.cpp:38:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, int subimages,
data/openimageio-2.2.7.0+dfsg/src/gif.imageio/gifoutput.cpp:83:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GIFOutput::open(const std::string& name, const ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/gif.imageio/gifoutput.cpp:87:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(name, 1, &newspec);
data/openimageio-2.2.7.0+dfsg/src/gif.imageio/gifoutput.cpp:110:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GIFOutput::open(const std::string& name, int subimages, const ImageSpec* specs)
data/openimageio-2.2.7.0+dfsg/src/hdr.imageio/hdrinput.cpp:37:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& spec) override;
data/openimageio-2.2.7.0+dfsg/src/hdr.imageio/hdrinput.cpp:89:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
HdrInput::open(const std::string& name, ImageSpec& newspec)
data/openimageio-2.2.7.0+dfsg/src/hdr.imageio/hdrinput.cpp:115:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_fd = Filesystem::fopen(m_filename, "rb");
data/openimageio-2.2.7.0+dfsg/src/hdr.imageio/hdroutput.cpp:22:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, const ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/hdr.imageio/hdroutput.cpp:59:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
HdrOutput::open(const std::string& name, const ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/hdr.imageio/hdroutput.cpp:91:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_fd = Filesystem::fopen(name, "wb");
data/openimageio-2.2.7.0+dfsg/src/hdr.imageio/rgbe.cpp:89:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
float2rgbe(unsigned char rgbe[4], float red, float green, float blue)
data/openimageio-2.2.7.0+dfsg/src/hdr.imageio/rgbe.cpp:135:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgbe2float(float *red, float *green, float *blue, unsigned char rgbe[4])
data/openimageio-2.2.7.0+dfsg/src/hdr.imageio/rgbe.cpp:201:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/openimageio-2.2.7.0+dfsg/src/hdr.imageio/rgbe.cpp:340:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2];
data/openimageio-2.2.7.0+dfsg/src/hdr.imageio/rgbe.cpp:391:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgbe[4];
data/openimageio-2.2.7.0+dfsg/src/hdr.imageio/rgbe.cpp:437:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgbe[4], *scanline_buffer, *ptr, *ptr_end;
data/openimageio-2.2.7.0+dfsg/src/hdr.imageio/rgbe.cpp:439:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2];
data/openimageio-2.2.7.0+dfsg/src/hdr.imageio/rgbe.h:23:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char programtype[16]; /* listed at beginning of file to identify it
data/openimageio-2.2.7.0+dfsg/src/heif.imageio/heifinput.cpp:32:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec) override;
data/openimageio-2.2.7.0+dfsg/src/heif.imageio/heifinput.cpp:33:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/heif.imageio/heifinput.cpp:83:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file = Filesystem::fopen(filename, "rb");
data/openimageio-2.2.7.0+dfsg/src/heif.imageio/heifinput.cpp:97:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
HeifInput::open(const std::string& name, ImageSpec& newspec)
data/openimageio-2.2.7.0+dfsg/src/heif.imageio/heifinput.cpp:101:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(name, newspec, config);
data/openimageio-2.2.7.0+dfsg/src/heif.imageio/heifinput.cpp:107:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
HeifInput::open(const std::string& name, ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/heif.imageio/heifinput.cpp:255:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, hdata, m_spec.width * m_spec.pixel_bytes());
data/openimageio-2.2.7.0+dfsg/src/heif.imageio/heifoutput.cpp:24:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, const ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/heif.imageio/heifoutput.cpp:88:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
HeifOutput::open(const std::string& name, const ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/heif.imageio/heifoutput.cpp:163:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdata, data, hystride);
data/openimageio-2.2.7.0+dfsg/src/ico.imageio/icoinput.cpp:28:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec) override;
data/openimageio-2.2.7.0+dfsg/src/ico.imageio/icoinput.cpp:109:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ICOInput::open(const std::string& name, ImageSpec& newspec)
data/openimageio-2.2.7.0+dfsg/src/ico.imageio/icoinput.cpp:113:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_file = Filesystem::fopen(name, "rb");
data/openimageio-2.2.7.0+dfsg/src/ico.imageio/icoinput.cpp:185:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[8];
data/openimageio-2.2.7.0+dfsg/src/ico.imageio/icoinput.cpp:435:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &m_buf[y * size], size);
data/openimageio-2.2.7.0+dfsg/src/ico.imageio/icooutput.cpp:30:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, const ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/ico.imageio/icooutput.cpp:127:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ICOOutput::open(const std::string& name, const ImageSpec& userspec,
data/openimageio-2.2.7.0+dfsg/src/ico.imageio/icooutput.cpp:204:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_file = Filesystem::fopen(name, mode == AppendSubimage ? "r+b" : "wb");
data/openimageio-2.2.7.0+dfsg/src/ico.imageio/icooutput.cpp:247:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[512];
data/openimageio-2.2.7.0+dfsg/src/ico.imageio/icooutput.cpp:371:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/openimageio-2.2.7.0+dfsg/src/ico.imageio/icooutput.cpp:452:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/openimageio-2.2.7.0+dfsg/src/iconvert/iconvert.cpp:318:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto in = ImageInput::open(in_filename);
data/openimageio-2.2.7.0+dfsg/src/iconvert/iconvert.cpp:399:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ok = out->open(tempname.c_str(), outspec, mode);
data/openimageio-2.2.7.0+dfsg/src/iconvert/iconvert.cpp:402:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ok = out->open(tempname.c_str(), outspec,
data/openimageio-2.2.7.0+dfsg/src/iconvert/iconvert.cpp:407:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ok = out->open(tempname.c_str(), int(subimagespecs.size()),
data/openimageio-2.2.7.0+dfsg/src/iconvert/iconvert.cpp:410:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ok = out->open(tempname.c_str(), outspec,
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iff_pvt.h:138:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& spec) override;
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iff_pvt.h:186:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[big];
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iff_pvt.h:215:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, const ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iffinput.cpp:36:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
IffInput::open(const std::string& name, ImageSpec& spec)
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iffinput.cpp:63:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_fd = Filesystem::fopen(m_filename, "rb");
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iffinput.cpp:165:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_p, in_p, tw * m_spec.pixel_bytes());
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iffinput.cpp:408:33: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pixel, out_p, 2);
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iffinput.cpp:418:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_dy, &scanline[0], tw * m_spec.pixel_bytes());
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iffinput.cpp:450:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, src, m_spec.width * bytespp);
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iffinput.cpp:451:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(src, dst, m_spec.width * bytespp);
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iffinput.cpp:452:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, tmp, m_spec.width * bytespp);
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iffoutput.cpp:36:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
IffOutput::open(const std::string& name, const ImageSpec& spec, OpenMode mode)
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iffoutput.cpp:75:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_fd = Filesystem::fopen(m_filename, "wb");
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iffoutput.cpp:142:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m_buf[offset], data, scanlinesize);
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iffoutput.cpp:177:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_p, in_p, tw * m_spec.pixel_bytes());
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iffoutput.cpp:201:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, src, m_spec.width * bytespp);
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iffoutput.cpp:202:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(src, dst, m_spec.width * bytespp);
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iffoutput.cpp:203:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, tmp, m_spec.width * bytespp);
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iffoutput.cpp:281:37: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pixel, in_dx, 1);
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iffoutput.cpp:296:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&scratch[0], &tmp[0], index);
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iffoutput.cpp:332:37: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pixel, in_dx, 1);
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iffoutput.cpp:391:37: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pixel, in_dx, 1);
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iffoutput.cpp:406:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&scratch[0], &tmp[0], index);
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iffoutput.cpp:442:37: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pixel, in_dx, 2);
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iffoutput.cpp:545:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, in, count);
data/openimageio-2.2.7.0+dfsg/src/igrep/igrep.cpp:70:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto in = ImageInput::open(filename);
data/openimageio-2.2.7.0+dfsg/src/iinfo/iinfo.cpp:682:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto in = ImageInput::open(s);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/attrdelegate.h:190:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localbuffer[localsize];
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:97:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define PUGI__STATIC_ASSERT(cond) { static const char condition_failed[(cond) ? 1 : -1] = {0}; (void)condition_failed[0]; }
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:108:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
using std::memcpy;
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:1819:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char chartype_table[256] =
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:1849:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char chartypex_table[256] =
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:2034:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, contents, length * sizeof(char_t));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:2210:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, data, prefix_length);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:2353:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, source, source_length * sizeof(char_t));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:2369:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, source, source_length * sizeof(char_t));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:3742:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + bufsize, data, length * sizeof(char_t));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:3752:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + offset, data, length * sizeof(char_t));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:4629:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:4630:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.9g", value);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:4638:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:4639:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.17g", value);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:4856:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(write, chunk->data, chunk->size);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:4965:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode_ascii[4] = {0};
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:4969:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* result = fopen(path_utf8, mode_ascii);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:6120:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&result[offset], j->name, length * sizeof(char_t));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:6945:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto_deleter<FILE> file(fopen(path_, "rb"), impl::close_file);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:7028:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto_deleter<FILE> file(fopen(path_, (flags & format_save_file_text) ? "w" : "wb"), impl::close_file);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:7384:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[xpath_memory_page_size];
