Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/simage-1.8.0/build/msvc6/config-debug.h Examining data/simage-1.8.0/build/msvc6/config-release.h Examining data/simage-1.8.0/build/msvc6/config.h Examining data/simage-1.8.0/build/msvc6/include/simage.h Examining data/simage-1.8.0/build/msvc7/config-debug.h Examining data/simage-1.8.0/build/msvc7/config-release.h Examining data/simage-1.8.0/build/msvc7/config.h Examining data/simage-1.8.0/build/msvc7/include/simage.h Examining data/simage-1.8.0/build/msvc8/config-debug.h Examining data/simage-1.8.0/build/msvc8/config-release.h Examining data/simage-1.8.0/build/msvc8/config.h Examining data/simage-1.8.0/build/msvc8/include/simage.h Examining data/simage-1.8.0/build/msvc9/config-debug.h Examining data/simage-1.8.0/build/msvc9/config-release.h Examining data/simage-1.8.0/build/msvc9/config.h Examining data/simage-1.8.0/build/msvc9/include/simage.h Examining data/simage-1.8.0/examples/audio2raw.c Examining data/simage-1.8.0/examples/img2avi.c Examining data/simage-1.8.0/examples/mpeg2enc.cpp Examining data/simage-1.8.0/examples/simage-convert.c Examining data/simage-1.8.0/examples/simage-read-line-test.c Examining data/simage-1.8.0/guile/guilesimage.c Examining data/simage-1.8.0/guile/guilesimage.h Examining data/simage-1.8.0/include/avi_encode.h Examining data/simage-1.8.0/include/simage.h Examining data/simage-1.8.0/include/simage_avi.h Examining data/simage-1.8.0/include/simage_cgimage.h Examining data/simage-1.8.0/include/simage_eps.h Examining data/simage-1.8.0/include/simage_gdiplus.h Examining data/simage-1.8.0/include/simage_gif.h Examining data/simage-1.8.0/include/simage_jasper.h Examining data/simage-1.8.0/include/simage_jpeg.h Examining data/simage-1.8.0/include/simage_libsndfile.h Examining data/simage-1.8.0/include/simage_oggvorbis.h Examining data/simage-1.8.0/include/simage_pic.h Examining data/simage-1.8.0/include/simage_png.h Examining data/simage-1.8.0/include/simage_private.h Examining data/simage-1.8.0/include/simage_qimage.h Examining data/simage-1.8.0/include/simage_quicktime.h Examining data/simage-1.8.0/include/simage_rgb.h Examining data/simage-1.8.0/include/simage_tga.h Examining data/simage-1.8.0/include/simage_tiff.h Examining data/simage-1.8.0/include/simage_xwd.h Examining data/simage-1.8.0/mpeg2enc/api.c Examining data/simage-1.8.0/mpeg2enc/api.h Examining data/simage-1.8.0/mpeg2enc/conform.c Examining data/simage-1.8.0/mpeg2enc/fdctref.c Examining data/simage-1.8.0/mpeg2enc/global.h Examining data/simage-1.8.0/mpeg2enc/idct.c Examining data/simage-1.8.0/mpeg2enc/motion.c Examining data/simage-1.8.0/mpeg2enc/mpeg2enc.h Examining data/simage-1.8.0/mpeg2enc/predict.c Examining data/simage-1.8.0/mpeg2enc/putbits.c Examining data/simage-1.8.0/mpeg2enc/puthdr.c Examining data/simage-1.8.0/mpeg2enc/putmpg.c Examining data/simage-1.8.0/mpeg2enc/putpic.c Examining data/simage-1.8.0/mpeg2enc/putseq.c Examining data/simage-1.8.0/mpeg2enc/putseq.h Examining data/simage-1.8.0/mpeg2enc/putvlc.c Examining data/simage-1.8.0/mpeg2enc/quantize.c Examining data/simage-1.8.0/mpeg2enc/ratectl.c Examining data/simage-1.8.0/mpeg2enc/readpic.c Examining data/simage-1.8.0/mpeg2enc/stats.c Examining data/simage-1.8.0/mpeg2enc/transfrm.c Examining data/simage-1.8.0/mpeg2enc/vlc.h Examining data/simage-1.8.0/mpeg2enc/writepic.c Examining data/simage-1.8.0/src/avi_encode.c Examining data/simage-1.8.0/src/movie.c Examining data/simage-1.8.0/src/params.c Examining data/simage-1.8.0/src/resize.c Examining data/simage-1.8.0/src/simage.c Examining data/simage-1.8.0/src/simage12.c Examining data/simage-1.8.0/src/simage13.c Examining data/simage-1.8.0/src/simage_avi.c Examining data/simage-1.8.0/src/simage_cgimage.c Examining data/simage-1.8.0/src/simage_eps.c Examining data/simage-1.8.0/src/simage_gdiplus.cpp Examining data/simage-1.8.0/src/simage_gif.c Examining data/simage-1.8.0/src/simage_jasper.c Examining data/simage-1.8.0/src/simage_jpeg.c Examining data/simage-1.8.0/src/simage_libsndfile.c Examining data/simage-1.8.0/src/simage_oggvorbis_reader.c Examining data/simage-1.8.0/src/simage_pic.c Examining data/simage-1.8.0/src/simage_png.c Examining data/simage-1.8.0/src/simage_qimage.cpp Examining data/simage-1.8.0/src/simage_quicktime.c Examining data/simage-1.8.0/src/simage_rgb.c Examining data/simage-1.8.0/src/simage_tga.c Examining data/simage-1.8.0/src/simage_tiff.c Examining data/simage-1.8.0/src/simage_write.c Examining data/simage-1.8.0/src/simage_xwd.c Examining data/simage-1.8.0/src/stream.c Examining data/simage-1.8.0/tests/loaders.c FINAL RESULTS: data/simage-1.8.0/examples/img2avi.c:49:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(formatbuf, "%%%dd/%%%dd \"%%s\"", (int)ceil(log10(argc-3)), (int)ceil(log10(argc-3))); data/simage-1.8.0/examples/img2avi.c:54:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(formatbuf, i-2, argc-3, argv[i]); data/simage-1.8.0/examples/mpeg2enc.cpp:79:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. (void)fprintf(stdout, buffer, current_frame + 1, num_frames, sub * 100.0); data/simage-1.8.0/mpeg2enc/api.c:215:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(context->errortext,"Couldn't create output file %s",output_filename); data/simage-1.8.0/mpeg2enc/api.c:276:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(context->errortext,"Couldn't create output file %s",output_filename); data/simage-1.8.0/mpeg2enc/api.c:426:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buf, text, p); data/simage-1.8.0/mpeg2enc/api.c:440:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buf, text, p); data/simage-1.8.0/mpeg2enc/api.c:527:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(context->errortext,"Couldn't create statistics output file %s",context->statname); data/simage-1.8.0/mpeg2enc/api.c:550:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(context->errortext,"Couldn't open parameter file %s",fname); data/simage-1.8.0/mpeg2enc/api.c:555:25: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fgets(line,254,fd); sscanf(line,"%s",context->tplorg); data/simage-1.8.0/mpeg2enc/api.c:556:25: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fgets(line,254,fd); sscanf(line,"%s",context->tplref); data/simage-1.8.0/mpeg2enc/api.c:557:25: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fgets(line,254,fd); sscanf(line,"%s",context->iqname); data/simage-1.8.0/mpeg2enc/api.c:558:25: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fgets(line,254,fd); sscanf(line,"%s",context->niqname); data/simage-1.8.0/mpeg2enc/api.c:559:25: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fgets(line,254,fd); sscanf(line,"%s",context->statname); data/simage-1.8.0/mpeg2enc/api.c:1128:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(context->errortext,"Couldn't