Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/xblast-tnt-models-20050106/debian/sprites/epmtools/pgmtoepm.c Examining data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c Examining data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtoppm.c Examining data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmuncompress.c Examining data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress.c Examining data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c Examining data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtopgm.c Examining data/xblast-tnt-models-20050106/debian/sprites/epmtools/ppmtoepm.c Examining data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress2.c Examining data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmhalf.c FINAL RESULTS: data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c:83:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (3 == sscanf(line, "%u %u %s", &x, &y, epmname) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c:92:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new->fname, epmname); data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c:126:14: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (5 != fscanf(fp, "%s%d%d%d%d%*c", magic, &(epm->width), &(epm->height), data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress.c:65:14: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (5 != fscanf(fp, "%s%d%d%d%d%*c", magic,&width,&height,&maxval,&depth) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress.c:138:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (file_name, "%s~", argv[arg]); data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress2.c:115:14: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (5 != fscanf(fp, "%s%d%d%d%d%*c", magic,&width,&height,&maxval,&depth) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress2.c:205:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (file_name, "%s~", argv[arg]); data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmhalf.c:85:12: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (5 != fscanf(fin, "%s%d%d%d%d%*c", magic,&width,&height,&maxval,&depth) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtopgm.c:99:12: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (5 != fscanf(fin, "%s%d%d%d%d%*c", magic,&width,&height,&maxval,&depth) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtopgm.c:125:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outfile, "%s.%d", prefix, layer); data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtoppm.c:119:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, line); data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtoppm.c:168:12: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (5 != fscanf(fp, "%s%d%d%d%d%*c", magic,&width,&height,&maxval,&depth) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmuncompress.c:66:14: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (5 != fscanf(fp, "%s%d%d%d%d%*c", magic,&width,&height,&maxval,&depth) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmuncompress.c:121:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (file_name, "%s~", argv[arg]); data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c:83:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (3 == sscanf(line, "%u %u %s", &x, &y, pbmname) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c:96:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new->fname, pbmname); data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c:129:14: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (3 != fscanf(fp, "%s%d%d%*c", magic,&(pbm->wbyte),&(pbm->height) ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/pgmtoepm.c:60:5: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fscanf(fp, "%s %d %d %d%c", magic, &width, &height, &maxval, &dummy); data/xblast-tnt-models-20050106/debian/sprites/epmtools/ppmtoepm.c:94:3: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fscanf(fp, "%s %d %d %d%c", magic, &width, &height, &maxval, &dummy); data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c:67:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char line[1024]; data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c:68:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char epmname[1024]; data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c:76:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (NULL == (fp = fopen(filename, "r") ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c:117:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[256]; data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c:121:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (NULL == (fp = fopen(epm->fname, "r") ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c:224:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (NULL == (fp = fopen(src->fname, "r") ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c:247:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ptr, src->line, src->width); data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c:273:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (NULL == (fp = fopen(filename, "w") ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress.c:45:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[256]; data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress.c:46:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[1024]; data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress.c:58:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (NULL == (fp = fopen(argv[arg],"r") ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress.c:145:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (NULL == (fp = fopen (argv[arg], "w") ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress2.c:94:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[256]; data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress2.c:95:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[1024]; data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress2.c:108:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (NULL == (fp = fopen(argv[arg],"r") ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress2.c:212:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (NULL == (fp = fopen (argv[arg], "w") ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmhalf.c:45:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[256]; data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmhalf.c:58:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (NULL == (fin = fopen(argv[1],"r") ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmhalf.c:67:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (NULL == (fin = fopen(argv[1],"r") ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmhalf.c:72:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (NULL == (fout = fopen(argv[2],"w") ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtopgm.c:75:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[256]; data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtopgm.c:76:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outfile[1024]; data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtopgm.c:87:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (NULL == (fin = fopen(argv[1],"r") ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtopgm.c:126:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (NULL == (fout = fopen(outfile, "w") ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtoppm.c:50:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char line[1024]; data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtoppm.c:94:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (NULL == (fp = fopen(RGB_TXT, "r" ) ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtoppm.c:147:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[256]; data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtoppm.c:160:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (NULL == (fp = fopen(argv[1],"r") ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmuncompress.c:47:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[256]; data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmuncompress.c:48:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[1024]; data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmuncompress.c:59:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (NULL == (fp = fopen(argv[arg],"r") ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmuncompress.c:128:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (NULL == (fp = fopen (argv[arg], "w") ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c:66:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char line[1024]; data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c:67:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char pbmname[1024]; data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c:75:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (NULL == (fp = fopen(filename, "r") ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c:119:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[256]; data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c:123:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (NULL == (fp = fopen(pbm->fname, "r") ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c:218:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (NULL == (fp = fopen(src->fname, "r") ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c:242:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ptr, src->line, src->wbyte); data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c:268:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (NULL == (fp = fopen(filename, "w") ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/pgmtoepm.c:39:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char magic[256]; data/xblast-tnt-models-20050106/debian/sprites/epmtools/pgmtoepm.c:55:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (NULL == (fp = fopen(argv[i],"r") ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/ppmtoepm.c:39:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char magic[256]; data/xblast-tnt-models-20050106/debian/sprites/epmtools/ppmtoepm.c:89:28: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). } else if (NULL == (fp = fopen(ppm,"r") ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/ppmtoepm.c:120:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (NULL == (fout = fopen(epm,"w") ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c:85:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (NULL == (new->fname = (char *) malloc(strlen(epmname)+1) ) ) ) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtopgm.c:42:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flength = strlen(filename); data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtopgm.c:43:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xlength = strlen (extension); data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtopgm.c:56:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (dest, filename, flength); data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtoppm.c:60:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). switch (strlen(name)) { data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtoppm.c:103:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l_len = strlen(line)-1; data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c:85:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (NULL == (new->fname = (char *) malloc(strlen(pbmname)+1) ) ) ) { ANALYSIS SUMMARY: Hits = 71 Lines analyzed = 2087 in approximately 0.14 seconds (14801 lines/second) Physical Source Lines of Code (SLOC) = 1474 Hits@level = [0] 122 [1] 7 [2] 45 [3] 0 [4] 19 [5] 0 Hits@level+ = [0+] 193 [1+] 71 [2+] 64 [3+] 19 [4+] 19 [5+] 0 Hits/KSLOC@level+ = [0+] 130.936 [1+] 48.1682 [2+] 43.4193 [3+] 12.8901 [4+] 12.8901 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.