Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/swfmill-0.3.6/src/SWFShapeMaker.h
Examining data/swfmill-0.3.6/src/SWFGlyphList.h
Examining data/swfmill-0.3.6/src/SWFShapeItem.cpp
Examining data/swfmill-0.3.6/src/gSWF.h
Examining data/swfmill-0.3.6/src/SWFShapeItem.h
Examining data/swfmill-0.3.6/src/Geom.h
Examining data/swfmill-0.3.6/src/xslt/xslt.h
Examining data/swfmill-0.3.6/src/xslt/xslt_pack.cpp
Examining data/swfmill-0.3.6/src/SWFFilter.cpp
Examining data/swfmill-0.3.6/src/base64.h
Examining data/swfmill-0.3.6/src/SWFGlyphList.cpp
Examining data/swfmill-0.3.6/src/SWFItem.cpp
Examining data/swfmill-0.3.6/src/SWFTrait.cpp
Examining data/swfmill-0.3.6/src/SWFFile.cpp
Examining data/swfmill-0.3.6/src/SWFTag.h
Examining data/swfmill-0.3.6/src/SWFTrait.h
Examining data/swfmill-0.3.6/src/SWFFilter.h
Examining data/swfmill-0.3.6/src/base64.c
Examining data/swfmill-0.3.6/src/SWFOpCode.cpp
Examining data/swfmill-0.3.6/src/SWFOpCode.h
Examining data/swfmill-0.3.6/src/swfmill.cpp
Examining data/swfmill-0.3.6/src/SWFItem.h
Examining data/swfmill-0.3.6/src/SWFAction.cpp
Examining data/swfmill-0.3.6/src/SWFTag.cpp
Examining data/swfmill-0.3.6/src/SWFWriter.h
Examining data/swfmill-0.3.6/src/SWFFile.h
Examining data/swfmill-0.3.6/src/SWFIdItem.h
Examining data/swfmill-0.3.6/src/swft/swft_import_binary.cpp
Examining data/swfmill-0.3.6/src/swft/SVGStyle.h
Examining data/swfmill-0.3.6/src/swft/Parser.cpp
Examining data/swfmill-0.3.6/src/swft/swft_import_png.cpp
Examining data/swfmill-0.3.6/src/swft/SVGColor.h
Examining data/swfmill-0.3.6/src/swft/swft_path.cpp
Examining data/swfmill-0.3.6/src/swft/Parser.h
Examining data/swfmill-0.3.6/src/swft/SVGTransformParser.h
Examining data/swfmill-0.3.6/src/swft/readpng.h
Examining data/swfmill-0.3.6/src/swft/SVGAttributeParser.cpp
Examining data/swfmill-0.3.6/src/swft/swft.h
Examining data/swfmill-0.3.6/src/swft/SVGAttributeParser.h
Examining data/swfmill-0.3.6/src/swft/swft_import.cpp
Examining data/swfmill-0.3.6/src/swft/SVGPathParser.h
Examining data/swfmill-0.3.6/src/swft/swft_document.cpp
Examining data/swfmill-0.3.6/src/swft/SVGTransformParser.cpp
Examining data/swfmill-0.3.6/src/swft/SVGPathParser.cpp
Examining data/swfmill-0.3.6/src/swft/SVGPointsParser.h
Examining data/swfmill-0.3.6/src/swft/readpng.c
Examining data/swfmill-0.3.6/src/swft/SVGGradient.cpp
Examining data/swfmill-0.3.6/src/swft/SVGPointsParser.cpp
Examining data/swfmill-0.3.6/src/swft/SVGStyle.cpp
Examining data/swfmill-0.3.6/src/swft/SVGGradient.h
Examining data/swfmill-0.3.6/src/swft/swft.cpp
Examining data/swfmill-0.3.6/src/swft/swft_import_ttf.cpp
Examining data/swfmill-0.3.6/src/swft/swft_import_mp3.cpp
Examining data/swfmill-0.3.6/src/swft/SVGColors.h
Examining data/swfmill-0.3.6/src/swft/swft_import_wav.cpp
Examining data/swfmill-0.3.6/src/swft/SVGColor.cpp
Examining data/swfmill-0.3.6/src/swft/swft_import_jpeg.cpp
Examining data/swfmill-0.3.6/src/SWFWriter.cpp
Examining data/swfmill-0.3.6/src/SWFShapeMaker.cpp
Examining data/swfmill-0.3.6/src/SWFReader.h
Examining data/swfmill-0.3.6/src/Geom.cpp
Examining data/swfmill-0.3.6/src/SWFReader.cpp
Examining data/swfmill-0.3.6/src/SWFIdItems.h
Examining data/swfmill-0.3.6/src/SWFAction.h
Examining data/swfmill-0.3.6/src/SWFList.h
FINAL RESULTS:
data/swfmill-0.3.6/src/SWFList.h:5:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define WARNING printf
data/swfmill-0.3.6/src/SWFReader.cpp:196:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst, src);
data/swfmill-0.3.6/src/SWFReader.cpp:274:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(d[i] & (1<<b) ? "1" : "0");
data/swfmill-0.3.6/src/SWFWriter.cpp:280:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(d[i] & (1<<b) ? "1" : "0");
data/swfmill-0.3.6/src/swfmill.cpp:70:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, PACKAGE_NAME " " PACKAGE_VERSION "\n");
data/swfmill-0.3.6/src/swft/readpng.h:62:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Trace(x) {fprintf x ; fflush(stderr); fflush(stdout);}
