Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/zxing-cpp-1.1.1/core/src/BarcodeFormat.cpp Examining data/zxing-cpp-1.1.1/core/src/BarcodeFormat.h Examining data/zxing-cpp-1.1.1/core/src/BinaryBitmap.h Examining data/zxing-cpp-1.1.1/core/src/BitArray.cpp Examining data/zxing-cpp-1.1.1/core/src/BitArray.h Examining data/zxing-cpp-1.1.1/core/src/BitHacks.h Examining data/zxing-cpp-1.1.1/core/src/BitMatrix.cpp Examining data/zxing-cpp-1.1.1/core/src/BitMatrix.h Examining data/zxing-cpp-1.1.1/core/src/BitMatrixCursor.h Examining data/zxing-cpp-1.1.1/core/src/BitMatrixIO.cpp Examining data/zxing-cpp-1.1.1/core/src/BitMatrixIO.h Examining data/zxing-cpp-1.1.1/core/src/BitSource.cpp Examining data/zxing-cpp-1.1.1/core/src/BitSource.h Examining data/zxing-cpp-1.1.1/core/src/ByteArray.h Examining data/zxing-cpp-1.1.1/core/src/ByteMatrix.h Examining data/zxing-cpp-1.1.1/core/src/CharacterSet.h Examining data/zxing-cpp-1.1.1/core/src/CharacterSetECI.cpp Examining data/zxing-cpp-1.1.1/core/src/CharacterSetECI.h Examining data/zxing-cpp-1.1.1/core/src/CustomData.h Examining data/zxing-cpp-1.1.1/core/src/DecodeHints.cpp Examining data/zxing-cpp-1.1.1/core/src/DecodeHints.h Examining data/zxing-cpp-1.1.1/core/src/DecodeStatus.cpp Examining data/zxing-cpp-1.1.1/core/src/DecodeStatus.h Examining data/zxing-cpp-1.1.1/core/src/DecoderResult.h Examining data/zxing-cpp-1.1.1/core/src/DetectorResult.h Examining data/zxing-cpp-1.1.1/core/src/GTIN.h Examining data/zxing-cpp-1.1.1/core/src/GenericGF.cpp Examining data/zxing-cpp-1.1.1/core/src/GenericGF.h Examining data/zxing-cpp-1.1.1/core/src/GenericGFPoly.cpp Examining data/zxing-cpp-1.1.1/core/src/GenericGFPoly.h Examining data/zxing-cpp-1.1.1/core/src/GenericLuminanceSource.cpp Examining data/zxing-cpp-1.1.1/core/src/GenericLuminanceSource.h Examining data/zxing-cpp-1.1.1/core/src/GlobalHistogramBinarizer.cpp Examining data/zxing-cpp-1.1.1/core/src/GlobalHistogramBinarizer.h Examining data/zxing-cpp-1.1.1/core/src/GridSampler.cpp Examining data/zxing-cpp-1.1.1/core/src/GridSampler.h Examining data/zxing-cpp-1.1.1/core/src/HybridBinarizer.cpp Examining data/zxing-cpp-1.1.1/core/src/HybridBinarizer.h Examining data/zxing-cpp-1.1.1/core/src/LogMatrix.h Examining data/zxing-cpp-1.1.1/core/src/LuminanceSource.cpp Examining data/zxing-cpp-1.1.1/core/src/LuminanceSource.h Examining data/zxing-cpp-1.1.1/core/src/Matrix.h Examining data/zxing-cpp-1.1.1/core/src/MultiFormatReader.cpp Examining data/zxing-cpp-1.1.1/core/src/MultiFormatReader.h Examining data/zxing-cpp-1.1.1/core/src/MultiFormatWriter.cpp Examining data/zxing-cpp-1.1.1/core/src/MultiFormatWriter.h Examining data/zxing-cpp-1.1.1/core/src/Pattern.h Examining data/zxing-cpp-1.1.1/core/src/PerspectiveTransform.cpp Examining data/zxing-cpp-1.1.1/core/src/PerspectiveTransform.h Examining data/zxing-cpp-1.1.1/core/src/Point.h Examining data/zxing-cpp-1.1.1/core/src/Quadrilateral.h Examining data/zxing-cpp-1.1.1/core/src/ReadBarcode.cpp Examining data/zxing-cpp-1.1.1/core/src/ReadBarcode.h Examining data/zxing-cpp-1.1.1/core/src/Reader.h Examining data/zxing-cpp-1.1.1/core/src/ReedSolomonDecoder.cpp Examining data/zxing-cpp-1.1.1/core/src/ReedSolomonDecoder.h Examining data/zxing-cpp-1.1.1/core/src/ReedSolomonEncoder.cpp Examining data/zxing-cpp-1.1.1/core/src/ReedSolomonEncoder.h Examining data/zxing-cpp-1.1.1/core/src/Result.cpp Examining data/zxing-cpp-1.1.1/core/src/Result.h Examining data/zxing-cpp-1.1.1/core/src/ResultMetadata.cpp Examining data/zxing-cpp-1.1.1/core/src/ResultMetadata.h Examining data/zxing-cpp-1.1.1/core/src/ResultPoint.cpp Examining data/zxing-cpp-1.1.1/core/src/ResultPoint.h Examining data/zxing-cpp-1.1.1/core/src/TextDecoder.cpp Examining data/zxing-cpp-1.1.1/core/src/TextDecoder.h Examining data/zxing-cpp-1.1.1/core/src/TextEncoder.cpp Examining data/zxing-cpp-1.1.1/core/src/TextEncoder.h Examining data/zxing-cpp-1.1.1/core/src/TextUtfEncoding.cpp Examining data/zxing-cpp-1.1.1/core/src/TextUtfEncoding.h Examining data/zxing-cpp-1.1.1/core/src/TritMatrix.h Examining data/zxing-cpp-1.1.1/core/src/WhiteRectDetector.cpp Examining data/zxing-cpp-1.1.1/core/src/WhiteRectDetector.h Examining data/zxing-cpp-1.1.1/core/src/ZXBigInteger.cpp Examining data/zxing-cpp-1.1.1/core/src/ZXBigInteger.h Examining data/zxing-cpp-1.1.1/core/src/ZXConfig.h Examining data/zxing-cpp-1.1.1/core/src/ZXContainerAlgorithms.h Examining data/zxing-cpp-1.1.1/core/src/ZXFlags.h Examining data/zxing-cpp-1.1.1/core/src/ZXNullable.h Examining data/zxing-cpp-1.1.1/core/src/ZXNumeric.h Examining data/zxing-cpp-1.1.1/core/src/ZXStrConvWorkaround.h Examining data/zxing-cpp-1.1.1/core/src/ZXTestSupport.h Examining data/zxing-cpp-1.1.1/core/src/aztec/AZDecoder.cpp Examining data/zxing-cpp-1.1.1/core/src/aztec/AZDecoder.h Examining data/zxing-cpp-1.1.1/core/src/aztec/AZDetector.cpp Examining data/zxing-cpp-1.1.1/core/src/aztec/AZDetector.h Examining data/zxing-cpp-1.1.1/core/src/aztec/AZDetectorResult.h Examining data/zxing-cpp-1.1.1/core/src/aztec/AZEncoder.cpp Examining data/zxing-cpp-1.1.1/core/src/aztec/AZEncoder.h Examining data/zxing-cpp-1.1.1/core/src/aztec/AZEncodingState.h Examining data/zxing-cpp-1.1.1/core/src/aztec/AZHighLevelEncoder.cpp Examining data/zxing-cpp-1.1.1/core/src/aztec/AZHighLevelEncoder.h Examining data/zxing-cpp-1.1.1/core/src/aztec/AZReader.cpp Examining data/zxing-cpp-1.1.1/core/src/aztec/AZReader.h Examining data/zxing-cpp-1.1.1/core/src/aztec/AZToken.cpp Examining data/zxing-cpp-1.1.1/core/src/aztec/AZToken.h Examining