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:7479:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, ptr, old_size);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:7602:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, string, length * sizeof(char_t));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:7660:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (!_uses_heap) memcpy(result, _buffer, target_length * sizeof(char_t));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:7663:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result + target_length, o._buffer, source_length * sizeof(char_t));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:8070:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%.*e", DBL_DIG, value);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:8078:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int exponent = atoi(exponent_string + 1); // NOLINT(cert-err34-c)
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:8105:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mantissa_buffer[32];
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:8221:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scratch, begin, length * sizeof(char_t));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:8376:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char table[128] = {0};
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:8402:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, table, sizeof(table));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:8520:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result->name, name, (length + 1) * sizeof(char_t));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:8612:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scratch, begin, length * sizeof(char_t));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:8754:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_end, begin_, count * sizeof(xpath_node));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:10958:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, value.begin, length * sizeof(char_t));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:11930:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(storage, begin_, size_ * sizeof(xpath_node));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:12139:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, value, size);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:12463:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, r.c_str(), (size - 1) * sizeof(char_t));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.hpp:990:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _memory[192];
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/filesystem.h:190:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
OIIO_API FILE *fopen (string_view path, string_view mode);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/filesystem.h:204:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
OIIO_API void open (OIIO::ifstream &stream, string_view path,
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/filesystem.h:209:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
OIIO_API void open (OIIO::ofstream &stream, string_view path,
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/fmath.h:742:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((void *)&out, &in, sizeof(IN_TYPE));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/fmath.h:855:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst, src, n*sizeof(D));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/fstream_mingw.h:51:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const std::wstring& path,
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/fstream_mingw.h:161:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
basic_ifstream<_CharT, _Traits>::open(const std::wstring& path,
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/fstream_mingw.h:204:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const std::wstring& path,
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/fstream_mingw.h:291:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
basic_ofstream<_CharT, _Traits>::open(const std::wstring& path,
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/hash.h:559:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[20];
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/imageio.h:845:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
static unique_ptr open (const std::string& filename,
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/imageio.h:998:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open (const std::string& name, ImageSpec &newspec) = 0;
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/imageio.h:1020:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open (const std::string& name, ImageSpec &newspec,
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/imageio.h:1022:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(name,newspec);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/imageio.h:1863:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open (const std::string &name, const ImageSpec &newspec,
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/imageio.h:1888:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open (const std::string &name,
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/imageio.h:1893:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open (name, specs[0]);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/paramlist.h:216:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localval[16];
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/plugin.h:40:1: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(const char* plugin_filename, bool global = true);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/plugin.h:43:1: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(const std::string& plugin_filename, bool global = true)
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/plugin.h:45:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(plugin_filename.c_str(), global);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/simd.h:2325:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (m_mat[0], a, 4*sizeof(float));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/simd.h:2326:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (m_mat[1], b, 4*sizeof(float));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/simd.h:2327:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (m_mat[2], c, 4*sizeof(float));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/simd.h:2328:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (m_mat[3], d, 4*sizeof(float));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/thread.h:381:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad1_[OIIO_CACHE_LINE_SIZE-sizeof(spin_mutex)];
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/thread.h:384:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad2_[OIIO_CACHE_LINE_SIZE-sizeof(atomic_int)];
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/typedesc.h:389:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char aggregate_delim[2] = "()", // Both sides of vector
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/typedesc.h:391:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char array_delim[2] = "{}", // Both sides of array
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/ustring.h:264:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[2];
data/openimageio-2.2.7.0+dfsg/src/iv/imageviewer.cpp:163:54: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
connect(openAct, SIGNAL(triggered()), this, SLOT(open()));
data/openimageio-2.2.7.0+dfsg/src/iv/imageviewer.cpp:660:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ImageViewer::open()
data/openimageio-2.2.7.0+dfsg/src/iv/imageviewer.h:239:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(); ///< Dialog to open new image from file
data/openimageio-2.2.7.0+dfsg/src/iv/ivgl.cpp:363:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10000];
data/openimageio-2.2.7.0+dfsg/src/iv/ivimage.cpp:247:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char srgb_to_linear_lut[256] = {
data/openimageio-2.2.7.0+dfsg/src/iv/ivimage.cpp:282:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char correction_table[256];
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpeg_pvt.h:58:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& spec) override;
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpeg_pvt.h:59:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpeginput.cpp:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[JMSG_LENGTH_MAX];
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpeginput.cpp:125:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[JMSG_LENGTH_MAX];
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpeginput.cpp:149:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = Filesystem::fopen(filename, "rb");
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpeginput.cpp:165:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
JpgInput::open(const std::string& name, ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpeginput.cpp:174:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(name, newspec);
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpeginput.cpp:180:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
JpgInput::open(const std::string& name, ImageSpec& newspec)
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpeginput.cpp:355:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char marker_present
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpeginput.cpp:399:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&icc_buf[0] + data_offset[seq_no], m->data + ICC_HEADER_SIZE,
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpeginput.cpp:450:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!close() || !open(m_filename, dummyspec, configsave)
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpegoutput.cpp:38:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, const ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpegoutput.cpp:101:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
JpgOutput::open(const std::string& name, const ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpegoutput.cpp:126:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_fd = Filesystem::fopen(name, "wb");
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpegoutput.cpp:277:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&profile[0] + ICC_HEADER_SIZE,
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpegoutput.cpp:464:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in->open(in_name, in_spec, config_spec);
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpegoutput.cpp:472:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(out_name, orig_out_spec);
data/openimageio-2.2.7.0+dfsg/src/jpeg2000.imageio/jpeg2000input.cpp:85:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& spec) override;
data/openimageio-2.2.7.0+dfsg/src/jpeg2000.imageio/jpeg2000input.cpp:86:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/jpeg2000.imageio/jpeg2000input.cpp:184:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Jpeg2000Input::open(const std::string& p_name, ImageSpec& p_spec)
data/openimageio-2.2.7.0+dfsg/src/jpeg2000.imageio/jpeg2000input.cpp:210:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_file = Filesystem::fopen(m_filename, "rb");
data/openimageio-2.2.7.0+dfsg/src/jpeg2000.imageio/jpeg2000input.cpp:294:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Jpeg2000Input::open(const std::string& name, ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/jpeg2000.imageio/jpeg2000input.cpp:300:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(name, newspec);
data/openimageio-2.2.7.0+dfsg/src/jpeg2000.imageio/jpeg2000output.cpp:45:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, const ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/jpeg2000.imageio/jpeg2000output.cpp:125:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Jpeg2000Output::open(const std::string& name, const ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/jpeg2000.imageio/jpeg2000output.cpp:166:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_file = Filesystem::fopen(m_filename, "wb");
data/openimageio-2.2.7.0+dfsg/src/jpeg2000.imageio/jpeg2000output.cpp:317:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_file = Filesystem::fopen(m_filename, "wb");
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/color_ocio.cpp:1540:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)scanline, A.pixeladdr(roi.xbegin, j, k),
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/color_ocio.cpp:1571:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(R.pixeladdr(roi.xbegin, j, k), scanline,
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/color_ocio.cpp:1831:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rgba, color.data(), channelsToCopy * sizeof(float));
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/color_ocio.cpp:1860:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(color.data(), rgba, channelsToCopy * sizeof(float));
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/deepdata.cpp:889:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_ptr(pixel, 0, 0), src.data_ptr(srcpixel, 0, 0),
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/deepdata.cpp:1044:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmppixel, data_ptr(pixel, 0, 0), samplebytes * nsamples);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/deepdata.cpp:1046:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_ptr(pixel, 0, i),
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/exif.cpp:1032:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, mydata, len);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:886:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/formatspec.cpp:887:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", val);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebuf.cpp:550:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_pixels.get(), data, size);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebuf.cpp:932:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto input = ImageInput::open(m_name.string(), m_configspec.get(),