open quant matrix file %s",context->iqname); data/simage-1.8.0/mpeg2enc/api.c:1152:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(context->errortext,"Couldn't open quant matrix file %s",context->niqname); data/simage-1.8.0/mpeg2enc/putseq.c:205:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(name,context->tplorg,f+context->frame0); data/simage-1.8.0/mpeg2enc/putseq.c:380:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(name,context->tplref,f+context->frame0); data/simage-1.8.0/mpeg2enc/readpic.c:136:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"%s.Y",fname); data/simage-1.8.0/mpeg2enc/readpic.c:139:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(context->errortext,"Couldn't open %s\n",name); data/simage-1.8.0/mpeg2enc/readpic.c:147:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"%s.U",fname); data/simage-1.8.0/mpeg2enc/readpic.c:150:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(context->errortext,"Couldn't open %s\n",name); data/simage-1.8.0/mpeg2enc/readpic.c:158:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"%s.V",fname); data/simage-1.8.0/mpeg2enc/readpic.c:161:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(context->errortext,"Couldn't open %s\n",name); data/simage-1.8.0/mpeg2enc/readpic.c:190:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"%s.yuv",fname); data/simage-1.8.0/mpeg2enc/readpic.c:193:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(context->errortext,"Couldn't open %s\n",name); data/simage-1.8.0/mpeg2enc/readpic.c:275:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"%s.ppm",fname); data/simage-1.8.0/mpeg2enc/readpic.c:279:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(context->errortext,"Couldn't open %s\n",name); data/simage-1.8.0/mpeg2enc/writepic.c:52:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"%s.Y",fname); data/simage-1.8.0/mpeg2enc/writepic.c:55:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(context->errortext,"Couldn't create %s\n",name); data/simage-1.8.0/mpeg2enc/writepic.c:62:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"%s.U",fname); data/simage-1.8.0/mpeg2enc/writepic.c:65:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(context->errortext,"Couldn't create %s\n",name); data/simage-1.8.0/mpeg2enc/writepic.c:72:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"%s.V",fname); data/simage-1.8.0/mpeg2enc/writepic.c:75:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(context->errortext,"Couldn't create %s\n",name); data/simage-1.8.0/src/movie.c:126:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(movie->filename, filename); data/simage-1.8.0/src/movie.c:158:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(movie->filename, filename); data/simage-1.8.0/src/params.c:84:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ptr->name, name); data/simage-1.8.0/src/params.c:122:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(data->data.stringdata, src->data.stringdata); data/simage-1.8.0/src/params.c:168:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(data->data.stringdata, val); data/simage-1.8.0/src/simage.c:437:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image->openfilename, filename); data/simage-1.8.0/src/simage12.c:186:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(prealloc->openfilename, filename); data/simage-1.8.0/src/simage_qimage.cpp:200:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dst, asc); data/simage-1.8.0/src/simage_qimage.cpp:219:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dst, asc); data/simage-1.8.0/src/simage_write.c:94:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newstr, str); data/simage-1.8.0/src/stream.c:134:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(stream->filename, filename); data/simage-1.8.0/src/stream.c:171:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(stream->filename, filename); data/simage-1.8.0/src/simage_quicktime.c:181:3: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. realpath(filename, fullpath); data/simage-1.8.0/src/simage_quicktime.c:274:3: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. realpath(filename, fullpath); data/simage-1.8.0/build/msvc6/include/simage.h:358:64: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). SIMAGE_DLL_API void s_movie_importer_add(s_movie_open_func * open, data/simage-1.8.0/build/msvc6/include/simage.h:421:66: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). SIMAGE_DLL_API void s_stream_importer_add(s_stream_open_func * open, data/simage-1.8.0/build/msvc6/include/simage.h:448:69: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). SIMAGE_DLL_API void s_stream_importer_add_ex(s_stream_open_func * open, data/simage-1.8.0/build/msvc7/include/simage.h:358:64: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). SIMAGE_DLL_API void s_movie_importer_add(s_movie_open_func * open, data/simage-1.8.0/build/msvc7/include/simage.h:421:66: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). SIMAGE_DLL_API void s_stream_importer_add(s_stream_open_func * open, data/simage-1.8.0/build/msvc7/include/simage.h:448:69: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). SIMAGE_DLL_API void s_stream_importer_add_ex(s_stream_open_func * open, data/simage-1.8.0/build/msvc8/include/simage.h:358:64: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). SIMAGE_DLL_API void s_movie_importer_add(s_movie_open_func * open, data/simage-1.8.0/build/msvc8/include/simage.h:421:66: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). SIMAGE_DLL_API void s_stream_importer_add(s_stream_open_func * open, data/simage-1.8.0/build/msvc8/include/simage.h:448:69: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). SIMAGE_DLL_API void s_stream_importer_add_ex(s_stream_open_func * open, data/simage-1.8.0/build/msvc9/include/simage.h:358:64: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). SIMAGE_DLL_API void s_movie_importer_add(s_movie_open_func * open, data/simage-1.8.0/build/msvc9/include/simage.h:421:66: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). SIMAGE_DLL_API void