data/zxing-cpp-1.1.1/core/src/aztec/AZWriter.cpp Examining data/zxing-cpp-1.1.1/core/src/aztec/AZWriter.h Examining data/zxing-cpp-1.1.1/core/src/datamatrix/DMBitMatrixParser.cpp Examining data/zxing-cpp-1.1.1/core/src/datamatrix/DMBitMatrixParser.h Examining data/zxing-cpp-1.1.1/core/src/datamatrix/DMDataBlock.cpp Examining data/zxing-cpp-1.1.1/core/src/datamatrix/DMDataBlock.h Examining data/zxing-cpp-1.1.1/core/src/datamatrix/DMDecoder.cpp Examining data/zxing-cpp-1.1.1/core/src/datamatrix/DMDecoder.h Examining data/zxing-cpp-1.1.1/core/src/datamatrix/DMDefaultPlacement.cpp Examining data/zxing-cpp-1.1.1/core/src/datamatrix/DMDefaultPlacement.h Examining data/zxing-cpp-1.1.1/core/src/datamatrix/DMDetector.cpp Examining data/zxing-cpp-1.1.1/core/src/datamatrix/DMDetector.h Examining data/zxing-cpp-1.1.1/core/src/datamatrix/DMECB.h Examining data/zxing-cpp-1.1.1/core/src/datamatrix/DMECEncoder.cpp Examining data/zxing-cpp-1.1.1/core/src/datamatrix/DMECEncoder.h Examining data/zxing-cpp-1.1.1/core/src/datamatrix/DMEncoderContext.h Examining data/zxing-cpp-1.1.1/core/src/datamatrix/DMHighLevelEncoder.cpp Examining data/zxing-cpp-1.1.1/core/src/datamatrix/DMHighLevelEncoder.h Examining data/zxing-cpp-1.1.1/core/src/datamatrix/DMReader.cpp Examining data/zxing-cpp-1.1.1/core/src/datamatrix/DMReader.h Examining data/zxing-cpp-1.1.1/core/src/datamatrix/DMSymbolInfo.cpp Examining data/zxing-cpp-1.1.1/core/src/datamatrix/DMSymbolInfo.h Examining data/zxing-cpp-1.1.1/core/src/datamatrix/DMSymbolShape.h Examining data/zxing-cpp-1.1.1/core/src/datamatrix/DMVersion.cpp Examining data/zxing-cpp-1.1.1/core/src/datamatrix/DMVersion.h Examining data/zxing-cpp-1.1.1/core/src/datamatrix/DMWriter.cpp Examining data/zxing-cpp-1.1.1/core/src/datamatrix/DMWriter.h Examining data/zxing-cpp-1.1.1/core/src/maxicode/MCBitMatrixParser.cpp Examining data/zxing-cpp-1.1.1/core/src/maxicode/MCBitMatrixParser.h Examining data/zxing-cpp-1.1.1/core/src/maxicode/MCDecoder.cpp Examining data/zxing-cpp-1.1.1/core/src/maxicode/MCDecoder.h Examining data/zxing-cpp-1.1.1/core/src/maxicode/MCReader.cpp Examining data/zxing-cpp-1.1.1/core/src/maxicode/MCReader.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODCodabarReader.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODCodabarReader.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODCodabarWriter.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODCodabarWriter.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODCode128Patterns.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODCode128Patterns.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODCode128Reader.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODCode128Reader.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODCode128Writer.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODCode128Writer.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODCode39Reader.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODCode39Reader.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODCode39Writer.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODCode39Writer.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODCode93Reader.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODCode93Reader.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODCode93Writer.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODCode93Writer.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODEAN13Reader.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODEAN13Reader.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODEAN13Writer.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODEAN13Writer.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODEAN8Reader.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODEAN8Reader.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODEAN8Writer.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODEAN8Writer.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODEANManufacturerOrgSupport.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODEANManufacturerOrgSupport.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODITFReader.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODITFReader.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODITFWriter.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODITFWriter.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODMultiUPCEANReader.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODMultiUPCEANReader.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODRSS14Reader.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODRSS14Reader.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODRSSExpandedReader.cpp Parsing failed to find end of parameter list; semicolon terminated it in (pairs.begin(), pairs.end(), sequence.begin(), [](const ExpandedPair& p, int seq) { return p.finderPattern().value() == seq; })) { return true; } } return false; } // Try to construct a valid Examining data/zxing-cpp-1.1.1/core/src/oned/ODRSSExpandedReader.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODReader.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODReader.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODRowReader.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODRowReader.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODUPCAReader.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODUPCAReader.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODUPCAWriter.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODUPCAWriter.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODUPCEANCommon.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODUPCEANCommon.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODUPCEANExtensionSupport.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODUPCEANExtensionSupport.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODUPCEANReader.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODUPCEANReader.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODUPCEReader.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODUPCEReader.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODUPCEWriter.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODUPCEWriter.h Examining data/zxing-cpp-1.1.1/core/src/oned/ODWriterHelper.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/ODWriterHelper.h Examining data/zxing-cpp-1.1.1/core/src/oned/rss/ODRSSDataCharacter.h Examining data/zxing-cpp-1.1.1/core/src/oned/rss/ODRSSExpandedBinaryDecoder.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/rss/ODRSSExpandedBinaryDecoder.h Examining data/zxing-cpp-1.1.1/core/src/oned/rss/ODRSSExpandedPair.h Examining data/zxing-cpp-1.1.1/core/src/oned/rss/ODRSSExpandedRow.h Examining data/zxing-cpp-1.1.1/core/src/oned/rss/ODRSSFieldParser.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/rss/ODRSSFieldParser.h Examining data/zxing-cpp-1.1.1/core/src/oned/rss/ODRSSFinderPattern.h Examining data/zxing-cpp-1.1.1/core/src/oned/rss/ODRSSGenericAppIdDecoder.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/rss/ODRSSGenericAppIdDecoder.h Examining data/zxing-cpp-1.1.1/core/src/oned/rss/ODRSSPair.h Examining data/zxing-cpp-1.1.1/core/src/oned/rss/ODRSSReaderHelper.cpp Examining data/zxing-cpp-1.1.1/core/src/oned/rss/ODRSSReaderHelper.h Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFBarcodeMetadata.h Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFBarcodeValue.cpp Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFBarcodeValue.h Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFBoundingBox.cpp Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFBoundingBox.h Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFCodeword.h Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFCodewordDecoder.cpp Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFCodewordDecoder.h Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFCompaction.h Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFDecodedBitStreamParser.cpp Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFDecodedBitStreamParser.h Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFDecoderResultExtra.h Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFDetectionResult.cpp Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFDetectionResult.h Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFDetectionResultColumn.cpp Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFDetectionResultColumn.h Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFDetector.cpp Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFDetector.h Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFEncoder.cpp Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFEncoder.h Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFHighLevelEncoder.cpp Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFHighLevelEncoder.h Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFModulusGF.cpp Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFModulusGF.h Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFModulusPoly.cpp Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFModulusPoly.h Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFReader.cpp Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFReader.h Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFScanningDecoder.cpp Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFScanningDecoder.h Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFWriter.cpp Examining data/zxing-cpp-1.1.1/core/src/pdf417/PDFWriter.h Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRAlignmentPattern.cpp Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRAlignmentPattern.h Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRAlignmentPatternFinder.cpp Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRAlignmentPatternFinder.h Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRBitMatrixParser.cpp Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRBitMatrixParser.h Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRCodecMode.cpp Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRCodecMode.h Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRDataBlock.cpp Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRDataBlock.h Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRDataMask.cpp Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRDataMask.h Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRDecoder.cpp Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRDecoder.h Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRDecoderMetadata.h Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRDetector.cpp Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRDetector.h Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRECB.h Examining data/zxing-cpp-1.1.1/core/src/qrcode/QREncodeResult.h Examining data/zxing-cpp-1.1.1/core/src/qrcode/QREncoder.cpp Examining