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebuf.cpp:1027:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto in = ImageInput::open(m_name.string(), m_configspec.get(),
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebuf.cpp:1317:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!out->open(filename.c_str(), newspec)) {
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_draw.cpp:50:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((T*)p.rawptr() + roi.chbegin, tvalues + roi.chbegin,
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageinout_test.cpp:86:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
CHECKED(out, open(filename, spec));
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageinout_test.cpp:103:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
CHECKED(in, open(filename, spec));
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageinout_test.cpp:179:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto in = ImageInput::open(memname, nullptr, &inproxy);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageinout_test.cpp:350:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4][4][4];
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageinout_test.cpp:355:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto imgin = ImageInput::open(srcfilename);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageinout_test.cpp:364:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto imgin = ImageInput::open(srcfilename);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageinout_test.cpp:374:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto imgin = ImageInput::open(srcfilename);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageinout_test.cpp:387:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto imgin = ImageInput::open(srcfilename);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageinout_test.cpp:396:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto imgin = ImageInput::open(srcfilename);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageinout_test.cpp:406:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto imgin = ImageInput::open(srcfilename);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageinput.cpp:68:46: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool ok = const_cast<ImageInput*>(this)->open(filename, tmpspec);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageinput.cpp:77:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ImageInput::open(const std::string& filename, const ImageSpec* config,
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageinput.cpp:90:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!in->open(filename, newspec, *config)) {
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageinput.cpp:397:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (d + subset_bytes*x,
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageio.cpp:246:57: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
oiio_debug_file = filename && filename[0] ? fopen(filename, "a")
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageio.cpp:469:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, scanline, xstride * width);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageio.cpp:635:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, n * src_type.size());
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageio.cpp:791:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, f, width * pixelsize);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageio.cpp:795:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, f, pixelsize);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageioplugin.cpp:149:37: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Plugin::Handle handle = Plugin::open(plugin_fullpath);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageioplugin.cpp:655:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ok = in->open(filename, tmpspec, *config);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageioplugin.cpp:657:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ok = in->open(filename, tmpspec);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageioplugin.cpp:713:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool ok = in->open(filename, tmpspec, myconfig);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageoutput.cpp:405:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((float*)buf, data, floatsize);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagespeed_test.cpp:86:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto in = ImageInput::open(filename.c_str());
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagespeed_test.cpp:99:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto in = ImageInput::open(filename.c_str());
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagespeed_test.cpp:120:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto in = ImageInput::open(filename.c_str());
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagespeed_test.cpp:186:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool ok = out->open(output_filename, outspec);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagespeed_test.cpp:198:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool ok = out->open(output_filename, outspec);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagespeed_test.cpp:216:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool ok = out->open(output_filename, outspec);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagespeed_test.cpp:237:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool ok = out->open(output_filename, outspec);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagespeed_test.cpp:262:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool ok = out->open(output_filename, outspec);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagespeed_test.cpp:286:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool ok = out->open(output_filename, outspec);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagespeed_test.cpp:552:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto in = ImageInput::open(input_filename[0].c_str());
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/maketexture.cpp:666:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!out->open(outputfilename.c_str(), outspec)) {
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/maketexture.cpp:829:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!out->open(outputfilename.c_str(), outspec, mode)) {
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/maketexture.cpp:1033:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (auto in = ImageInput::open(outputfilename)) {
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:451:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ImageCacheFile::open(ImageCachePerThreadInfo* thread_info)
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:516:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ok = inp->open(m_filename.c_str(), nativespec, configspec);
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:805:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
std::shared_ptr<ImageInput> inp = open(thread_info);
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:1246:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tf->open(thread_info);
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:2757:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, p->data(), datatype.size());
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache_pvt.h:394:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
std::shared_ptr<ImageInput> open(ImageCachePerThreadInfo* thread_info);
data/openimageio-2.2.7.0+dfsg/src/libtexture/texture3d.cpp:186:53: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto input = texturefile->open(thread_info);
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.cpp:131:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_block, pBuffer, 64);
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.cpp:181:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m_buffer[j], pbData, i);
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.cpp:192:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m_buffer[j], &pbData[i], uLen - i);
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.cpp:262:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR tszTemp[16];
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.cpp:296:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR tszOut[84];
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.cpp:306:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbDest20, m_digest, 20);
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.h:169:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define _tfopen fopen
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem.cpp:418:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Filesystem::fopen(string_view path, string_view mode)
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem.cpp:428:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return ::fopen(path.c_str(), mode.c_str());
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem.cpp:459:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Filesystem::open(OIIO::ifstream& stream, string_view path,
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem.cpp:466:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream.open(wpath.c_str(), mode);
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem.cpp:469:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream.open(path.c_str(), mode);
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem.cpp:476:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Filesystem::open(OIIO::ofstream& stream, string_view path,
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem.cpp:483:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream.open(wpath.c_str(), mode);
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem.cpp:485:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream.open(path.c_str(), mode);
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem.cpp:498:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Filesystem::open(in, filename);
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem.cpp:516:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Filesystem::open(out, filename);
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem.cpp:531:34: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (FILE* file = Filesystem::fopen(path, "rb")) {
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem.cpp:943:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_file = Filesystem::fopen(m_filename.c_str(),
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem.cpp:1090:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m_buf[offset], buf, size);
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem.cpp:1112:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, m_buf.data() + offset, size);
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem_test.cpp:109:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* file = Filesystem::fopen("testfile", "w");
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem_test.cpp:126:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3];
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem_test.cpp:501:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[4];
data/openimageio-2.2.7.0+dfsg/src/libutil/fmath_test.cpp:366:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char foo[3] = { 0, 0, 0 };
data/openimageio-2.2.7.0+dfsg/src/libutil/fmath_test.cpp:380:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char foo[4] = { 0, 0, 0, 0 };
data/openimageio-2.2.7.0+dfsg/src/libutil/paramlist.cpp:44:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m_data, _value, size);
data/openimageio-2.2.7.0+dfsg/src/libutil/paramlist.cpp:52:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)m_data.ptr, _value, size);
data/openimageio-2.2.7.0+dfsg/src/libutil/plugin.cpp:91:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Plugin::open(const char* plugin_filename, bool global)
data/openimageio-2.2.7.0+dfsg/src/libutil/simd_test.cpp:545:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[VEC::elements];
data/openimageio-2.2.7.0+dfsg/src/libutil/stb_sprintf.h:234:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pair[201];
data/openimageio-2.2.7.0+dfsg/src/libutil/stb_sprintf.h:502:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[STBSP__NUMSZ];
data/openimageio-2.2.7.0+dfsg/src/libutil/stb_sprintf.h:503:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lead[8];
data/openimageio-2.2.7.0+dfsg/src/libutil/stb_sprintf.h:504:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tail[8];
data/openimageio-2.2.7.0+dfsg/src/libutil/stb_sprintf.h:1345:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[STB_SPRINTF_MIN];
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil.cpp:159:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stackbuf[1024];
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil.cpp:632:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_buf[256];
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil.cpp:638:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, s.data(), sl);
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil.cpp:639:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + sl, t.data(), tl);
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil.cpp:651:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_buf[256];
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil.cpp:658:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + i * sl, str.data(), sl);
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil.cpp:697:9: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, str.data(), str.length(), NULL, 0));
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil.cpp:698:5: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, str.data(), str.length(), &native[0],