data/swfmill-0.3.6/src/Geom.cpp:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[TMP_STRLEN];
data/swfmill-0.3.6/src/SWFFile.cpp:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig[3];
data/swfmill-0.3.6/src/SWFFile.cpp:208:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[32];
data/swfmill-0.3.6/src/SWFFile.cpp:348:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char outputBuffer[MAX_BUFFER];
data/swfmill-0.3.6/src/SWFFile.cpp:416:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char inputBuffer[MAX_BUFFER];
data/swfmill-0.3.6/src/SWFGlyphList.cpp:162:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[32];
data/swfmill-0.3.6/src/SWFItem.cpp:184:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, dst, lout);
data/swfmill-0.3.6/src/SWFItem.cpp:203:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, d, size);
data/swfmill-0.3.6/src/SWFReader.cpp:25:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &data[pos], len);
data/swfmill-0.3.6/src/SWFReader.cpp:117:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&f, &i, 4);
data/swfmill-0.3.6/src/SWFReader.cpp:124:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d, &i, 8);
data/swfmill-0.3.6/src/SWFReader.cpp:152:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&f, &i, 4);
data/swfmill-0.3.6/src/SWFShapeItem.cpp:181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[32];
data/swfmill-0.3.6/src/SWFShapeMaker.cpp:367:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[TMP_STRLEN];
data/swfmill-0.3.6/src/SWFWriter.cpp:30:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data[pos], src, len);
data/swfmill-0.3.6/src/SWFWriter.cpp:178:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data[pos], value, len+1);
data/swfmill-0.3.6/src/SWFWriter.cpp:187:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data[pos], value, len);
data/swfmill-0.3.6/src/SWFWriter.cpp:196:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data[pos], value, len);
data/swfmill-0.3.6/src/base64.c:12:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char end[3];
data/swfmill-0.3.6/src/swfmill.cpp:107:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in_fp = std_in ? stdin : fopen(infile, "rb");
data/swfmill-0.3.6/src/swfmill.cpp:139:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_fp = std_out ? stdout : fopen(outfile, "wb");
data/swfmill-0.3.6/src/swfmill.cpp:190:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in_fp = std_in ? stdin : fopen(infile, "rb");
data/swfmill-0.3.6/src/swfmill.cpp:224:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *params[3];
data/swfmill-0.3.6/src/swfmill.cpp:245:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_fp = std_out ? stdout : fopen(outfile, "wb");
data/swfmill-0.3.6/src/swfmill.cpp:317:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *params[3];
data/swfmill-0.3.6/src/swfmill.cpp:349:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_fp = fopen(outfile, "wb");
data/swfmill-0.3.6/src/swfmill.cpp:395:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/swfmill-0.3.6/src/swft/SVGColor.cpp:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[TMP_STRLEN];
data/swfmill-0.3.6/src/swft/SVGGradient.cpp:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[TMP_STRLEN];
data/swfmill-0.3.6/src/swft/SVGGradient.cpp:234:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[TMP_STRLEN];
data/swfmill-0.3.6/src/swft/SVGGradient.cpp:246:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[TMP_STRLEN];
data/swfmill-0.3.6/src/swft/SVGStyle.cpp:159:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[TMP_STRLEN];
data/swfmill-0.3.6/src/swft/swft.cpp:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[TMP_STRLEN];
data/swfmill-0.3.6/src/swft/swft.cpp:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[TMP_STRLEN];
data/swfmill-0.3.6/src/swft/swft.cpp:185:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[TMP_STRLEN];
data/swfmill-0.3.6/src/swft/swft.h:46:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int id = atoi(oldID);