data/zxing-cpp-1.1.1/core/src/qrcode/QREncoder.h Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRErrorCorrectionLevel.cpp Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRErrorCorrectionLevel.h Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRFinderPattern.cpp Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRFinderPattern.h Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRFinderPatternFinder.cpp Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRFinderPatternFinder.h Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRFinderPatternInfo.h Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRFormatInformation.cpp Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRFormatInformation.h Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRMaskUtil.cpp Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRMaskUtil.h Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRMatrixUtil.cpp Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRMatrixUtil.h Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRReader.cpp Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRReader.h Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRVersion.cpp Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRVersion.h Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRWriter.cpp Examining data/zxing-cpp-1.1.1/core/src/qrcode/QRWriter.h Examining data/zxing-cpp-1.1.1/core/src/textcodec/Big5MapTable.cpp Examining data/zxing-cpp-1.1.1/core/src/textcodec/Big5MapTable.h Examining data/zxing-cpp-1.1.1/core/src/textcodec/Big5TextDecoder.cpp Examining data/zxing-cpp-1.1.1/core/src/textcodec/Big5TextDecoder.h Examining data/zxing-cpp-1.1.1/core/src/textcodec/Big5TextEncoder.cpp Examining data/zxing-cpp-1.1.1/core/src/textcodec/Big5TextEncoder.h Examining data/zxing-cpp-1.1.1/core/src/textcodec/GBTextDecoder.cpp Examining data/zxing-cpp-1.1.1/core/src/textcodec/GBTextDecoder.h Examining data/zxing-cpp-1.1.1/core/src/textcodec/GBTextEncoder.cpp Examining data/zxing-cpp-1.1.1/core/src/textcodec/GBTextEncoder.h Examining data/zxing-cpp-1.1.1/core/src/textcodec/JPTextDecoder.cpp Examining data/zxing-cpp-1.1.1/core/src/textcodec/JPTextDecoder.h Examining data/zxing-cpp-1.1.1/core/src/textcodec/JPTextEncoder.cpp Examining data/zxing-cpp-1.1.1/core/src/textcodec/JPTextEncoder.h Examining data/zxing-cpp-1.1.1/core/src/textcodec/KRHangulMapping.cpp Examining data/zxing-cpp-1.1.1/core/src/textcodec/KRHangulMapping.h Examining data/zxing-cpp-1.1.1/core/src/textcodec/KRTextDecoder.cpp Examining data/zxing-cpp-1.1.1/core/src/textcodec/KRTextDecoder.h Examining data/zxing-cpp-1.1.1/core/src/textcodec/KRTextEncoder.cpp Examining data/zxing-cpp-1.1.1/core/src/textcodec/KRTextEncoder.h Examining data/zxing-cpp-1.1.1/example/ZXingQtReader.cpp Examining data/zxing-cpp-1.1.1/example/ZXingReader.cpp Examining data/zxing-cpp-1.1.1/example/ZXingWriter.cpp Examining data/zxing-cpp-1.1.1/test/blackbox/BlackboxTestRunner.cpp Examining data/zxing-cpp-1.1.1/test/blackbox/BlackboxTestRunner.h Examining data/zxing-cpp-1.1.1/test/blackbox/ImageLoader.cpp Examining data/zxing-cpp-1.1.1/test/blackbox/ImageLoader.h Examining data/zxing-cpp-1.1.1/test/blackbox/Pdf417MultipleCodeReader.cpp Examining data/zxing-cpp-1.1.1/test/blackbox/Pdf417MultipleCodeReader.h Examining data/zxing-cpp-1.1.1/test/blackbox/QRCodeStructuredAppendReader.cpp Examining data/zxing-cpp-1.1.1/test/blackbox/QRCodeStructuredAppendReader.h Examining data/zxing-cpp-1.1.1/test/blackbox/TestReaderMain.cpp Examining data/zxing-cpp-1.1.1/test/blackbox/TestWriterMain.cpp Examining data/zxing-cpp-1.1.1/test/blackbox/ZXFilesystem.h Examining data/zxing-cpp-1.1.1/test/unit/BarcodeFormatTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/BitArrayUtility.cpp Examining data/zxing-cpp-1.1.1/test/unit/BitArrayUtility.h Examining data/zxing-cpp-1.1.1/test/unit/BitHacksTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/PseudoRandom.h Examining data/zxing-cpp-1.1.1/test/unit/ReedSolomonTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/aztec/AZDecoderTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/aztec/AZDetectorTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/aztec/AZEncodeDecodeTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/aztec/AZEncoderTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/aztec/AZHighLevelEncoderTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/datamatrix/DMDecodedBitStreamParserTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/datamatrix/DMEncodeDecodeTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/datamatrix/DMHighLevelEncodeTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/datamatrix/DMPlacementTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/datamatrix/DMSymbolInfoTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/datamatrix/DMWriterTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/oned/ODCodaBarWriterTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/oned/ODCode128WriterTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/oned/ODCode39ExtendedModeTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/oned/ODCode39WriterTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/oned/ODCode93ReaderTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/oned/ODCode93WriterTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/oned/ODEAN13WriterTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/oned/ODEAN8WriterTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/oned/ODITFWriterTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/oned/ODUPCAWriterTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/oned/ODUPCEWriterTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/pdf417/PDF417DecoderTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/pdf417/PDF417ErrorCorrectionTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/pdf417/PDF417HighLevelEncoderTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/pdf417/PDF417WriterTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/qrcode/QRDataMaskTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/qrcode/QRDecodedBitStreamParserTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/qrcode/QREncoderTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/qrcode/QRErrorCorrectionLevelTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/qrcode/QRFormatInformationTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/qrcode/QRModeTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/qrcode/QRVersionTest.cpp