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil.cpp:1170:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char char_array_3[3];
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil.cpp:1171:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char char_array_4[4];
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:26:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
OIIO_CHECK_EQUAL(Strutil::sprintf("'%s' '%s'", "foo", std::string("foo")),
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:71:63: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bench ("std::sprintf(\"%g\")", [&](){ DoNotOptimize (std::sprintf(buffer,"%g",123.45f)); });
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:76:63: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bench ("std::sprintf(\"%d\")", [&](){ DoNotOptimize (std::sprintf(buffer,"%d",123)); });
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:706:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bench ("std atoi", [&](){ DoNotOptimize(atoi(numcstr));}); // NOLINT(cert-err34-c)
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:801:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[4] = { '0', '1', '2', '3' };
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:809:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[4] = { '0', '1', '2', '3' };
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:817:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[4] = { '0', '1', '2', '3' };
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:825:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[4] = { '0', '1', '2', '3' };
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:1096:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/openimageio-2.2.7.0+dfsg/src/libutil/strutil_test.cpp:1097:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf(buffer, "%.9g", *f);
data/openimageio-2.2.7.0+dfsg/src/libutil/sysutil.cpp:102:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* file = fopen("/proc/self/statm", "r");
data/openimageio-2.2.7.0+dfsg/src/libutil/sysutil.cpp:150:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* file = fopen("/proc/meminfo", "r");
data/openimageio-2.2.7.0+dfsg/src/libutil/sysutil.cpp:152:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/openimageio-2.2.7.0+dfsg/src/libutil/sysutil.cpp:234:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[10240] = "";
data/openimageio-2.2.7.0+dfsg/src/libutil/typedesc.cpp:609:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char* string_fmt, const char aggregate_delim[2],
data/openimageio-2.2.7.0+dfsg/src/libutil/typedesc.cpp:610:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char* aggregate_sep, const char array_delim[2],
data/openimageio-2.2.7.0+dfsg/src/libutil/typedesc.cpp:743:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, size);
data/openimageio-2.2.7.0+dfsg/src/libutil/ustring.cpp:331:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)c_str(), strref.data(), length);
data/openimageio-2.2.7.0+dfsg/src/libutil/ustring.cpp:431:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_buf[256];
data/openimageio-2.2.7.0+dfsg/src/libutil/ustring.cpp:437:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, s.data(), sl);
data/openimageio-2.2.7.0+dfsg/src/libutil/ustring.cpp:438:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + sl, t.data(), tl);
data/openimageio-2.2.7.0+dfsg/src/libutil/xxhash.cpp:104:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(dest,src,size);
data/openimageio-2.2.7.0+dfsg/src/nuke/txReader/txReader.cpp:204:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
, oiioInput_(ImageInput::open(filename()))
data/openimageio-2.2.7.0+dfsg/src/nuke/txReader/txReader.cpp:281:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open()
data/openimageio-2.2.7.0+dfsg/src/null.imageio/nullimageio.cpp:31:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& /*name*/, const ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/null.imageio/nullimageio.cpp:68:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec) override;
data/openimageio-2.2.7.0+dfsg/src/null.imageio/nullimageio.cpp:69:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/null.imageio/nullimageio.cpp:145:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
NullInput::open(const std::string& name, ImageSpec& newspec)
data/openimageio-2.2.7.0+dfsg/src/null.imageio/nullimageio.cpp:148:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(name, newspec, config);
data/openimageio-2.2.7.0+dfsg/src/null.imageio/nullimageio.cpp:240:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
NullInput::open(const std::string& name, ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/null.imageio/nullimageio.cpp:379:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)data + s * x, m_value.data(), s);
data/openimageio-2.2.7.0+dfsg/src/null.imageio/nullimageio.cpp:395:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)data + s * x, m_value.data(), s);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:2035:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((float*)&MM, M.data(), 16 * sizeof(float));
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:4375:47: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto in = ImageInput::open(filename);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:4844:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!out->open(tmpfilename, ir->subimages(), &subimagespecs[0])) {
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:4849:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!out->open(tmpfilename, subimagespecs[0], mode)) {
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:4863:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!out->open(tmpfilename, spec, mode)) {
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:733:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto input = ImageInput::open(filename, &ot.input_config);
data/openimageio-2.2.7.0+dfsg/src/openexr.imageio/exrinput.cpp:142:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/openexr.imageio/exrinput.cpp:144:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec) override
data/openimageio-2.2.7.0+dfsg/src/openexr.imageio/exrinput.cpp:146:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(name, newspec, ImageSpec());
data/openimageio-2.2.7.0+dfsg/src/openexr.imageio/exrinput.cpp:415:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
OpenEXRInput::open(const std::string& name, ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/openexr.imageio/exrinput.cpp:1471:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)origdata + (y - ybegin) * scanline_stride,
data/openimageio-2.2.7.0+dfsg/src/openexr.imageio/exroutput.cpp:116:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, const ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/openexr.imageio/exroutput.cpp:118:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, int subimages,
data/openimageio-2.2.7.0+dfsg/src/openexr.imageio/exroutput.cpp:331:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
OpenEXROutput::open(const std::string& name, const ImageSpec& userspec,
data/openimageio-2.2.7.0+dfsg/src/openexr.imageio/exroutput.cpp:336:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(name, 1, &userspec);
data/openimageio-2.2.7.0+dfsg/src/openexr.imageio/exroutput.cpp:476:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
OpenEXROutput::open(const std::string& name, int subimages,
data/openimageio-2.2.7.0+dfsg/src/openexr.imageio/exroutput.cpp:486:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(name, specs[0], Create);
data/openimageio-2.2.7.0+dfsg/src/openvdb.imageio/openvdbinput.cpp:78:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec) override;
data/openimageio-2.2.7.0+dfsg/src/openvdb.imageio/openvdbinput.cpp:297:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* f = Filesystem::fopen(filename, "r");
data/openimageio-2.2.7.0+dfsg/src/openvdb.imageio/openvdbinput.cpp:321:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file->open();
data/openimageio-2.2.7.0+dfsg/src/openvdb.imageio/openvdbinput.cpp:479:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
OpenVDBInput::open(const std::string& filename, ImageSpec& newspec)
data/openimageio-2.2.7.0+dfsg/src/openvdb.imageio/openvdbinput.cpp:522:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char kChanName[4]
data/openimageio-2.2.7.0+dfsg/src/png.imageio/pnginput.cpp:26:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec) override;
data/openimageio-2.2.7.0+dfsg/src/png.imageio/pnginput.cpp:27:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/png.imageio/pnginput.cpp:126:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = Filesystem::fopen(filename, "rb");
data/openimageio-2.2.7.0+dfsg/src/png.imageio/pnginput.cpp:129:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sig[8];
data/openimageio-2.2.7.0+dfsg/src/png.imageio/pnginput.cpp:139:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PNGInput::open(const std::string& name, ImageSpec& newspec)
data/openimageio-2.2.7.0+dfsg/src/png.imageio/pnginput.cpp:155:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sig[8];
data/openimageio-2.2.7.0+dfsg/src/png.imageio/pnginput.cpp:189:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PNGInput::open(const std::string& name, ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/png.imageio/pnginput.cpp:200:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(name, newspec);
data/openimageio-2.2.7.0+dfsg/src/png.imageio/pnginput.cpp:286:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &m_buf[0] + y * size, size);
data/openimageio-2.2.7.0+dfsg/src/png.imageio/pnginput.cpp:298:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!close() || !open(m_filename, dummyspec, configsave)
data/openimageio-2.2.7.0+dfsg/src/png.imageio/pngoutput.cpp:26:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, const ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/png.imageio/pngoutput.cpp:126:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PNGOutput::open(const std::string& name, const ImageSpec& userspec,
data/openimageio-2.2.7.0+dfsg/src/pnm.imageio/pnminput.cpp:29:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec) override;
data/openimageio-2.2.7.0+dfsg/src/pnm.imageio/pnminput.cpp:425:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PNMInput::open(const std::string& name, ImageSpec& newspec)
data/openimageio-2.2.7.0+dfsg/src/pnm.imageio/pnminput.cpp:429:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Filesystem::open(m_file, name, std::ios::in | std::ios::binary);
data/openimageio-2.2.7.0+dfsg/src/pnm.imageio/pnmoutput.cpp:17:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, const ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/pnm.imageio/pnmoutput.cpp:130:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PNMOutput::open(const std::string& name, const ImageSpec& userspec,
data/openimageio-2.2.7.0+dfsg/src/pnm.imageio/pnmoutput.cpp:160:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Filesystem::open(m_file, name);
data/openimageio-2.2.7.0+dfsg/src/pnm.imageio/pnmoutput.cpp:163:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Filesystem::open(m_file, name, std::ios::out | std::ios::binary);
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psd_pvt.h:15:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[4];
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psd_pvt.h:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[4];
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:39:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec) override;
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:40:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:135:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bm_key[4];
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:154:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[4];
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:524:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PSDInput::open(const std::string& name, ImageSpec& newspec)
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:528:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Filesystem::open(m_file, name, std::ios::binary);
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:595:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PSDInput::open(const std::string& name, ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:604:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(name, newspec);
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:1311:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&thumbnail_image[(cinfo.output_scanline - 1) * stride],
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:1420:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bm_signature[4];
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:1479:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[4];
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:1650:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[4];
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:1651:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[4];
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:2040:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(dst, src, length);
data/openimageio-2.2.7.0+dfsg/src/ptex.imageio/ptexinput.cpp:29:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec) override;
data/openimageio-2.2.7.0+dfsg/src/ptex.imageio/ptexinput.cpp:99:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PtexInput::open(const std::string& name, ImageSpec& newspec)
data/openimageio-2.2.7.0+dfsg/src/ptex.imageio/ptexinput.cpp:102:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ptex = PtexTexture::open(name.c_str(), perr, true /*premultiply*/);
data/openimageio-2.2.7.0+dfsg/src/ptex.imageio/ptexinput.cpp:284:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, tiledata, m_spec.tile_bytes());