data/swfmill-0.3.6/src/swft/swft_document.cpp:32:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen( filename, "rb" );
data/swfmill-0.3.6/src/swft/swft_import_binary.cpp:41:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen( filename, "rb" );
data/swfmill-0.3.6/src/swft/swft_import_jpeg.cpp:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[TMP_STRLEN];
data/swfmill-0.3.6/src/swft/swft_import_jpeg.cpp:111:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen( filename, "rb" );
data/swfmill-0.3.6/src/swft/swft_import_jpeg.cpp:146:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, jpeg_header, ofs );
data/swfmill-0.3.6/src/swft/swft_import_jpeg.cpp:171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[TMP_STRLEN];
data/swfmill-0.3.6/src/swft/swft_import_jpeg.cpp:192:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( filename, "rb" );
data/swfmill-0.3.6/src/swft/swft_import_jpeg.cpp:235:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( jpegdata, jpeg_header, ofs );
data/swfmill-0.3.6/src/swft/swft_import_jpeg.cpp:247:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( maskfilename, "rb" );
data/swfmill-0.3.6/src/swft/swft_import_jpeg.cpp:257:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, jpegdata, size+ofs );
data/swfmill-0.3.6/src/swft/swft_import_mp3.cpp:167:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[TMP_STRLEN];
data/swfmill-0.3.6/src/swft/swft_import_mp3.cpp:195:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen( (const char *)filename, "rb" );
data/swfmill-0.3.6/src/swft/swft_import_png.cpp:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[TMP_STRLEN];
data/swfmill-0.3.6/src/swft/swft_import_png.cpp:102:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen( filename, "rb" );
data/swfmill-0.3.6/src/swft/swft_import_png.cpp:197:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( dst, src, rowbytes );
data/swfmill-0.3.6/src/swft/swft_import_wav.cpp:154:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[TMP_STRLEN];
data/swfmill-0.3.6/src/swft/swft_import_wav.cpp:182:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen( (const char *)filename, "rb" );
data/swfmill-0.3.6/src/xslt/xslt_pack.cpp:41:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen( filename, "rb" );
data/swfmill-0.3.6/src/xslt/xslt_pack.cpp:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[TMP_STRLEN];
data/swfmill-0.3.6/src/xslt/xslt_pack.cpp:125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[TMP_STRLEN];
data/swfmill-0.3.6/src/SWFFile.cpp:50:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
length = fgetc(fp);
data/swfmill-0.3.6/src/SWFFile.cpp:51:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
length += fgetc(fp)<<8;
data/swfmill-0.3.6/src/SWFFile.cpp:52:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
length += fgetc(fp)<<16;
data/swfmill-0.3.6/src/SWFFile.cpp:53:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
length += fgetc(fp)<<24;
data/swfmill-0.3.6/src/SWFItem.cpp:172:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int i=strlen(d)-1; i>0 && isspace(d[i]); i--) {
data/swfmill-0.3.6/src/SWFItem.cpp:178:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(d);
data/swfmill-0.3.6/src/SWFReader.cpp:194:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(src) + 1;
data/swfmill-0.3.6/src/SWFReader.h:66:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read( void *dst, size_t n );
data/swfmill-0.3.6/src/SWFWriter.cpp:176:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(value);
data/swfmill-0.3.6/src/SWFWriter.cpp:184:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(value);
data/swfmill-0.3.6/src/SWFWriter.cpp:193:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(value);
data/swfmill-0.3.6/src/swfmill.cpp:218:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
transform = xsltParseStylesheetMemory(internal_stylesheet, strlen(internal_stylesheet));