s_stream_importer_add(s_stream_open_func * open, data/simage-1.8.0/build/msvc9/include/simage.h:448:69: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). SIMAGE_DLL_API void s_stream_importer_add_ex(s_stream_open_func * open, data/simage-1.8.0/examples/audio2raw.c:32:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char offsetstr[40]; data/simage-1.8.0/examples/audio2raw.c:41:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outfile = fopen(argv[2], "wb"); data/simage-1.8.0/examples/audio2raw.c:55:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). offset = atoi(argv[3]); data/simage-1.8.0/examples/audio2raw.c:70:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(offsetstr, ", starting at sample %d\n", offset); data/simage-1.8.0/examples/img2avi.c:36:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char formatbuf[20]; data/simage-1.8.0/examples/img2avi.c:47:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fps = atoi(argv[2]); data/simage-1.8.0/examples/mpeg2enc.cpp:73:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/simage-1.8.0/examples/mpeg2enc.cpp:76:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void)sprintf(buffer, "\rwriting frame: %%%dd / %%%dd -- %%03.1f%%%% ", data/simage-1.8.0/examples/mpeg2enc.cpp:107:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&userpars, &defaultpars, sizeof(struct Params)); data/simage-1.8.0/examples/mpeg2enc.cpp:114:59: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (optcmp(argv[optidx], "width")) { userpars.width = atoi(argv[++optidx]); } data/simage-1.8.0/examples/mpeg2enc.cpp:115:66: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (optcmp(argv[optidx], "height")) { userpars.height = atoi(argv[++optidx]); } data/simage-1.8.0/examples/mpeg2enc.cpp:116:72: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (optcmp(argv[optidx], "clocktime")) { userpars.clocktime = atoi(argv[++optidx]); } data/simage-1.8.0/examples/mpeg2enc.cpp:117:75: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (optcmp(argv[optidx], "level")) { userpars.constraintslevel = atoi(argv[++optidx]); } data/simage-1.8.0/examples/mpeg2enc.cpp:235:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/simage-1.8.0/examples/mpeg2enc.cpp:236:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname, "renderarea%0d.jpg", i); data/simage-1.8.0/examples/simage-convert.c:77:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). neww = atoi(argv[i++]); data/simage-1.8.0/examples/simage-convert.c:78:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). newh = atoi(argv[i++]); data/simage-1.8.0/examples/simage-convert.c:95:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). alphathreshold = atoi(argv[i++]); data/simage-1.8.0/examples/simage-convert.c:283:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, src1, w*nc); data/simage-1.8.0/examples/simage-convert.c:284:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(src1, src2, w*nc); data/simage-1.8.0/examples/simage-convert.c:285:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(src2, tmp, w*nc); data/simage-1.8.0/guile/guilesimage.c:160:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dimensions[16]; data/simage-1.8.0/guile/guilesimage.c:164:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( dimensions, "%dx%dx%d", simage_image_data->width, data/simage-1.8.0/guile/guilesimage.c:274:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[12]; data/simage-1.8.0/guile/guilesimage.c:277:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( value, "0x%02x%02x%02x%02x", (pixel >> 24) & 0xff, data/simage-1.8.0/include/simage.h:376:64: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). SIMAGE_DLL_API void s_movie_importer_add(s_movie_open_func * open, data/simage-1.8.0/include/simage.h:439:66: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). SIMAGE_DLL_API void s_stream_importer_add(s_stream_open_func * open, data/simage-1.8.0/include/simage.h:466:69: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). SIMAGE_DLL_API void s_stream_importer_add_ex(s_stream_open_func * open, data/simage-1.8.0/mpeg2enc/api.c:212:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(context->outfile=fopen(output_filename,"wb"))) data/simage-1.8.0/mpeg2enc/api.c:274:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(context->outfile=fopen(output_filename,"wb"))) data/simage-1.8.0/mpeg2enc/api.c:323:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->bufbuf[(context->SimpegWrite_current_input_frame)%context->M], data/simage-1.8.0/mpeg2enc/api.c:423:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/simage-1.8.0/mpeg2enc/api.c:437:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/simage-1.8.0/mpeg2enc/api.c:525:34: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (!(context->statfile = fopen(context->statname,"w"))) data/simage-1.8.0/mpeg2enc/api.c:544:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[256]; data/simage-1.8.0/mpeg2enc/api.c:549:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(fd = fopen(fname,"r"))) { data/simage-1.8.0/mpeg2enc/api.c:668:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(context->id_string, "MPEG-1 sequence, created using simage (www.coin3d.org)"); data/simage-1.8.0/mpeg2enc/api.c:669:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(context->tplorg, "orgimage%d"); data/simage-1.8.0/mpeg2enc/api.c:790:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(context->id_string, "MPEG-2 sequence, created using simage (www.coin3d.org)"); data/simage-1.8.0/mpeg2enc/api.c:791:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(context->tplorg, "orgimage%d"); data/simage-1.8.0/mpeg2enc/api.c:1127:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(fd = fopen(context->iqname,"r"))) { data/simage-1.8.0/mpeg2enc/api.c:1151:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(fd = fopen(context->niqname,"r"))) { data/simage-1.8.0/mpeg2enc/api.c:1214:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(context->version, "mpeg2encode V1.2, 96/07/19"); data/simage-1.8.0/mpeg2enc/api.c:1215:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(context->author,"(C) 1996, MPEG Software Simulation