data/openimageio-2.2.7.0+dfsg/src/python/py_imageinput.cpp:204:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto in = ImageInput::open(filename);
data/openimageio-2.2.7.0+dfsg/src/python/py_imageinput.cpp:212:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto in = ImageInput::open(filename, &config);
data/openimageio-2.2.7.0+dfsg/src/python/py_imageoutput.cpp:27:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return self.open(name, int(length), &Cspecs[0]);
data/openimageio-2.2.7.0+dfsg/src/python/py_imageoutput.cpp:223:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return self.open(name, newspec, mode);
data/openimageio-2.2.7.0+dfsg/src/python/py_imageoutput.cpp:230:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return self.open(name, (int)specs.size(), &specs[0]);
data/openimageio-2.2.7.0+dfsg/src/raw.imageio/rawinput.cpp:55:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec) override;
data/openimageio-2.2.7.0+dfsg/src/raw.imageio/rawinput.cpp:56:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/raw.imageio/rawinput.cpp:236:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
RawInput::open(const std::string& name, ImageSpec& newspec)
data/openimageio-2.2.7.0+dfsg/src/raw.imageio/rawinput.cpp:240:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(name, newspec, config);
data/openimageio-2.2.7.0+dfsg/src/raw.imageio/rawinput.cpp:325:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
RawInput::open(const std::string& name, ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/raw.imageio/rawinput.cpp:653:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datetime[20];
data/openimageio-2.2.7.0+dfsg/src/raw.imageio/rawinput.cpp:1257:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, scanline, m_spec.scanline_bytes(true));
data/openimageio-2.2.7.0+dfsg/src/raw.imageio/rawinput.cpp:1273:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, scanline, m_spec.scanline_bytes(true));
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rla_pvt.h:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Gamma[16]; // Gamma setting of image
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rla_pvt.h:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char RedChroma[24]; // Red chromaticity
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rla_pvt.h:78:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char GreenChroma[24]; // Green chromaticity
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rla_pvt.h:79:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BlueChroma[24]; // Blue chromaticity
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rla_pvt.h:80:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char WhitePoint[24]; // White point chromaticity*/
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rla_pvt.h:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FileName[128]; // Image file name
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rla_pvt.h:83:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Description[128]; // Description of the file contents
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rla_pvt.h:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ProgramName[64]; // Name of the program that created the file
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rla_pvt.h:85:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MachineName[32]; // Name of machine used to create the file
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rla_pvt.h:86:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char UserName[32]; // Name of user who created the file
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rla_pvt.h:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DateCreated[20]; // Date the file was created
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rla_pvt.h:88:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Aspect[24]; // Aspect format of the image
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rla_pvt.h:89:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AspectRatio[8]; // Aspect ratio of the image
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rla_pvt.h:90:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ColorChannel[32]; // Format of color channel data
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rla_pvt.h:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Time[12]; // Length of time used to create the image file
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rla_pvt.h:93:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Filter[32]; // Name of post-processing filter
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rla_pvt.h:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AuxData[32]; // Auxiliary channel data description
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rla_pvt.h:100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Reserved[36]; // Unused
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rlainput.cpp:27:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec) override;
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rlainput.cpp:109:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[4];
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rlainput.cpp:154:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
RLAInput::open(const std::string& name, ImageSpec& newspec)
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rlainput.cpp:158:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_file = Filesystem::fopen(name, "rb");
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rlainput.cpp:350:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char month[4] = { 0, 0, 0, 0 };
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rlainput.cpp:666:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &m_buf[0], size);
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rlaoutput.cpp:33:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, const ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rlaoutput.cpp:85:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newbuf, buf, nitems * sizeof(T));
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rlaoutput.cpp:147:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
RLAOutput::open(const std::string& name, const ImageSpec& userspec,
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rlaoutput.cpp:164:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_file = Filesystem::fopen(name, "wb");
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rlaoutput.cpp:346:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char months[12][4] = { "JAN", "FEB", "MAR", "APR",
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rlaoutput.cpp:349:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_rla.DateCreated, months[m - 1], 3);
data/openimageio-2.2.7.0+dfsg/src/sgi.imageio/sgi_pvt.h:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imagename[80]; // null terminated ASCII string
data/openimageio-2.2.7.0+dfsg/src/sgi.imageio/sgi_pvt.h:71:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& spec) override;
data/openimageio-2.2.7.0+dfsg/src/sgi.imageio/sgi_pvt.h:124:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, const ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/sgi.imageio/sgiinput.cpp:37:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = Filesystem::fopen(filename, "rb");
data/openimageio-2.2.7.0+dfsg/src/sgi.imageio/sgiinput.cpp:50:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SgiInput::open(const std::string& name, ImageSpec& spec)
data/openimageio-2.2.7.0+dfsg/src/sgi.imageio/sgiinput.cpp:55:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_fd = Filesystem::fopen(m_filename, "rb");
data/openimageio-2.2.7.0+dfsg/src/sgi.imageio/sgiinput.cpp:159:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &(channeldata[0][0]), channeldata[0].size());
data/openimageio-2.2.7.0+dfsg/src/sgi.imageio/sgioutput.cpp:32:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SgiOutput::open(const std::string& name, const ImageSpec& spec, OpenMode mode)
data/openimageio-2.2.7.0+dfsg/src/sgi.imageio/sgioutput.cpp:49:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_fd = Filesystem::fopen(m_filename, "wb");
data/openimageio-2.2.7.0+dfsg/src/sgi.imageio/sgioutput.cpp:196:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[404] = { 0 };
data/openimageio-2.2.7.0+dfsg/src/socket.imageio/socket_pvt.h:42:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, const ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/socket.imageio/socket_pvt.h:70:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& spec) override;
data/openimageio-2.2.7.0+dfsg/src/socket.imageio/socket_pvt.h:71:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/socket.imageio/socketinput.cpp:52:47: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool ok = const_cast<SocketInput*>(this)->open(filename, tmpspec, config);
data/openimageio-2.2.7.0+dfsg/src/socket.imageio/socketinput.cpp:61:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SocketInput::open(const std::string& name, ImageSpec& newspec)
data/openimageio-2.2.7.0+dfsg/src/socket.imageio/socketinput.cpp:63:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(name, newspec, ImageSpec());
data/openimageio-2.2.7.0+dfsg/src/socket.imageio/socketinput.cpp:69:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SocketInput::open(const std::string& name, ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/socket.imageio/socketoutput.cpp:43:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SocketOutput::open(const std::string& name, const ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/softimage.imageio/softimage_pvt.h:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[80]; // Comment
data/openimageio-2.2.7.0+dfsg/src/softimage.imageio/softimage_pvt.h:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[4]; // ID - should be PICT
data/openimageio-2.2.7.0+dfsg/src/softimage.imageio/softimageinput.cpp:18:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& spec) override;
data/openimageio-2.2.7.0+dfsg/src/softimage.imageio/softimageinput.cpp:81:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SoftimageInput::open(const std::string& name, ImageSpec& spec)
data/openimageio-2.2.7.0+dfsg/src/softimage.imageio/softimageinput.cpp:86:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_fd = Filesystem::fopen(m_filename, "rb");
data/openimageio-2.2.7.0+dfsg/src/softimage.imageio/softimageinput.cpp:136:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[81];
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targa_pvt.h:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[18]; ///< file signature string
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:28:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec) override;
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:29:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:102:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TGAInput::open(const std::string& name, ImageSpec& newspec)
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:106:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_file = Filesystem::fopen(name, "rb");
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:219:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[256];
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:255:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[324]; // so as to accommodate the comments
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:294:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char*)&buf.c[12], "%04u:%02u:%02u %02u:%02u:%02u",
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:312:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char*)&buf.c[6], "%u:%02u:%02u", buf.s[0], buf.s[1],
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:326:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char*)&buf.c[strlen((char*)buf.c)], " %u.%u%c",
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:433:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pixel[4];
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:434:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[4];
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:441:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m_buf[y * buf.c[0] * m_spec.nchannels
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:473:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TGAInput::open(const std::string& name, ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:479:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(name, newspec);
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:567:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, in, bytespp);
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:636:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pixel[4];
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:639:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[4];
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:645:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m_buf[y * m_spec.width * m_spec.nchannels
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:652:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[5];
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:664:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m_buf[y * m_spec.width * m_spec.nchannels
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:683:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m_buf[y * m_spec.width * m_spec.nchannels
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:738:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, src, bytespp * m_spec.width / 2);
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:739:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(src, dst, bytespp * m_spec.width / 2);
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:740:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, tmp, bytespp * m_spec.width / 2);
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:788:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &m_buf[0] + y * size, size);