data/swfmill-0.3.6/src/swfmill.cpp:453:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xsltStylesheetPtr transform = xsltParseStylesheetMemory(internal_stylesheet, strlen(internal_stylesheet));
data/swfmill-0.3.6/src/swfmill.cpp:480:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int j=1; j<strlen(argv[i]); j++) {
data/swfmill-0.3.6/src/swft/Parser.cpp:33:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (size_t i = 0; i < strlen(str); i++) {
data/swfmill-0.3.6/src/swft/SVGAttributeParser.cpp:85:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int cch = strlen (str);
data/swfmill-0.3.6/src/swft/SVGPathParser.cpp:17:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(size_t i = 0; i <= strlen(path); i++) {
data/swfmill-0.3.6/src/swft/SVGPointsParser.cpp:15:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(int i = 0; i < strlen(points); i++) {
data/swfmill-0.3.6/src/swft/swft_import.cpp:16:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(basename);
data/swfmill-0.3.6/src/swft/swft_import.cpp:18:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( name, basename, l + 1 ); // copy string including null terminator
data/swfmill-0.3.6/src/swft/swft_import_jpeg.cpp:20:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int r = fgetc(fp);
data/swfmill-0.3.6/src/swft/swft_import_jpeg.cpp:22:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r += fgetc(fp);
data/swfmill-0.3.6/src/swft/swft_import_jpeg.cpp:29:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(infile) != 0xff || fgetc(infile) != 0xd8) {
data/swfmill-0.3.6/src/swft/swft_import_jpeg.cpp:29:31: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(infile) != 0xff || fgetc(infile) != 0xd8) {
data/swfmill-0.3.6/src/swft/swft_import_jpeg.cpp:34:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(infile) != 0xff) {
data/swfmill-0.3.6/src/swft/swft_import_jpeg.cpp:40:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
marker = fgetc(infile);
data/swfmill-0.3.6/src/swft/swft_import_jpeg.cpp:58:4: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(infile);
data/swfmill-0.3.6/src/swft/swft_import_jpeg.cpp:61:4: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(infile);
data/swfmill-0.3.6/src/swft/swft_import_jpeg.cpp:142:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ofs = strlen(reinterpret_cast<const char*>(jpeg_header));
data/swfmill-0.3.6/src/swft/swft_import_jpeg.cpp:231:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ofs = strlen(reinterpret_cast<const char*>(jpeg_header));
data/swfmill-0.3.6/src/xslt/xslt_pack.cpp:17:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(basename);
data/swfmill-0.3.6/src/xslt/xslt_pack.cpp:19:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( name, basename, l );
data/swfmill-0.3.6/src/xslt/xslt_pack.cpp:31:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int r = fgetc(fp);
data/swfmill-0.3.6/src/xslt/xslt_pack.cpp:33:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r += fgetc(fp);
data/swfmill-0.3.6/src/xslt/xslt_pack.cpp:47:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( fgetc(fp) == 0xff ) {
data/swfmill-0.3.6/src/xslt/xslt_pack.cpp:48:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( fgetc(fp) == 0xc0 ) {
data/swfmill-0.3.6/src/xslt/xslt_pack.cpp:51:5: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(fp); fgetc(fp); fgetc(fp);
data/swfmill-0.3.6/src/xslt/xslt_pack.cpp:51:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(fp); fgetc(fp); fgetc(fp);
data/swfmill-0.3.6/src/xslt/xslt_pack.cpp:51:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(fp); fgetc(fp); fgetc(fp);
ANALYSIS SUMMARY:
Hits = 101
Lines analyzed = 20846 in approximately 0.49 seconds (42527 lines/second)
Physical Source Lines of Code (SLOC) = 15575
Hits@level = [0] 227 [1] 39 [2] 56 [3] 0 [4] 6 [5] 0
Hits@level+ = [0+] 328 [1+] 101 [2+] 62 [3+] 6 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 21.0594 [1+] 6.48475 [2+] 3.98074 [3+] 0.385233 [4+] 0.385233 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.