Examining data/zxing-cpp-1.1.1/test/unit/qrcode/QRWriterTest.cpp Examining data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h Examining data/zxing-cpp-1.1.1/thirdparty/stb/stb_image_write.h Examining data/zxing-cpp-1.1.1/wrappers/android/jni/BarcodeReader.cpp Examining data/zxing-cpp-1.1.1/wrappers/android/jni/JNIUtils.cpp Examining data/zxing-cpp-1.1.1/wrappers/android/jni/JNIUtils.h Examining data/zxing-cpp-1.1.1/wrappers/gdiplus/BarcodeGenerator.cpp Examining data/zxing-cpp-1.1.1/wrappers/gdiplus/BarcodeGenerator.h Examining data/zxing-cpp-1.1.1/wrappers/gdiplus/BarcodeReader.cpp Examining data/zxing-cpp-1.1.1/wrappers/gdiplus/BarcodeReader.h Examining data/zxing-cpp-1.1.1/wrappers/gdiplus/GdiplusInit.cpp Examining data/zxing-cpp-1.1.1/wrappers/gdiplus/GdiplusInit.h Examining data/zxing-cpp-1.1.1/wrappers/gdiplus/ImageReader.cpp Examining data/zxing-cpp-1.1.1/wrappers/gdiplus/ImageReader.h Examining data/zxing-cpp-1.1.1/wrappers/gdiplus/ImageWriter.cpp Examining data/zxing-cpp-1.1.1/wrappers/gdiplus/ImageWriter.h Examining data/zxing-cpp-1.1.1/wrappers/python/zxing.cpp Examining data/zxing-cpp-1.1.1/wrappers/wasm/BarcodeReader.cpp Examining data/zxing-cpp-1.1.1/wrappers/wasm/BarcodeWriter.cpp Examining data/zxing-cpp-1.1.1/wrappers/winrt/BarcodeReader.cpp Examining data/zxing-cpp-1.1.1/wrappers/winrt/BarcodeReader.h Examining data/zxing-cpp-1.1.1/wrappers/winrt/ReadResult.h FINAL RESULTS: data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:1245:11: [5] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high, it appears that the size is given as bytes, but the function requires size as characters. if (0 == MultiByteToWideChar(65001 /* UTF8 */, 0, filename, -1, wFilename, sizeof(wFilename))) data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:1248:11: [5] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high, it appears that the size is given as bytes, but the function requires size as characters. if (0 == MultiByteToWideChar(65001 /* UTF8 */, 0, mode, -1, wMode, sizeof(wMode))) data/zxing-cpp-1.1.1/thirdparty/stb/stb_image_write.h:307:11: [5] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high, it appears that the size is given as bytes, but the function requires size as characters. if (0 == MultiByteToWideChar(65001 /* UTF8 */, 0, filename, -1, wFilename, sizeof(wFilename))) data/zxing-cpp-1.1.1/thirdparty/stb/stb_image_write.h:310:11: [5] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high, it appears that the size is given as bytes, but the function requires size as characters. if (0 == MultiByteToWideChar(65001 /* UTF8 */, 0, mode, -1, wMode, sizeof(wMode))) data/zxing-cpp-1.1.1/test/blackbox/TestReaderMain.cpp:41:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. auto var = getenv(name); data/zxing-cpp-1.1.1/test/blackbox/TestReaderMain.cpp:56:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("FORMATS")) data/zxing-cpp-1.1.1/test/blackbox/TestReaderMain.cpp:57:46: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. hints.setFormats(BarcodeFormatsFromString(getenv("FORMATS"))); data/zxing-cpp-1.1.1/test/blackbox/TestReaderMain.cpp:68:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (result.isValid() && getenv("WRITE_TEXT")) { data/zxing-cpp-1.1.1/test/unit/ReedSolomonTest.cpp:55:73: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. void Corrupt(std::vector<int>& received, size_t howMany, PseudoRandom& random, int max) { data/zxing-cpp-1.1.1/test/unit/ReedSolomonTest.cpp:58:20: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. auto location = random.next(size_t(0), received.size() - 1); data/zxing-cpp-1.1.1/test/unit/ReedSolomonTest.cpp:59:16: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int value = random.next(0, max - 1); data/zxing-cpp-1.1.1/test/unit/ReedSolomonTest.cpp:73:16: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. PseudoRandom random(0x12345678); data/zxing-cpp-1.1.1/test/unit/ReedSolomonTest.cpp:82:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Corrupt(message, i, random, field.size()); data/zxing-cpp-1.1.1/test/unit/ReedSolomonTest.cpp:110:16: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. PseudoRandom random(0x12345678); data/zxing-cpp-1.1.1/test/unit/ReedSolomonTest.cpp:115:11: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. val = random.next(0, field.size() - 1); data/zxing-cpp-1.1.1/test/unit/aztec/AZDetectorTest.cpp:57:16: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. PseudoRandom random(std::hash<std::string>()(data)); data/zxing-cpp-1.1.1/test/unit/aztec/AZDetectorTest.cpp:88:21: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. errors.insert(random.next(size_t(0), orientationPoints.size() - 1)); data/zxing-cpp-1.1.1/test/unit/aztec/AZEncodeDecodeTest.cpp:57:16: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. PseudoRandom