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targaoutput.cpp:32:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, const ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targaoutput.cpp:145:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TGAOutput::open(const std::string& name, const ImageSpec& userspec,
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targaoutput.cpp:189:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_file = Filesystem::fopen(name, "wb");
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targaoutput.cpp:496:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targaoutput.cpp:578:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4] = { 0, 0, 0, 0 };
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targaoutput.cpp:579:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf2[4] = { 0, 0, 0, 0 };
data/openimageio-2.2.7.0+dfsg/src/term.imageio/termoutput.cpp:24:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, const ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/term.imageio/termoutput.cpp:58:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TermOutput::open(const std::string& name, const ImageSpec& spec, OpenMode mode)
data/openimageio-2.2.7.0+dfsg/src/term.imageio/termoutput.cpp:178:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[3];
data/openimageio-2.2.7.0+dfsg/src/term.imageio/termoutput.cpp:202:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[2][3];
data/openimageio-2.2.7.0+dfsg/src/term.imageio/termoutput.cpp:220:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[3];
data/openimageio-2.2.7.0+dfsg/src/testtex/testtex.cpp:1304:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& /*name*/, ImageSpec& newspec) final
data/openimageio-2.2.7.0+dfsg/src/tiff.imageio/tiffinput.cpp:82:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec) override;
data/openimageio-2.2.7.0+dfsg/src/tiff.imageio/tiffinput.cpp:83:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/tiff.imageio/tiffinput.cpp:409:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uncompressed_buf, compressed_buf, csize);
data/openimageio-2.2.7.0+dfsg/src/tiff.imageio/tiffinput.cpp:585:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* file = Filesystem::fopen(filename, "r");
data/openimageio-2.2.7.0+dfsg/src/tiff.imageio/tiffinput.cpp:603:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TIFFInput::open(const std::string& name, ImageSpec& newspec)
data/openimageio-2.2.7.0+dfsg/src/tiff.imageio/tiffinput.cpp:617:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TIFFInput::open(const std::string& name, ImageSpec& newspec,
data/openimageio-2.2.7.0+dfsg/src/tiff.imageio/tiffinput.cpp:630:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(name, newspec);
data/openimageio-2.2.7.0+dfsg/src/tiff.imageio/tiffinput.cpp:695:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char emsg[1024];
data/openimageio-2.2.7.0+dfsg/src/tiff.imageio/tiffinput.cpp:1502:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!open(m_filename, dummyspec)
data/openimageio-2.2.7.0+dfsg/src/tiff.imageio/tiffinput.cpp:1785:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sepbuf, data, strip_bytes * planes);
data/openimageio-2.2.7.0+dfsg/src/tiff.imageio/tiffoutput.cpp:45:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, const ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/tiff.imageio/tiffoutput.cpp:321:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TIFFOutput::open(const std::string& name, const ImageSpec& userspec,
data/openimageio-2.2.7.0+dfsg/src/tiff.imageio/tiffoutput.cpp:1162:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scratch.get(), data, scratch_bytes);
data/openimageio-2.2.7.0+dfsg/src/tiff.imageio/tiffoutput.cpp:1178:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)data, origdata, strip_bytes);
data/openimageio-2.2.7.0+dfsg/src/tiff.imageio/tiffoutput.cpp:1227:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)data, origdata, (yend - y) * m_spec.scanline_bytes(true));
data/openimageio-2.2.7.0+dfsg/src/webp.imageio/webpinput.cpp:23:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& spec) override;
data/openimageio-2.2.7.0+dfsg/src/webp.imageio/webpinput.cpp:46:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
WebpInput::open(const std::string& name, ImageSpec& spec)
data/openimageio-2.2.7.0+dfsg/src/webp.imageio/webpinput.cpp:68:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_file = Filesystem::fopen(m_filename, "rb");
data/openimageio-2.2.7.0+dfsg/src/webp.imageio/webpinput.cpp:147:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &m_decoded_image[y * m_scanline_size], m_scanline_size);
data/openimageio-2.2.7.0+dfsg/src/webp.imageio/webpoutput.cpp:23:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, const ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/webp.imageio/webpoutput.cpp:76:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
WebpOutput::open(const std::string& name, const ImageSpec& spec, OpenMode mode)
data/openimageio-2.2.7.0+dfsg/src/webp.imageio/webpoutput.cpp:93:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_file = Filesystem::fopen(m_filename, "wb");
data/openimageio-2.2.7.0+dfsg/src/webp.imageio/webpoutput.cpp:149:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m_uncompressed_image[y * m_scanline_size], data, m_scanline_size);
data/openimageio-2.2.7.0+dfsg/src/zfile.imageio/zfile.cpp:61:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, ImageSpec& newspec) override;
data/openimageio-2.2.7.0+dfsg/src/zfile.imageio/zfile.cpp:89:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& name, const ImageSpec& spec,
data/openimageio-2.2.7.0+dfsg/src/zfile.imageio/zfile.cpp:164:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ZfileInput::open(const std::string& name, ImageSpec& newspec)
data/openimageio-2.2.7.0+dfsg/src/zfile.imageio/zfile.cpp:235:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!close() || !open(m_filename, dummyspec)
data/openimageio-2.2.7.0+dfsg/src/zfile.imageio/zfile.cpp:253:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ZfileOutput::open(const std::string& name, const ImageSpec& userspec,
data/openimageio-2.2.7.0+dfsg/src/zfile.imageio/zfile.cpp:300:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header.worldtocamera, p->data(), 16 * sizeof(float));
data/openimageio-2.2.7.0+dfsg/src/zfile.imageio/zfile.cpp:302:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header.worldtocamera, ident, 16 * sizeof(float));
data/openimageio-2.2.7.0+dfsg/src/zfile.imageio/zfile.cpp:304:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header.worldtoscreen, p->data(), 16 * sizeof(float));
data/openimageio-2.2.7.0+dfsg/src/zfile.imageio/zfile.cpp:306:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header.worldtoscreen, ident, 16 * sizeof(float));
data/openimageio-2.2.7.0+dfsg/src/zfile.imageio/zfile.cpp:312:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_file = Filesystem::fopen(name, "wb");
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/CineonHeader.cpp:524:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, edge, 2);
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/CineonHeader.cpp:527:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, edge + 2, 2);
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/CineonHeader.cpp:530:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, edge + 4, 2);
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/CineonHeader.cpp:533:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, edge + 6, 6);
data/openimageio-2.2.7.0+dfsg/src/cineon.imageio/libcineon/CineonHeader.cpp:536:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, edge + 12, 4);
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/DPXHeader.cpp:712:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (::strlen(str) != 11)
data/openimageio-2.2.7.0+dfsg/src/dpx.imageio/libdpx/InStream.cpp:69:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return IsValid() ? m_io->read(buf, size) : false;
data/openimageio-2.2.7.0+dfsg/src/idiff/idiff.cpp:116:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (img.read(subimage, miplevel, false, TypeFloat))
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iff_pvt.cpp:71:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read(fd, width) || !read(fd, height)
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iff_pvt.cpp:71:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read(fd, width) || !read(fd, height)
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iff_pvt.cpp:72:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| !read(fd, prnum) || !read(fd, prden)
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iff_pvt.cpp:72:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| !read(fd, prnum) || !read(fd, prden)
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iff_pvt.cpp:73:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| !read(fd, flags) || !read(fd, bytes)
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iff_pvt.cpp:73:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| !read(fd, flags) || !read(fd, bytes)
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iff_pvt.cpp:74:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| !read(fd, tiles) || !read(fd, compression)) {
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iff_pvt.cpp:74:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| !read(fd, tiles) || !read(fd, compression)) {
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iff_pvt.cpp:81:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read(fd, x) || !read(fd, y)) {
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iff_pvt.cpp:81:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read(fd, x) || !read(fd, y)) {
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iff_pvt.cpp:195:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read(fd, xmin)
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iff_pvt.cpp:196:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| !read(fd, ymin)
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iff_pvt.cpp:197:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| !read(fd, xmax)
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iff_pvt.cpp:198:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| !read(fd, ymax)) {
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iff_pvt.h:63:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(FILE* fd, uint32_t& data)
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iff_pvt.h:70:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(FILE* fd, uint16_t& data)
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iff_pvt.h:79:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (fread(type, 1, 4, fd) == 4) && read(fd, size);
data/openimageio-2.2.7.0+dfsg/src/iff.imageio/iff_pvt.h:191:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(m_fd);
data/openimageio-2.2.7.0+dfsg/src/iinfo/iinfo.cpp:104:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
&& img.read(subimage, miplevel, false, TypeDesc::FLOAT))
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:193:10: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return wcslen(s);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:195:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(s);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:227:10: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return wcslen(s);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:4605:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(buf) < sizeof(wbuf) / sizeof(wbuf[0]));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:4612:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strcpy_insitu(dest, header, header_mask, buf, strlen(buf));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:4834:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream.read(chunk->data, static_cast<std::streamsize>(sizeof(chunk->data) / sizeof(T)));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:4890:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream.read(static_cast<T*>(buffer.data), static_cast<std::streamsize>(read_length));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:7069:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return impl::as_wide_impl(str, strlen(str));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:8060:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
truncate_zeros(buffer, buffer + strlen(buffer));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:8071:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(buffer) < buffer_size);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/detail/pugixml/pugixml.cpp:8112:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t result_size = strlen(mantissa_buffer) + (exponent > 0 ? exponent : -exponent) + 4;
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/filesystem.h:336:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual size_t read (void *buf, size_t size);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/filesystem.h:347:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
template<class T> size_t read (span<T> buf) {
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/filesystem.h:348:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read (buf.data(), buf.size()*sizeof(T));
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/filesystem.h:394:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual size_t read(void* buf, size_t size);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/filesystem.h:463:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual size_t read(void* buf, size_t size);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/imagebuf.h:343:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(int subimage = 0, int miplevel = 0, bool force = false,
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/imagebuf.h:365:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(int subimage, int miplevel, int chbegin, int chend, bool force,
