Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/xblast-tnt-models-20050106/debian/sprites/epmtools/pgmtoepm.c
Examining data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c
Examining data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtoppm.c
Examining data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmuncompress.c
Examining data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress.c
Examining data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c
Examining data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtopgm.c
Examining data/xblast-tnt-models-20050106/debian/sprites/epmtools/ppmtoepm.c
Examining data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress2.c
Examining data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmhalf.c
FINAL RESULTS:
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c:83:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (3 == sscanf(line, "%u %u %s", &x, &y, epmname) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c:92:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new->fname, epmname);
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c:126:14: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (5 != fscanf(fp, "%s%d%d%d%d%*c", magic, &(epm->width), &(epm->height),
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress.c:65:14: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (5 != fscanf(fp, "%s%d%d%d%d%*c", magic,&width,&height,&maxval,&depth) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress.c:138:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file_name, "%s~", argv[arg]);
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress2.c:115:14: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (5 != fscanf(fp, "%s%d%d%d%d%*c", magic,&width,&height,&maxval,&depth) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress2.c:205:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file_name, "%s~", argv[arg]);
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmhalf.c:85:12: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (5 != fscanf(fin, "%s%d%d%d%d%*c", magic,&width,&height,&maxval,&depth) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtopgm.c:99:12: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (5 != fscanf(fin, "%s%d%d%d%d%*c", magic,&width,&height,&maxval,&depth) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtopgm.c:125:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outfile, "%s.%d", prefix, layer);
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtoppm.c:119:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, line);
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtoppm.c:168:12: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (5 != fscanf(fp, "%s%d%d%d%d%*c", magic,&width,&height,&maxval,&depth) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmuncompress.c:66:14: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (5 != fscanf(fp, "%s%d%d%d%d%*c", magic,&width,&height,&maxval,&depth) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmuncompress.c:121:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file_name, "%s~", argv[arg]);
data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c:83:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (3 == sscanf(line, "%u %u %s", &x, &y, pbmname) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c:96:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new->fname, pbmname);
data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c:129:14: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (3 != fscanf(fp, "%s%d%d%*c", magic,&(pbm->wbyte),&(pbm->height) ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/pgmtoepm.c:60:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fp, "%s %d %d %d%c", magic, &width, &height, &maxval, &dummy);
data/xblast-tnt-models-20050106/debian/sprites/epmtools/ppmtoepm.c:94:3: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fp, "%s %d %d %d%c", magic, &width, &height, &maxval, &dummy);
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c:67:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[1024];
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c:68:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char epmname[1024];
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c:76:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(filename, "r") ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c:117:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[256];
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c:121:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(epm->fname, "r") ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c:224:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(src->fname, "r") ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c:247:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr, src->line, src->width);
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c:273:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(filename, "w") ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[256];
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress.c:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[1024];
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress.c:58:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(argv[arg],"r") ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress.c:145:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen (argv[arg], "w") ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress2.c:94:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[256];
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress2.c:95:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[1024];
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress2.c:108:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(argv[arg],"r") ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmcompress2.c:212:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen (argv[arg], "w") ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmhalf.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[256];
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmhalf.c:58:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fin = fopen(argv[1],"r") ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmhalf.c:67:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fin = fopen(argv[1],"r") ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmhalf.c:72:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fout = fopen(argv[2],"w") ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtopgm.c:75:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[256];
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtopgm.c:76:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfile[1024];
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtopgm.c:87:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fin = fopen(argv[1],"r") ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtopgm.c:126:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fout = fopen(outfile, "w") ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtoppm.c:50:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[1024];
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtoppm.c:94:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(RGB_TXT, "r" ) ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtoppm.c:147:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[256];
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtoppm.c:160:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(argv[1],"r") ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmuncompress.c:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[256];
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmuncompress.c:48:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[1024];
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmuncompress.c:59:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(argv[arg],"r") ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmuncompress.c:128:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen (argv[arg], "w") ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c:66:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[1024];
data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c:67:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pbmname[1024];
data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c:75:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(filename, "r") ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c:119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[256];
data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c:123:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(pbm->fname, "r") ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c:218:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(src->fname, "r") ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c:242:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr, src->line, src->wbyte);
data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c:268:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(filename, "w") ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/pgmtoepm.c:39:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char magic[256];
data/xblast-tnt-models-20050106/debian/sprites/epmtools/pgmtoepm.c:55:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(argv[i],"r") ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/ppmtoepm.c:39:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char magic[256];
data/xblast-tnt-models-20050106/debian/sprites/epmtools/ppmtoepm.c:89:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
} else if (NULL == (fp = fopen(ppm,"r") ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/ppmtoepm.c:120:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fout = fopen(epm,"w") ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmarrange.c:85:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(NULL == (new->fname = (char *) malloc(strlen(epmname)+1) ) ) ) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtopgm.c:42:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
flength = strlen(filename);
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtopgm.c:43:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xlength = strlen (extension);
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtopgm.c:56:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (dest, filename, flength);
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtoppm.c:60:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
switch (strlen(name)) {
data/xblast-tnt-models-20050106/debian/sprites/epmtools/epmtoppm.c:103:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l_len = strlen(line)-1;
data/xblast-tnt-models-20050106/debian/sprites/epmtools/pbmarrange.c:85:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(NULL == (new->fname = (char *) malloc(strlen(pbmname)+1) ) ) ) {
ANALYSIS SUMMARY:
Hits = 71
Lines analyzed = 2087 in approximately 0.14 seconds (14801 lines/second)
Physical Source Lines of Code (SLOC) = 1474
Hits@level = [0] 122 [1] 7 [2] 45 [3] 0 [4] 19 [5] 0
Hits@level+ = [0+] 193 [1+] 71 [2+] 64 [3+] 19 [4+] 19 [5+] 0
Hits/KSLOC@level+ = [0+] 130.936 [1+] 48.1682 [2+] 43.4193 [3+] 12.8901 [4+] 12.8901 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.