random(0x12345678); data/zxing-cpp-1.1.1/test/unit/aztec/AZEncodeDecodeTest.cpp:59:12: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. auto x = random.next(0, matrix.width() - 1); data/zxing-cpp-1.1.1/test/unit/aztec/AZEncodeDecodeTest.cpp:60:12: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. auto y = random.next(0, 1); data/zxing-cpp-1.1.1/test/unit/aztec/AZEncodeDecodeTest.cpp:62:7: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. x = random.next(0, matrix.width() - 1); data/zxing-cpp-1.1.1/test/unit/aztec/AZEncodeDecodeTest.cpp:63:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. y = matrix.height() - 2 + random.next(0, 1); data/zxing-cpp-1.1.1/test/unit/aztec/AZEncodeDecodeTest.cpp:65:7: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. x = random.next(0, 1); data/zxing-cpp-1.1.1/test/unit/aztec/AZEncodeDecodeTest.cpp:66:7: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. y = random.next(0, matrix.height() - 1); data/zxing-cpp-1.1.1/test/unit/aztec/AZEncodeDecodeTest.cpp:68:28: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. x = matrix.width() - 2 + random.next(0, 1); data/zxing-cpp-1.1.1/test/unit/aztec/AZEncodeDecodeTest.cpp:69:7: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. y = random.next(0, matrix.height() - 1); data/zxing-cpp-1.1.1/test/unit/aztec/AZEncodeDecodeTest.cpp:100:16: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. PseudoRandom random(0x12345678); data/zxing-cpp-1.1.1/test/unit/aztec/AZEncodeDecodeTest.cpp:103:12: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int x = random.next(0, 1) == 1 ? data/zxing-cpp-1.1.1/test/unit/aztec/AZEncodeDecodeTest.cpp:104:5: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. random.next(0, aztec.layers * 2 - 1) data/zxing-cpp-1.1.1/test/unit/aztec/AZEncodeDecodeTest.cpp:105:28: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. : matrix.width() - 1 - random.next(0, aztec.layers * 2 - 1); data/zxing-cpp-1.1.1/test/unit/aztec/AZEncodeDecodeTest.cpp:106:12: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int y = random.next(0, 1) == 1 ? data/zxing-cpp-1.1.1/test/unit/aztec/AZEncodeDecodeTest.cpp:107:5: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. random.next(0, aztec.layers * 2 - 1) data/zxing-cpp-1.1.1/test/unit/aztec/AZEncodeDecodeTest.cpp:108:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. : matrix.height() - 1 - random.next(0, aztec.layers * 2 - 1); data/zxing-cpp-1.1.1/test/unit/pdf417/PDF417ErrorCorrectionTest.cpp:60:76: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. static void Corrupt(std::vector<int>& received, int howMany, PseudoRandom& random, int max) data/zxing-cpp-1.1.1/test/unit/pdf417/PDF417ErrorCorrectionTest.cpp:64:18: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int location = random.next(0, (int)received.size() - 1); data/zxing-cpp-1.1.1/test/unit/pdf417/PDF417ErrorCorrectionTest.cpp:65:15: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int value = random.next(0, max - 1); data/zxing-cpp-1.1.1/test/unit/pdf417/PDF417ErrorCorrectionTest.cpp:86:15: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. PseudoRandom random(0x12345678); data/zxing-cpp-1.1.1/test/unit/pdf417/PDF417ErrorCorrectionTest.cpp:89:17: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. received[i] = random.next(0, 255); data/zxing-cpp-1.1.1/test/unit/pdf417/PDF417ErrorCorrectionTest.cpp:96:15: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. PseudoRandom random(0x12345678); data/zxing-cpp-1.1.1/test/unit/pdf417/PDF417ErrorCorrectionTest.cpp:99:33: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Corrupt(received, MAX_ERRORS, random, 929); data/zxing-cpp-1.1.1/test/unit/pdf417/PDF417ErrorCorrectionTest.cpp:107:15: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. PseudoRandom random(0x12345678); data/zxing-cpp-1.1.1/test/unit/pdf417/PDF417ErrorCorrectionTest.cpp:108:36: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Corrupt(received, MAX_ERRORS + 1, random, 929); data/zxing-cpp-1.1.1/core/src/LogMatrix.h:49:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* f = fopen(fn, "wb"); data/zxing-cpp-1.1.1/core/src/TextUtfEncoding.cpp:218:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4]; data/zxing-cpp-1.1.1/core/src/TextUtfEncoding.cpp:238:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4]; data/zxing-cpp-1.1.1/core/src/ZXStrConvWorkaround.h:39:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(s.c_str()); data/zxing-cpp-1.1.1/core/src/oned/ODCode39Reader.cpp:52:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char PERCENTAGE_MAPPING[26] = { data/zxing-cpp-1.1.1/core/src/oned/ODCode39Reader.cpp:133:59: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. DecodeExtendedCode39AndCode93(std::string& encoded, const char ctrl[4]) data/zxing-cpp-1.1.1/core/src/oned/ODCode93Reader.cpp:108:64: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. bool DecodeExtendedCode39AndCode93(std::string& encoded, const char ctrl[4]); data/zxing-cpp-1.1.1/test/blackbox/TestReaderMain.cpp:42:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return var ? atoi(var) : fallback; data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:600:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char validate_uint32[sizeof(stbi__uint32)==4 ? 