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/string_view.h:86:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_view(const charT* chars) { init(chars, chars ? strlen(chars) : 0); }
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/sysutil.h:73:1: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(unsigned long useconds);
data/openimageio-2.2.7.0+dfsg/src/include/OpenImageIO/ustring.h:347:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
char* c = strncpy(s, c_str() + pos, n);
data/openimageio-2.2.7.0+dfsg/src/iv/imageviewer.cpp:1832:22: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
Sysutil::usleep(1000000 / 4 / nsteps);
data/openimageio-2.2.7.0+dfsg/src/iv/imageviewer.cpp:1868:22: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
Sysutil::usleep(1000000 / 4 / nsteps);
data/openimageio-2.2.7.0+dfsg/src/iv/imageviewer.cpp:2092:22: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
Sysutil::usleep(1000000 / 4 / nsteps);
data/openimageio-2.2.7.0+dfsg/src/iv/ivimage.cpp:73:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_image_valid = ImageBuf::read(subimage, miplevel, force, format,
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpeginput.cpp:108:14: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (std::equal(JPEG_444_COMP, JPEG_444_COMP + size, comp.begin()))
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpeginput.cpp:110:19: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
else if (std::equal(JPEG_422_COMP, JPEG_422_COMP + size, comp.begin()))
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpeginput.cpp:112:19: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
else if (std::equal(JPEG_420_COMP, JPEG_420_COMP + size, comp.begin()))
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpeginput.cpp:114:19: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
else if (std::equal(JPEG_411_COMP, JPEG_411_COMP + size, comp.begin()))
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpeginput.cpp:512:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf += strlen("Photoshop 3.0") + 1;
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpegoutput.cpp:198:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jpeg_write_marker(&m_cinfo, JPEG_COM, (JOCTET*)*c, strlen(*c) + 1);
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpegoutput.cpp:222:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::vector<char> head(photoshop, photoshop + strlen(photoshop) + 1);
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpegoutput.cpp:242:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::vector<char> block(prefix, prefix + strlen(prefix) + 1);
data/openimageio-2.2.7.0+dfsg/src/jpeg.imageio/jpegoutput.cpp:273:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy((char*)&profile[0], "ICC_PROFILE", profile_size);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/exif.cpp:708:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str.c_str()) < str.length()) // Stray \0 in the middle
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/exif.cpp:937:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s) + 1;
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebuf.cpp:102:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(int subimage, int miplevel, int chbegin = 0, int chend = -1,
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebuf.cpp:193:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return imp->read(m_current_subimage, m_current_miplevel);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebuf.cpp:360:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(subimage, miplevel);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebuf.cpp:693:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(subimage, miplevel);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebuf.cpp:907:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ImageBufImpl::read(int subimage, int miplevel, int chbegin, int chend,
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebuf.cpp:1075:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ImageBuf::read(int subimage, int miplevel, bool force, TypeDesc convert,
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebuf.cpp:1078:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return m_impl->read(subimage, miplevel, 0, -1, force, convert,
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebuf.cpp:1085:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ImageBuf::read(int subimage, int miplevel, int chbegin, int chend, bool force,
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebuf.cpp:1089:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return m_impl->read(subimage, miplevel, chbegin, chend, force, convert,
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebuf.cpp:1246:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_impl->read(subimage(), miplevel(), 0, -1, true /*force*/,
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebuf.cpp:1335:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(subimage(), miplevel(), 0, -1, true /*force*/,
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebuf_test.cpp:326:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
B.read(0 /*subimage*/, 0 /*mip*/, 2 /*chbegin*/, 5 /*chend*/,
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_opencv.cpp:135:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!tmp.initialized() && !tmp.read(tmp.subimage(), tmp.miplevel(), true)) {
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagebufalgo_test.cpp:780:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
B.read();
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imageinout_test.cpp:196:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool ok2 = inbuf.read(0, 0, /*force*/ true, TypeFloat);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagespeed_test.cpp:144:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ib.read(0, 0, true, conversion);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/imagespeed_test.cpp:446:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ib.read(0, 0, preload, TypeFloat);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/iptc.cpp:170:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int tagsize = strlen(str);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/maketexture.cpp:709:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
small->read(0, 0, true, TypeFloat);
data/openimageio-2.2.7.0+dfsg/src/libOpenImageIO/maketexture.cpp:1095:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!src->read(0, 0, read_local)) {
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:526:22: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
Sysutil::usleep(1000 * 100); // 100 ms
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:829:22: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
Sysutil::usleep(1000 * 100); // 100 ms
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:1489:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ImageCacheTile::read(ImageCachePerThreadInfo* thread_info)
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache.cpp:2371:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tile->read(thread_info);
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache_pvt.h:507:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
friend bool equal(const TileID& a, const TileID& b)
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache_pvt.h:519:53: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool operator==(const TileID& b) const { return equal(*this, b); }
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache_pvt.h:520:54: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool operator!=(const TileID& b) const { return !equal(*this, b); }
data/openimageio-2.2.7.0+dfsg/src/libtexture/imagecache_pvt.h:575:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(ImageCachePerThreadInfo* thread_info);
data/openimageio-2.2.7.0+dfsg/src/libtexture/texoptions.cpp:152:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* swrap = OIIO_ALLOCA(char, strlen(wrapmodes) + 1);
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.h:168:9: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define _tcslen strlen
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.h:168:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define _tcslen strlen
data/openimageio-2.2.7.0+dfsg/src/libutil/SHA1.h:296:8: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#undef _tcslen
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem.cpp:909:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Filesystem::IOProxy::read(void* /*buf*/, size_t /*size*/)
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem.cpp:990:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Filesystem::IOFile::read(void* buf, size_t size)
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem.cpp:1008:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t r = read(buf, size);
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem.cpp:1098:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Filesystem::IOMemReader::read(void* buf, size_t size)
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem_test.cpp:198:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (override && strlen(override) > 0)
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem_test.cpp:223:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (override && strlen(override) > 0)
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem_test.cpp:503:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((len = in.read(b, 4))) // read up to 4 bytes at a time
data/openimageio-2.2.7.0+dfsg/src/libutil/filesystem_test.cpp:509:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(b, 2);
data/openimageio-2.2.7.0+dfsg/src/libutil/parallel_test.cpp:130:18: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
Sysutil::usleep(10);
data/openimageio-2.2.7.0+dfsg/src/libutil/parallel_test.cpp:134:22: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
Sysutil::usleep(2);
data/openimageio-2.2.7.0+dfsg/src/libutil/sysutil.cpp:282:10: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
Sysutil::usleep(unsigned long useconds)
data/openimageio-2.2.7.0+dfsg/src/libutil/sysutil.cpp:287:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
::usleep(useconds); // *nix usleep() is in microseconds
data/openimageio-2.2.7.0+dfsg/src/libutil/timer_test.cpp:79:14: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
Sysutil::usleep(interval);
data/openimageio-2.2.7.0+dfsg/src/libutil/timer_test.cpp:85:14: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
Sysutil::usleep(interval);
data/openimageio-2.2.7.0+dfsg/src/libutil/timer_test.cpp:89:14: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
Sysutil::usleep(interval);
data/openimageio-2.2.7.0+dfsg/src/libutil/timer_test.cpp:97:14: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
Sysutil::usleep(interval);
data/openimageio-2.2.7.0+dfsg/src/libutil/timer_test.cpp:101:14: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
Sysutil::usleep(interval);
data/openimageio-2.2.7.0+dfsg/src/libutil/timer_test.cpp:111:14: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
Sysutil::usleep(interval);
data/openimageio-2.2.7.0+dfsg/src/libutil/timer_test.cpp:122:44: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
bench("usleep(1000)", [&]() { Sysutil::usleep(1000); });
data/openimageio-2.2.7.0+dfsg/src/oiiotool/diff.cpp:72:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ir0.read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/diff.cpp:73:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ir1.read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/imagerec.cpp:61:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
img.read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/imagerec.cpp:85:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool ok = ib->read(srcsub, srcmip, false /*force*/,
data/openimageio-2.2.7.0+dfsg/src/oiiotool/imagerec.cpp:103:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
A.read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/imagerec.cpp:104:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
B.read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/imagerec.cpp:238:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ImageRec::read(ReadPolicy readpolicy, string_view channel_set)
data/openimageio-2.2.7.0+dfsg/src/oiiotool/imagerec.cpp:326:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool ok = ib->read(s, m, chbegin, chend, forceread, convert);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:211:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Oiiotool::read(ImageRecRef img, ReadPolicy readpolicy)
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:226:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool ok = img->read(readpolicy);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:1124:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(img);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:1483:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read(img);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:1765:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:1783:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ib.read(0, 0, true /*force*/, spec.format);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:1813:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:1828:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ib.read(0, 0, true /*force*/, spec.format);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:1858:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:1900:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:2126:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:2305:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read(A);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:2407:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:2430:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:2491:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read(A);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:2509:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read(images[i]); // necessary?