Group"); data/simage-1.8.0/mpeg2enc/api.c:1218:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->zig_zag_scan, zig_zag_scan, sizeof(zig_zag_scan)); data/simage-1.8.0/mpeg2enc/api.c:1221:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->alternate_scan, alternate_scan, sizeof(alternate_scan)); data/simage-1.8.0/mpeg2enc/api.c:1223:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->default_intra_quantizer_matrix, data/simage-1.8.0/mpeg2enc/api.c:1227:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->non_linear_mquant_table, data/simage-1.8.0/mpeg2enc/api.c:1231:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->map_non_linear_mquant, data/simage-1.8.0/mpeg2enc/conform.c:149:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char profile_level_defined[5][4] = data/simage-1.8.0/mpeg2enc/global.h:47:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version[64]; data/simage-1.8.0/mpeg2enc/global.h:48:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char author[64]; data/simage-1.8.0/mpeg2enc/global.h:49:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char zig_zag_scan[64]; data/simage-1.8.0/mpeg2enc/global.h:50:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char alternate_scan[64]; data/simage-1.8.0/mpeg2enc/global.h:51:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char default_intra_quantizer_matrix[64]; data/simage-1.8.0/mpeg2enc/global.h:52:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char non_linear_mquant_table[32]; data/simage-1.8.0/mpeg2enc/global.h:53:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char map_non_linear_mquant[113]; data/simage-1.8.0/mpeg2enc/global.h:54:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *newrefframe[3], *oldrefframe[3], *auxframe[3]; data/simage-1.8.0/mpeg2enc/global.h:55:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *neworgframe[3], *oldorgframe[3], *auxorgframe[3]; data/simage-1.8.0/mpeg2enc/global.h:56:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *predframe[3]; data/simage-1.8.0/mpeg2enc/global.h:58:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char intra_q[64], inter_q[64]; data/simage-1.8.0/mpeg2enc/global.h:59:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char chrom_intra_q[64],chrom_inter_q[64]; data/simage-1.8.0/mpeg2enc/global.h:67:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id_string[256], tplorg[256], tplref[256]; data/simage-1.8.0/mpeg2enc/global.h:68:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iqname[256], niqname[256]; data/simage-1.8.0/mpeg2enc/global.h:69:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char statname[256]; data/simage-1.8.0/mpeg2enc/global.h:70:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errortext[256]; data/simage-1.8.0/mpeg2enc/global.h:148:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *putseq_encode_neworg[3], *putseq_encode_newref[3]; data/simage-1.8.0/mpeg2enc/global.h:218:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *cur[3], int secondfield, struct mbinfo *mbi); data/simage-1.8.0/mpeg2enc/global.h:288:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *org[3], unsigned char *rec[3]); data/simage-1.8.0/mpeg2enc/global.h:288:60: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *org[3], unsigned char *rec[3]); data/simage-1.8.0/mpeg2enc/motion.c:47:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *org, data/simage-1.8.0/mpeg2enc/motion.c:48:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *ref, unsigned char *mb, data/simage-1.8.0/mpeg2enc/motion.c:48:57: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *ref, unsigned char *mb, data/simage-1.8.0/mpeg2enc/motion.c:63:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *ref, data/simage-1.8.0/mpeg2enc/motion.c:64:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *mb, int i, int j, int iminf[2][2], int jminf[2][2], data/simage-1.8.0/mpeg2enc/motion.c:794:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *org, unsigned char *ref, unsigned char *mb, data/simage-1.8.0/mpeg2enc/motion.c:794:57: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *org, unsigned char *ref, unsigned char *mb, data/simage-1.8.0/mpeg2enc/motion.c:794:77: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *org, unsigned char *ref, unsigned char *mb, data/simage-1.8.0/mpeg2enc/motion.c:991:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *ref, unsigned char *mb, int i, int j, data/simage-1.8.0/mpeg2enc/motion.c:991:59: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *ref, unsigned char *mb, int i, int j, data/simage-1.8.0/mpeg2enc/predict.c:120:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char **oldref, unsigned char **newref, data/simage-1.8.0/mpeg2enc/predict.c:120:57: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char **oldref, unsigned char **newref, data/simage-1.8.0/mpeg2enc/predict.c:121:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char **cur, int lx, int bx, int by, data/simage-1.8.0/mpeg2enc/putseq.c:42:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *neworg[3], *newref[3]; data/simage-1.8.0/mpeg2enc/putseq.c:43:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ipb[5] = {' ','I','P','B','D'}; data/simage-1.8.0/mpeg2enc/putseq.c:44:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/simage-1.8.0/mpeg2enc/putseq.c:428:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ipb[5] = {' ','I','P','B','D'}; data/simage-1.8.0/mpeg2enc/putvlc.c:63:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(context->errortext,"DC value out of range (%d)\n",val); data/simage-1.8.0/mpeg2enc/putvlc.c:113:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(context->errortext,"AC value out of range (run=%d, signed_level=%d)\n", data/simage-1.8.0/mpeg2enc/readpic.c:123:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[128]; data/simage-1.8.0/mpeg2enc/readpic.c:137:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(fd = fopen(name,"rb"))) data/simage-1.8.0/mpeg2enc/readpic.c:148:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(fd = fopen(name,"rb"))) data/simage-1.8.0/mpeg2enc/readpic.c:159:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(fd = fopen(name,"rb"))) data/simage-1.8.0/mpeg2enc/readpic.c:174:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[128]; data/simage-1.8.0/mpeg2enc/readpic.c:191:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(fd = fopen(name,"rb"))) data/simage-1.8.0/mpeg2enc/readpic.c:221:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[128]; data/simage-1.8.0/mpeg2enc/readpic.c:277:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(fd = fopen(name,"rb"))) data/simage-1.8.0/mpeg2enc/transfrm.c:44:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char **pred, unsigned char **cur, struct mbinfo *mbi, short int (*blocks)[64]) data/simage-1.8.0/mpeg2enc/transfrm.c:44:56: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char **pred, unsigned char **cur, struct mbinfo *mbi, short int (*blocks)[64]) data/simage-1.8.0/mpeg2enc/transfrm.c:125:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char **pred, unsigned char **cur, struct mbinfo *mbi, short int (*blocks)[64]) data/simage-1.8.0/mpeg2enc/transfrm.c:125:57: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char **pred, unsigned char **cur, struct mbinfo *mbi, short int (*blocks)[64]) data/simage-1.8.0/mpeg2enc/writepic.c:39:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[128]; data/simage-1.8.0/mpeg2enc/writepic.c:53:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(fd = fopen(name,"wb"))) data/simage-1.8.0/mpeg2enc/writepic.c:63:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(fd = fopen(name,"wb"))) data/simage-1.8.0/mpeg2enc/writepic.c:73:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(fd = fopen(name,"wb"))) data/simage-1.8.0/src/avi_encode.c:141:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(preferences_filename, "rb"); data/simage-1.8.0/src/avi_encode.c:152:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(preferences_filename, "wb"); data/simage-1.8.0/src/avi_encode.c:177:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(preferences_filename, "rb"); data/simage-1.8.0/src/movie.c:46:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s_movie_open_func * open; data/simage-1.8.0/src/movie.c:56:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s_movie_open_func * open; data/simage-1.8.0/src/movie.c:117:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (imp->open(filename, movie)) break; data/simage-1.8.0/src/movie.c:127:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). movie->open = imp->open; data/simage-1.8.0/src/movie.c:199:42: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s_movie_importer_add(s_movie_open_func * open, data/simage-1.8.0/src/movie.c:210:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). imp->open = open; data/simage-1.8.0/src/resize.c:60:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(row, data/simage-1.8.0/src/simage.c:154:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[256] = {0}; data/simage-1.8.0/src/simage.c:155:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(filename, "rb"); data/simage-1.8.0/src/simage.c:287:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char simage_error_msg[SIMAGE_ERROR_BUFSIZE+1]; data/simage-1.8.0/src/simage.c:311:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(simage_error_msg, "Unsupported image format."); data/simage-1.8.0/src/simage.c:438:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&image->openfuncs, &loader->openfuncs, sizeof(struct simage_open_funcs)); data/simage-1.8.0/src/simage.c:457:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, image->data + bpr*line, bpr); data/simage-1.8.0/src/simage12.c:136:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(image->data, data, w*h*components); data/simage-1.8.0/src/simage12.c:152:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(image->data, data, w*h*components); data/simage-1.8.0/src/simage12.c:179:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prealloc->data, data, w*h*nc); data/simage-1.8.0/src/simage_cgimage.c:244:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bytes_flipped+pos, data/simage-1.8.0/src/simage_eps.c:149:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tuple[4]; data/simage-1.8.0/src/simage_eps.c:150:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char linebuf[ROWLEN+5]; data/simage-1.8.0/src/simage_eps.c:154:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen(filename, "wb"); data/simage-1.8.0/src/simage_gdiplus.cpp:707:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, src, width); data/simage-1.8.0/src/simage_gdiplus.cpp:780:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, w); data/simage-1.8.0/src/simage_jpeg.c:127:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void*)currPtr, (void*)from, cnt); data/simage-1.8.0/src/simage_jpeg.c:165:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((infile = fopen(filename, "rb")) == NULL) { data/simage-1.8.0/src/simage_jpeg.c:348:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((outfile = fopen(filename, "wb")) == NULL) { data/simage-1.8.0/src/simage_libsndfile.c:64:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dummyfile = fopen(filename, "rb"); data/simage-1.8.0/src/simage_oggvorbis_reader.c:96:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). context->file = fopen(filename, "rb"); data/simage-1.8.0/src/simage_oggvorbis_reader.c:130:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char testByte[4]; data/simage-1.8.0/src/simage_pic.c:93:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char palette[256][3]; data/simage-1.8.0/src/simage_pic.c:96:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(filename, "rb"); data/simage-1.8.0/src/simage_png.c:152:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(filename, "rb")) == NULL) { data/simage-1.8.0/src/simage_png.c:312:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename, "wb"); data/simage-1.8.0/src/simage_qimage.cpp:111:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + i*w, image.scanLine(h-(i+1)), w); data/simage-1.8.0/src/simage_qimage.cpp:155:32: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (strcmp(buf, "JPG") == 0) strcpy(buf, "JPEG"); data/simage-1.8.0/src/simage_qimage.cpp:234:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ext[MAX_EXT_LEN+1]; data/simage-1.8.0/src/simage_quicktime.c:95:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char base[MAXPATHLEN]; data/simage-1.8.0/src/simage_quicktime.c:127:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char dirpath [MAXPATHLEN]; data/simage-1.8.0/src/simage_quicktime.c:175:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullpath [MAXPATHLEN]; data/simage-1.8.0/src/simage_quicktime.c:230:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cstr, ext, 4); data/simage-1.8.0/src/simage_quicktime.c:251:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cstr, t, 4); data/simage-1.8.0/src/simage_quicktime.c:272:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullpath [MAXPATHLEN]; data/simage-1.8.0/src/simage_quicktime.c:313:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (newpx + (i * width * numcomponents), data/simage-1.8.0/src/simage_rgb.c:52:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char * tmpbuf[4]; data/simage-1.8.0/src/simage_rgb.c:86:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp[2]; data/simage-1.8.0/src/simage_rgb.c:101:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[500]; data/simage-1.8.0/src/simage_rgb.c:103:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen(filename, "wb"); data/simage-1.8.0/src/simage_rgb.c:123:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char *)buf+8, "http://www.coin3d.org"); data/simage-1.8.0/src/simage_rgb.c:243:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bytedata[4]; data/simage-1.8.0/src/simage_rgb.c:250:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(filename, "rb"); data/simage-1.8.0/src/simage_tga.c:226:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char header[18]; data/simage-1.8.0/src/simage_tga.c:238:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rleCurrent[4]; data/simage-1.8.0/src/simage_tga.c:246:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename, "rb"); data/simage-1.8.0/src/simage_tiff.c:124:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, data, n*numcomponents); data/simage-1.8.0/src/simage_write.c:463:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(simage_error_msg, "Unsupported image format."); data/simage-1.8.0/src/simage_xwd.c:216:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). xwdfile = fopen( filename, "rb" ); data/simage-1.8.0/src/simage_xwd.c:217:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( (xwdfile = fopen( filename, "rb" )) == NULL ) { data/simage-1.8.0/src/stream.c:40:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s_stream_open_func * open; data/simage-1.8.0/src/stream.c:53:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s_stream_open_func * open; data/simage-1.8.0/src/stream.c:125:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (imp->open(filename, stream, params)) break; data/simage-1.8.0/src/stream.c:135:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). stream->open = imp->open; data/simage-1.8.0/src/stream.c:225:44: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s_stream_importer_add(s_stream_open_func * open, data/simage-1.8.0/src/stream.c:229:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s_stream_importer_add_ex(open, get, NULL, NULL, close); data/simage-1.8.0/src/stream.c:233:47: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s_stream_importer_add_ex(s_stream_open_func * open, data/simage-1.8.0/src/stream.c:246:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). imp->open = open; data/simage-1.8.0/mpeg2enc/api.c:670:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(context->tplref, "-"); data/simage-1.8.0/mpeg2enc/api.c:671:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(context->iqname, "-"); data/simage-1.8.0/mpeg2enc/api.c:672:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(context->niqname, "-"); data/simage-1.8.0/mpeg2enc/api.c:673:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(context->statname, "%"); data/simage-1.8.0/mpeg2enc/api.c:792:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(context->tplref, "-"); data/simage-1.8.0/mpeg2enc/api.c:793:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(context->iqname, "-"); data/simage-1.8.0/mpeg2enc/api.c:794:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(context->niqname, "-"); data/simage-1.8.0/mpeg2enc/api.c:795:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(context->statname, "%"); data/simage-1.8.0/mpeg2enc/putseq.c:61:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(context->id_string) > 1) data/simage-1.8.0/mpeg2enc/putseq.c:402:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(context->id_string) > 1) data/simage-1.8.0/mpeg2enc/readpic.c:57:8: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(file); data/simage-1.8.0/mpeg2enc/readpic.c:63:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(file); data/simage-1.8.0/mpeg2enc/readpic.c:284:3: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getc(fd); getc(fd); /* magic number (P6) */ data/simage-1.8.0/mpeg2enc/readpic.c:284:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getc(fd); getc(fd); /* magic number (P6) */ data/simage-1.8.0/mpeg2enc/readpic.c:295:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r=getc(fd); g=getc(fd); b=getc(fd); data/simage-1.8.0/mpeg2enc/readpic.c:295:21: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r=getc(fd); g=getc(fd); b=getc(fd); data/simage-1.8.0/mpeg2enc/readpic.c:295:33: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r=getc(fd); g=getc(fd); b=getc(fd); data/simage-1.8.0/src/avi_encode.c:138:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (preferences_filename != NULL) && (strlen(preferences_filename)>0) ) { data/simage-1.8.0/src/movie.c:125:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). movie->filename = (char*) malloc(strlen(filename)+1); data/simage-1.8.0/src/movie.c:154:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). movie->filename = (char*) malloc(strlen(filename)+1); data/simage-1.8.0/src/params.c:83:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr->name = (char *) malloc(strlen(name)+1); data/simage-1.8.0/src/params.c:121:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data->data.stringdata = (char*) malloc(strlen(src->data.stringdata)+1); data/simage-1.8.0/src/params.c:167:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data->data.stringdata = (char*) malloc(strlen(val)+1); data/simage-1.8.0/src/simage.c:436:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). image->openfilename = (char*) malloc(strlen(filename)+1); data/simage-1.8.0/src/simage12.c:185:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prealloc->openfilename = (char*) malloc(strlen(filename) + 1); data/simage-1.8.0/src/simage_cgimage.c:79:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(cstr, "CGImage loader: Error loading file", buflen); data/simage-1.8.0/src/simage_cgimage.c:201:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(formats, format, fileext_len+1); data/simage-1.8.0/src/simage_cgimage.c:203:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(formats, ",", 2); data/simage-1.8.0/src/simage_cgimage.c:204:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(formats, format, fileext_len+1); data/simage-1.8.0/src/simage_eps.c:38:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "EPS