Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/vamps-0.99.2/play_cell/play_cell.c
Examining data/vamps-0.99.2/vamps/requant.c
Examining data/vamps-0.99.2/vamps/vamps.c
Examining data/vamps-0.99.2/vamps/getvlc.h
Examining data/vamps-0.99.2/vamps/putvlc.h
Examining data/vamps-0.99.2/vamps/qTable.h
Examining data/vamps-0.99.2/vamps/requant.h
FINAL RESULTS:
data/vamps-0.99.2/play_cell/play_cell.c:629:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (stderr, fmt, ap);
data/vamps-0.99.2/play_cell/play_cell.c:642:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (stderr, fmt, ap);
data/vamps-0.99.2/vamps/requant.c:235:19: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DEB(msg) fprintf (stderr, "%s:%d " msg, __FILE__, __LINE__)
data/vamps-0.99.2/vamps/requant.c:236:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DEBF(format, args...) fprintf (stderr, "%s:%d " format, __FILE__, __LINE__, args)
data/vamps-0.99.2/vamps/requant.c:249:18: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define LOG(msg) fprintf (stderr, msg)
data/vamps-0.99.2/vamps/requant.c:251:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define LOGF(format, arg1) fprintf (stderr, format, arg1)
data/vamps-0.99.2/vamps/requant.c:253:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define LOGF(format, args...) fprintf (stderr, format, args)
data/vamps-0.99.2/vamps/requant.c:2149:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,\
data/vamps-0.99.2/vamps/requant.c:2155:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,\
data/vamps-0.99.2/vamps/requant.c:2163:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,\
data/vamps-0.99.2/vamps/requant.c:2169:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,\
data/vamps-0.99.2/vamps/vamps.c:1282:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf (fp, injections [i].f, injections [i].p) != 1)
data/vamps-0.99.2/vamps/vamps.c:1314:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, injections [i].f, *((uint32_t *) injections [i].p));
data/vamps-0.99.2/vamps/vamps.c:1318:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, injections [i].f, *((uint64_t *) injections [i].p));
data/vamps-0.99.2/vamps/vamps.c:1363:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (stderr, fmt, ap);
data/vamps-0.99.2/play_cell/play_cell.c:317:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr, nav_pack1, sizeof (nav_pack1));
data/vamps-0.99.2/play_cell/play_cell.c:319:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr + 20, syshdr, 18);
data/vamps-0.99.2/play_cell/play_cell.c:323:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr, nav_pack2, sizeof (nav_pack2));
data/vamps-0.99.2/play_cell/play_cell.c:435:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr, dummy_pack, sizeof (dummy_pack));
data/vamps-0.99.2/play_cell/play_cell.c:505:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr, private_2_pack, sizeof (private_2_pack));
data/vamps-0.99.2/vamps/requant.c:372:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wbuf, cbuf, x);\
data/vamps-0.99.2/vamps/requant.c:2198:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
LOG_FILE = fopen("Logfile.txt", "w");
data/vamps-0.99.2/vamps/requant.c:2211:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifd = fopen(argv[argc - 2], "rb");
data/vamps-0.99.2/vamps/requant.c:2212:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofd = fopen(argv[argc - 1], "wb");
data/vamps-0.99.2/vamps/requant.c:2241:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
delta_bright = atoi(argv[4]);
data/vamps-0.99.2/vamps/requant.c:2255:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4096];
data/vamps-0.99.2/vamps/requant.c:2603:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outTemp, inTemp, cbuf - inTemp);
data/vamps-0.99.2/vamps/requant.h:62:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wbuf, cbuf, x); \
data/vamps-0.99.2/vamps/vamps.c:394:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (rbuf, rptr, avail);
data/vamps-0.99.2/vamps/vamps.c:421:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wptr, rptr, size);
data/vamps-0.99.2/vamps/vamps.c:587:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (src + n, "\0\0\1", 3);
data/vamps-0.99.2/vamps/vamps.c:948:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (viptr, ptr + 6 + opt_length, data_length);
data/vamps-0.99.2/vamps/vamps.c:1036:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr + 6 + 3 + header_data_length, voptr, data_length);
data/vamps-0.99.2/vamps/vamps.c:1047:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr + 6 + 3 + header_data_length, voptr, avail);
data/vamps-0.99.2/vamps/vamps.c:1074:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr + 6 + 3 + header_data_length, voptr, avail);
data/vamps-0.99.2/vamps/vamps.c:1251:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (vobuf, vibuf, vilen);
data/vamps-0.99.2/vamps/vamps.c:1277:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (filename, "r")) == NULL)
data/vamps-0.99.2/vamps/vamps.c:1297:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (filename, "w")) == NULL)
data/vamps-0.99.2/vamps/requant.c:311:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mloka1 = read(0, rbuf, mloka2); \
data/vamps-0.99.2/vamps/requant.c:2259:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int i = read(0, buf, 4096);
data/vamps-0.99.2/vamps/requant.c:2548:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mloka1 = read(0, rbuf, mloka2);
data/vamps-0.99.2/vamps/vamps.c:399:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read (0, rhwp, RBUF_SIZE - avail);
ANALYSIS SUMMARY:
Hits = 42
Lines analyzed = 6549 in approximately 0.19 seconds (33792 lines/second)
Physical Source Lines of Code (SLOC) = 5136
Hits@level = [0] 25 [1] 4 [2] 23 [3] 0 [4] 15 [5] 0
Hits@level+ = [0+] 67 [1+] 42 [2+] 38 [3+] 15 [4+] 15 [5+] 0
Hits/KSLOC@level+ = [0+] 13.0452 [1+] 8.17757 [2+] 7.39875 [3+] 2.92056 [4+] 2.92056 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.