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:2594:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:2645:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:2839:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read(A);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:3161:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:3215:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:3281:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:3326:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:3499:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:3570:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:3743:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:3776:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read(A);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:3813:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read(inputs.front()); // FIXME: find a way to avoid this
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:3823:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read(inputs[i]);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:3938:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read(img);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:4015:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read(A);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:4093:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read(A);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:4280:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:4394:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.curimg->read(ReadNoCache, channel_set);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:4445:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:4608:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.curimg->read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.cpp:4637:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.h:131:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(ImageRecRef img, ReadPolicy readpolicy = ReadDefault);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.h:133:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(ReadPolicy readpolicy = ReadDefault)
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.h:136:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(curimg, readpolicy);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.h:423:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(ReadPolicy readpolicy = ReadDefault,
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.h:619:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
img.read();
data/openimageio-2.2.7.0+dfsg/src/oiiotool/oiiotool.h:702:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ot.read(m_ir[i]);
data/openimageio-2.2.7.0+dfsg/src/oiiotool/printinfo.cpp:252:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return img.read(subimage, miplevel, forceread);
data/openimageio-2.2.7.0+dfsg/src/openexr.imageio/exrinput.cpp:108:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual bool read(char c[], int n)
data/openimageio-2.2.7.0+dfsg/src/openexr.imageio/exrinput.cpp:111:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (m_io->read(c, n) != size_t(n))
data/openimageio-2.2.7.0+dfsg/src/png.imageio/pnginput.cpp:90:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t bytes = pnginput->m_io->read(data, length);
data/openimageio-2.2.7.0+dfsg/src/pnm.imageio/pnminput.cpp:136:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
invert(const T* read, T* write, imagesize_t nvals)
data/openimageio-2.2.7.0+dfsg/src/pnm.imageio/pnminput.cpp:139:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
write[i] = std::numeric_limits<T>::max() - read[i];
data/openimageio-2.2.7.0+dfsg/src/pnm.imageio/pnminput.cpp:167:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
raw_to_raw(const T* read, T* write, imagesize_t nvals, T max)
data/openimageio-2.2.7.0+dfsg/src/pnm.imageio/pnminput.cpp:171:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int tmp = read[i];
data/openimageio-2.2.7.0+dfsg/src/pnm.imageio/pnminput.cpp:183:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unpack(const unsigned char* read, unsigned char* write, imagesize_t size)
data/openimageio-2.2.7.0+dfsg/src/pnm.imageio/pnminput.cpp:189:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte = ~read[r++];
data/openimageio-2.2.7.0+dfsg/src/pnm.imageio/pnminput.cpp:196:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unpack_floats(const unsigned char* read, float* write, imagesize_t numsamples,
data/openimageio-2.2.7.0+dfsg/src/pnm.imageio/pnminput.cpp:199:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
float* read_floats = (float*)read;
data/openimageio-2.2.7.0+dfsg/src/pnm.imageio/pnminput.cpp:266:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_file.read((char*)&buf[0], numbytes);
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:400:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_file.read((char*)&buffer, sizeof(buffer));
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:869:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_file.read(m_header.signature, 4);
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:961:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_file.read(&m_color_data.data[0], m_color_data.length);
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:1020:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_file.read(block.signature, 4);
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:1185:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!m_file.read(&data[0], length))
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:1211:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!m_file.read(&data[0], length))
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:1290:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!m_file.read(&jpeg_data[0], jpeg_length))
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:1421:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_file.read(bm_signature, 4);
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:1429:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_file.read(layer.bm_key, 4);
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:1480:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_file.read(signature, 4);
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:1481:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_file.read(info.key, 4);
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:1656:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_file.read(signature, 4);
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:1666:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_file.read(key, 4);
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:1855:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
case Compression_Raw: m_file.read(data, channel_info.row_length); break;
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:1861:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_file.read(&m_rle_buffer[0], rle_length);
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:1991:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (m_file.read((char*)&length, 1)) {
data/openimageio-2.2.7.0+dfsg/src/psd.imageio/psdinput.cpp:1998:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (m_file.read(&s[0], length)) {
data/openimageio-2.2.7.0+dfsg/src/python/py_imagebuf.cpp:244:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return self.read(subimage, miplevel, chbegin, chend, force,
data/openimageio-2.2.7.0+dfsg/src/python/py_imagebuf.cpp:254:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return self.read(subimage, miplevel, force, convert);
data/openimageio-2.2.7.0+dfsg/src/raw.imageio/rawinput.cpp:269:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ifp->read(buf.data(), size, 1);
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rlainput.cpp:67:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
template<typename T> bool read(T* buf, size_t nitems = 1)
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rlainput.cpp:113:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(&u.c, 4); // because it's char, it didn't swap endian
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rlainput.cpp:180:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read(&m_rla)) {
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rlainput.cpp:205:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read(&m_sot[0], m_sot.size())) {
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rlainput.cpp:534:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read(&length)) {
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rlainput.cpp:540:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read(&encoded[0], length)) {
data/openimageio-2.2.7.0+dfsg/src/rla.imageio/rlaoutput.cpp:324:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(m_rla.rlafield, s.c_str(), sizeof(m_rla.rlafield)); \
data/openimageio-2.2.7.0+dfsg/src/sgi.imageio/sgiinput.cpp:102:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(m_sgi_header.imagename))
data/openimageio-2.2.7.0+dfsg/src/sgi.imageio/sgioutput.cpp:179:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sgi_header.imagename, *img_descr, 80);
data/openimageio-2.2.7.0+dfsg/src/socket.imageio/socketinput.cpp:98:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
boost::asio::read(socket, buffer(reinterpret_cast<char*>(data),
data/openimageio-2.2.7.0+dfsg/src/socket.imageio/socketinput.cpp:121:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
boost::asio::read(socket, buffer(reinterpret_cast<char*>(data),
data/openimageio-2.2.7.0+dfsg/src/socket.imageio/socketinput.cpp:183:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
boost::asio::read(socket, buffer(reinterpret_cast<char*>(&spec_length),
data/openimageio-2.2.7.0+dfsg/src/socket.imageio/socketinput.cpp:187:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
boost::asio::read(socket, buffer(spec_xml, spec_length));
data/openimageio-2.2.7.0+dfsg/src/softimage.imageio/softimageinput.cpp:137:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(comment, m_pic_header.comment, 80);
data/openimageio-2.2.7.0+dfsg/src/targa.imageio/targainput.cpp:326:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf((char*)&buf.c[strlen((char*)buf.c)], " %u.%u%c",
data/openimageio-2.2.7.0+dfsg/src/tiff.imageio/tiffinput.cpp:289:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
count = strlen(s);
ANALYSIS SUMMARY:
Hits = 1267
Lines analyzed = 184001 in approximately 4.44 seconds (41429 lines/second)
Physical Source Lines of Code (SLOC) = 127062
Hits@level = [0] 469 [1] 214 [2] 607 [3] 32 [4] 410 [5] 4
Hits@level+ = [0+] 1736 [1+] 1267 [2+] 1053 [3+] 446 [4+] 414 [5+] 4
Hits/KSLOC@level+ = [0+] 13.6626 [1+] 9.97151 [2+] 8.28729 [3+] 3.5101 [4+] 3.25825 [5+] 0.0314807
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.