loader: Error opening file for writing", buflen); data/simage-1.8.0/src/simage_gdiplus.cpp:304:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "GDI+ loader: Error initializing GDI+", buflen); data/simage-1.8.0/src/simage_gdiplus.cpp:307:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "GDI+ loader: Error opening file", buflen); data/simage-1.8.0/src/simage_gdiplus.cpp:310:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "GDI+ loader: Error reading file", buflen); data/simage-1.8.0/src/simage_gdiplus.cpp:313:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "GDI+ loader: Out of memory error", buflen); data/simage-1.8.0/src/simage_gdiplus.cpp:316:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "GDI+ saver: Error opening file", buflen); data/simage-1.8.0/src/simage_gdiplus.cpp:319:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "GDI+ loader: Error writing file", buflen); data/simage-1.8.0/src/simage_gdiplus.cpp:322:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "GDI+ loader: Feature not implemented", buflen); data/simage-1.8.0/src/simage_gdiplus.cpp:325:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "GDI+ loader: Interesting unknown error you got", buflen); data/simage-1.8.0/src/simage_gdiplus.cpp:340:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wchar_t * filename = new wchar_t[strlen(ptr)+1]; data/simage-1.8.0/src/simage_gdiplus.cpp:343:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mbstowcs(filename, ptr, strlen(ptr)+1); data/simage-1.8.0/src/simage_gdiplus.cpp:452:27: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t w_format_len = wcslen(w_format); data/simage-1.8.0/src/simage_gdiplus.cpp:456:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). format_len = strlen(format); data/simage-1.8.0/src/simage_gdiplus.cpp:472:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(formats, format, format_len + 1); data/simage-1.8.0/src/simage_gdiplus.cpp:474:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(formats, ",", 2); data/simage-1.8.0/src/simage_gdiplus.cpp:475:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(formats, format, format_len + 1); data/simage-1.8.0/src/simage_gdiplus.cpp:501:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wchar_t * format_wide = new wchar_t[strlen(format)+1]; data/simage-1.8.0/src/simage_gdiplus.cpp:504:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mbstowcs(format_wide, format, strlen(format)+1); data/simage-1.8.0/src/simage_gdiplus.cpp:530:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wchar_t * filename_wide = new wchar_t[strlen(filename)+1]; data/simage-1.8.0/src/simage_gdiplus.cpp:533:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mbstowcs(filename_wide, filename, strlen(filename)+1); data/simage-1.8.0/src/simage_gdiplus.cpp:630:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wchar_t * filename_wide = new wchar_t[strlen(filename)+1]; data/simage-1.8.0/src/simage_gdiplus.cpp:633:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mbstowcs(filename_wide, filename, strlen(filename)+1); data/simage-1.8.0/src/simage_gif.c:64:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "GIF loader: Error opening file", buflen); data/simage-1.8.0/src/simage_gif.c:67:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "GIF loader: Error reading file", buflen); data/simage-1.8.0/src/simage_gif.c:70:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "GIF loader: Error writing file", buflen); data/simage-1.8.0/src/simage_gif.c:73:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "GIF loader: Out of memory error", buflen); data/simage-1.8.0/src/simage_jasper.c:90:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "JASPER loader: Error initializing Jasper", buflen); data/simage-1.8.0/src/simage_jasper.c:93:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "JASPER loader: Error opening file", buflen); data/simage-1.8.0/src/simage_jasper.c:96:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "JASPER loader: Error reading file", buflen); data/simage-1.8.0/src/simage_jasper.c:99:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "JASPER loader: Out of memory error", buflen); data/simage-1.8.0/src/simage_jasper.c:102:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "JASPER saver: Error opening file", buflen); data/simage-1.8.0/src/simage_jasper.c:105:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "JASPER loader: Error writing file", buflen); data/simage-1.8.0/src/simage_jasper.c:108:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "JASPER loader: Feature not implemented", buflen); data/simage-1.8.0/src/simage_jpeg.c:65:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "JPEG loader: Error opening file", buflen); data/simage-1.8.0/src/simage_jpeg.c:68:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "JPEG loader: Out of memory error", buflen); data/simage-1.8.0/src/simage_jpeg.c:71:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "JPEG loader: Illegal jpeg file", buflen); data/simage-1.8.0/src/simage_jpeg.c:74:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "JPEG saver: Error opening file", buflen); data/simage-1.8.0/src/simage_jpeg.c:77:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "JPEG saver: Internal libjpeg error", buflen); data/simage-1.8.0/src/simage_pic.c:42:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "PIC loader: Error reading header", bufferlen); data/simage-1.8.0/src/simage_pic.c:45:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "PIC loader: Error reading palette", bufferlen); data/simage-1.8.0/src/simage_pic.c:48:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "PIC loader: Out of memory error", bufferlen); data/simage-1.8.0/src/simage_pic.c:51:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "PIC loader: Read error", bufferlen); data/simage-1.8.0/src/simage_png.c:69:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "PNG loader: Error opening file", buflen); data/simage-1.8.0/src/simage_png.c:72:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "PNG loader: Out of memory error", buflen); data/simage-1.8.0/src/simage_png.c:75:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "PNG loader: Illegal png file", buflen); data/simage-1.8.0/src/simage_png.c:78:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "PNG saver: Error opening