1 : -1]; data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:1142:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, row0, bytes_copy); data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:1143:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(row0, row1, bytes_copy); data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:1144:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(row1, temp, bytes_copy); data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:1228:49: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). STBI_EXTERN __declspec(dllimport) int __stdcall MultiByteToWideChar(unsigned int cp, unsigned long flags, const char *str, int cbmb, wchar_t *widestr, int cchwide); data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:1243:4: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wMode[64]; data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:1244:4: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wFilename[1024]; data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:1262:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, mode); data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:1573:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, s->img_buffer, blen); data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:1583:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, s->img_buffer, n); data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:3053:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char tag[5] = {'J','F','I','F','\0'}; data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:3063:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char tag[6] = {'A','d','o','b','e','\0'}; data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:3168:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char rgb[3] = { 'R', 'G', 'B' }; data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:4240:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a->zout, a->zbuffer, len); data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:4564:40: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. case STBI__F_none: memcpy(cur, raw, nk); break; data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:4720:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(final + out_y*a->s->img_x*out_bytes + out_x*out_bytes, data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:5638:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char raw_data[4] = {0}; data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:6543:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &g->out[pi * 4], &two_back[pi * 4], 4 ); data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:6550:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &g->out[pi * 4], &g->background[pi * 4], 4 ); data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:6561:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( g->background, g->out, 4 * g->w * g->h ); data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:6625:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &g->out[pi * 4], &g->pal[g->bgindex], 4 ); data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:6720:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( out + ((layers - 1) * stride), u, stride ); data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:6859:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[STBI__HDR_BUFLEN]; data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:6987:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[STBI__HDR_BUFLEN]; data/zxing-cpp-1.1.1/thirdparty/stb/stb_image_write.h:292:50: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). STBIW_EXTERN __declspec(dllimport) int __stdcall MultiByteToWideChar(unsigned int cp, unsigned long flags, const char *str, int cbmb, wchar_t *widestr, int cchwide); data/zxing-cpp-1.1.1/thirdparty/stb/stb_image_write.h:305:4: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wMode[64]; data/zxing-cpp-1.1.1/thirdparty/stb/stb_image_write.h:306:4: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wFilename[1024]; data/zxing-cpp-1.1.1/thirdparty/stb/stb_image_write.h:324:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, mode); data/zxing-cpp-1.1.1/thirdparty/stb/stb_image_write.h:355:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char b[2]; data/zxing-cpp-1.1.1/thirdparty/stb/stb_image_write.h:361:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char b[4]; data/zxing-cpp-1.1.1/thirdparty/stb/stb_image_write.h:390:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char arr[3]; data/zxing-cpp-1.1.1/thirdparty/stb/stb_image_write.h:397:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bg[3] = { 255, 0, 255}, px[3]; data/zxing-cpp-1.1.1/thirdparty/stb/stb_image_write.h:636:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char scanlineheader[4] = { 2, 2, 0, 0 }; data/zxing-cpp-1.1.1/thirdparty/stb/stb_image_write.h:637:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rgbe[4]; data/zxing-cpp-1.1.1/thirdparty/stb/stb_image_write.h:731:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/zxing-cpp-1.1.1/thirdparty/stb/stb_image_write.h:738:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. len = sprintf(buffer, "EXPOSURE= 1.0000000000000\n\n-Y %d +X %d\n", y, x); data/zxing-cpp-1.1.1/thirdparty/stb/stb_image_write.h:1049:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(line_buffer, z, width*n); data/zxing-cpp-1.1.1/thirdparty/stb/stb_image_write.h:1078:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sig[8] = { 137,80,78,71,13,10,26,10 }; data/zxing-cpp-1.1.1/thirdparty/stb/stb_image_write.h:1418:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char YTable[64], UVTable[64]; data/zxing-cpp-1.1.1/core/src/MultiFormatReader.cpp:94:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). MultiFormatReader::read(const