file", buflen); data/simage-1.8.0/src/simage_png.c:81:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "PNG saver: Internal libpng error", buflen); data/simage-1.8.0/src/simage_png.c:84:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "PNG saver: Out of memory error", buflen); data/simage-1.8.0/src/simage_qimage.cpp:51:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "QImage loader: Error opening file", buflen); data/simage-1.8.0/src/simage_qimage.cpp:54:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "QImage loader: Out of memory error", buflen); data/simage-1.8.0/src/simage_qimage.cpp:57:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "QImage saver: Internal QImage error", buflen); data/simage-1.8.0/src/simage_qimage.cpp:60:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "QImage saver: Unsupported file format", buflen); data/simage-1.8.0/src/simage_qimage.cpp:144:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, ext, MAX_EXT_LEN); data/simage-1.8.0/src/simage_qimage.cpp:198:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = (int)strlen(asc); data/simage-1.8.0/src/simage_qimage.cpp:217:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(asc); data/simage-1.8.0/src/simage_quicktime.c:102:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). eptr = path + strlen(path) - 1; data/simage-1.8.0/src/simage_quicktime.c:106:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(base, "/"); data/simage-1.8.0/src/simage_quicktime.c:118:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(base, sptr, eptr - sptr + 1); data/simage-1.8.0/src/simage_quicktime.c:133:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr = path + strlen(path) - 1; data/simage-1.8.0/src/simage_quicktime.c:141:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(dirpath, "/"); data/simage-1.8.0/src/simage_quicktime.c:147:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(dirpath, "."); data/simage-1.8.0/src/simage_quicktime.c:155:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dirpath, path, ptr - path + 1); data/simage-1.8.0/src/simage_quicktime.c:362:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(cstr, "QuickTime loader: Error opening file", buflen); data/simage-1.8.0/src/simage_quicktime.c:365:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(cstr, "QuickTime loader: Internal graphics error", buflen); data/simage-1.8.0/src/simage_quicktime.c:368:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(cstr, "QuickTime saver: Error writing file", buflen); data/simage-1.8.0/src/simage_quicktime.c:371:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(cstr, "QuickTime saver: Unsupported file format", buflen); data/simage-1.8.0/src/simage_quicktime.c:374:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(cstr, "QuickTime saver: Only 24 and 32 bit images supported", data/simage-1.8.0/src/simage_quicktime.c:378:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(cstr, "QuickTime loader/saver: Out of memory", buflen); data/simage-1.8.0/src/simage_rgb.c:158:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "RGB loader: Error opening file", buflen); data/simage-1.8.0/src/simage_rgb.c:161:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "RGB loader: Error reading file", buflen); data/simage-1.8.0/src/simage_rgb.c:164:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "RGB loader: Out of memory error", buflen); data/simage-1.8.0/src/simage_rgb.c:167:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "RGB loader: Unsupported zsize", buflen); data/simage-1.8.0/src/simage_rgb.c:170:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "RGB loader: Error opening file for writing", buflen); data/simage-1.8.0/src/simage_tga.c:56:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "TGA loader: Error opening file", buflen); data/simage-1.8.0/src/simage_tga.c:59:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "TGA loader: Error reading file", buflen); data/simage-1.8.0/src/simage_tga.c:62:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "TGA loader: Out of memory error", buflen); data/simage-1.8.0/src/simage_tiff.c:53:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "TIFF loader: Error opening file", buflen); data/simage-1.8.0/src/simage_tiff.c:56:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "TIFF loader: Out of memory error", buflen); data/simage-1.8.0/src/simage_tiff.c:59:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "TIFF loader: Unsupported image type", buflen); data/simage-1.8.0/src/simage_tiff.c:62:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "TIFF loader: Illegal tiff file", buflen); data/simage-1.8.0/src/simage_tiff.c:65:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "TIFF saver: Error opening file", buflen); data/simage-1.8.0/src/simage_tiff.c:68:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "TIFF loader: Error writing file", buflen); data/simage-1.8.0/src/simage_write.c:93:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newstr = (char *) malloc(strlen(str) + 1); data/simage-1.8.0/src/simage_xwd.c:132:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( buffer, "XWD loader: file stat error", bufferlen ); data/simage-1.8.0/src/simage_xwd.c:135:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( buffer, "XWD loader: file open error", bufferlen ); data/simage-1.8.0/src/simage_xwd.c:138:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( buffer, "XWD loader: file read error", bufferlen ); data/simage-1.8.0/src/simage_xwd.c:141:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( buffer, "XWD loader: malloc error", bufferlen ); data/simage-1.8.0/src/simage_xwd.c:144:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( buffer, "XWD loader: unsupported operation", bufferlen ); data/simage-1.8.0/src/stream.c:133:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stream->filename = (char*) malloc(strlen(filename)+1); data/simage-1.8.0/src/stream.c:165:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stream->filename = (char*) malloc(strlen(filename)+1); ANALYSIS SUMMARY: Hits = 351 Lines analyzed = 24934 in approximately 0.75 seconds (33162 lines/second) Physical Source Lines of Code (SLOC) = 16291 Hits@level = [0] 268 [1] 119 [2] 184 [3] 2 [4] 46 [5] 0 Hits@level+ = [0+] 619 [1+] 351 [2+] 232 [3+] 48 [4+] 46 [5+] 0 Hits/KSLOC@level+ = [0+] 37.9964 [1+] 21.5456 [2+] 14.241 [3+] 2.94641 [4+] 2.82364 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.