BinaryBitmap& image) const data/zxing-cpp-1.1.1/core/src/MultiFormatReader.h:43:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Result read(const BinaryBitmap& image) const; data/zxing-cpp-1.1.1/core/src/ReadBarcode.cpp:87:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return reader.read(HybridBinarizer(srcPtr)); data/zxing-cpp-1.1.1/core/src/ReadBarcode.cpp:89:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return reader.read(GlobalHistogramBinarizer(srcPtr)); data/zxing-cpp-1.1.1/core/src/ReadBarcode.cpp:95:60: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). case Binarizer::BoolCast: return MultiFormatReader(hints).read(ThresholdBinarizer(iv, 0)); data/zxing-cpp-1.1.1/core/src/ReadBarcode.cpp:96:66: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). case Binarizer::FixedThreshold: return MultiFormatReader(hints).read(ThresholdBinarizer(iv, 127)); data/zxing-cpp-1.1.1/core/src/ZXBigInteger.cpp:365:17: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. auto p = std::mismatch(a.rbegin(), a.rend(), b.rbegin()); data/zxing-cpp-1.1.1/core/src/oned/ODRSSExpandedReader.cpp:391:47: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (pairs.size() <= sequence.size() && std::equal(pairs.begin(), pairs.end(), sequence.begin(), [](const ExpandedPair& p, int seq) { return p.finderPattern().value() == seq; })) { data/zxing-cpp-1.1.1/core/src/oned/rss/ODRSSExpandedRow.h:59:47: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return _pairs.size() == list.size() && std::equal(_pairs.begin(), _pairs.end(), list.begin()); data/zxing-cpp-1.1.1/core/src/oned/rss/ODRSSFieldParser.cpp:182:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(aiPrefix); data/zxing-cpp-1.1.1/core/src/oned/rss/ODRSSFieldParser.cpp:194:81: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). [](const std::string& str, const char* pre) { return strncmp(pre, str.data(), strlen(pre)) == 0; }; data/zxing-cpp-1.1.1/core/src/oned/rss/ODRSSReaderHelper.cpp:107:68: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if ((mismatch == 0 && oddParityBad != evenParityBad) || (std::abs(mismatch) == 1 && oddParityBad == evenParityBad)) data/zxing-cpp-1.1.1/test/blackbox/BlackboxTestRunner.cpp:182:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). auto result = reader.read(*ImageLoader::load(imgPath).rotated(test.rotation)); data/zxing-cpp-1.1.1/test/blackbox/TestReaderMain.cpp:62:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Result result = reader.read(*ImageLoader::load(argv[i]).rotated(rotation)); data/zxing-cpp-1.1.1/test/blackbox/TestReaderMain.cpp:77:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (std::strlen(argv[i]) > 2 && argv[i][0] == '-' && argv[i][1] == 't') { data/zxing-cpp-1.1.1/test/unit/aztec/AZEncodeDecodeTest.cpp:34:44: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return a.length() == b.length() && std::equal(a.begin(), a.end(), b.begin()); data/zxing-cpp-1.1.1/test/unit/datamatrix/DMEncodeDecodeTest.cpp:31:44: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return a.length() == b.length() && std::equal(a.begin(), a.end(), b.begin()); data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:366:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int (*read) (void *user,char *data,int size); // fill 'data' with 'size' bytes. return number of bytes actually read data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:1501:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int n = (s->io.read)(s->io_user_data,(char*)s->buffer_start,s->buflen); data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:1531:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (s->io.read) { data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:1551:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (s->io.read) { data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:1568:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (s->io.read) { data/zxing-cpp-1.1.1/thirdparty/stb/stb_image.h:1575:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). count = (s->io.read)(s->io_user_data, (char*) buffer + blen, n - blen); data/zxing-cpp-1.1.1/wrappers/android/jni/BarcodeReader.cpp:131:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). auto readResult = reader->read(*binImage); data/zxing-cpp-1.1.1/wrappers/gdiplus/BarcodeReader.cpp:44:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). result = _reader->read(*binImg); data/zxing-cpp-1.1.1/wrappers/gdiplus/BarcodeReader.cpp:47:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). result = _reader->read(*binImg->rotated(180)); data/zxing-cpp-1.1.1/wrappers/gdiplus/BarcodeReader.cpp:50:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). result = _reader->read(*binImg->rotated(90)); data/zxing-cpp-1.1.1/wrappers/gdiplus/BarcodeReader.cpp:53:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). result = _reader->read(*binImg->rotated(270)); data/zxing-cpp-1.1.1/wrappers/winrt/BarcodeReader.cpp:222:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). auto result = m_reader->read(*binImg); ANALYSIS SUMMARY: Hits = 118 Lines analyzed = 76706 in approximately 3.96 seconds (19394 lines/second) Physical Source Lines of Code (SLOC) = 55948 Hits@level = [0] 17 [1] 29 [2] 47 [3] 38 [4] 0 [5] 4 Hits@level+ = [0+] 135 [1+] 118 [2+] 89 [3+] 42 [4+] 4 [5+] 4 Hits/KSLOC@level+ = [0+] 2.41295 [1+] 2.1091 [2+] 1.59076 [3+] 0.750697 [4+] 0.071495 [5+] 0.071495 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.