The following issues were found
src/viewer/scrollview.cpp
17 issues
Line: 67
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
any->command_id = command_id;
any->counter = counter;
any->parameter = new char[strlen(parameter) + 1];
strcpy(any->parameter, parameter);
any->type = type;
any->x = x;
any->y = y;
any->x_size = x_size;
any->y_size = y_size;
Reported by FlawFinder.
Line: 118
Column: 7
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (cur->window != nullptr) {
auto length = strlen(p);
cur->parameter = new char[length + 1];
strcpy(cur->parameter, p);
if (length > 0) { // remove the last \n
cur->parameter[length - 1] = '\0';
}
cur->type = static_cast<SVEventType>(ev_type);
// Correct selection coordinates so x,y is the min pt and size is +ve.
Reported by FlawFinder.
Line: 405
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
char message[kMaxMsgSize - 4];
va_start(args, format); // variable list
vsnprintf(message, sizeof(message), format, args);
va_end(args);
char form[kMaxMsgSize];
snprintf(form, sizeof(form), "w%u:%s\n", window_id_, message);
Reported by FlawFinder.
Line: 574
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
char message[kMaxMsgSize - 4];
va_start(args, format); // variable list
vsnprintf(message, sizeof(message), format, args);
va_end(args);
char form[kMaxMsgSize];
snprintf(form, sizeof(form), "w%u:%s", window_id_, message);
Reported by FlawFinder.
Line: 760
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
// wait till an input event (all others are thrown away)
ev = AwaitEvent(SVET_INPUT);
char *p = new char[strlen(ev->parameter) + 1];
strcpy(p, ev->parameter);
delete ev;
return p;
}
// Shows a modal Yes/No Dialog which will return 'y' or 'n'
Reported by FlawFinder.
Line: 840
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
lastptr = nextptr;
nextptr = strchr(nextptr + 1, '\'');
}
strcpy(message + pos, lastptr);
return message;
}
// Inverse the Y axis if the coordinates are actually inversed.
int ScrollView::TranslateYCoordinate(int y) {
Reported by FlawFinder.
Line: 311
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
semaphore_ = new SVSemaphore();
// Set up an actual Window on the client side.
char message[kMaxMsgSize];
snprintf(message, sizeof(message),
"w%u = luajava.newInstance('com.google.scrollview.ui"
".SVWindow','%s',%u,%u,%u,%u,%u,%u,%u)\n",
window_id_, window_name_, window_id_, x_pos, y_pos, x_size, y_size, x_canvas_size,
y_canvas_size);
Reported by FlawFinder.
Line: 402
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
SendPolygon();
}
va_list args;
char message[kMaxMsgSize - 4];
va_start(args, format); // variable list
vsnprintf(message, sizeof(message), format, args);
va_end(args);
Reported by FlawFinder.
Line: 408
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
vsnprintf(message, sizeof(message), format, args);
va_end(args);
char form[kMaxMsgSize];
snprintf(form, sizeof(form), "w%u:%s\n", window_id_, message);
stream_->Send(form);
}
Reported by FlawFinder.
Line: 501
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} else if (length > 2) {
// A polyline.
SendMsg("createPolyline(%d)", length);
char coordpair[kMaxIntPairSize];
std::string decimal_coords;
for (int i = 0; i < length; ++i) {
snprintf(coordpair, kMaxIntPairSize, "%d,%d,", points_->xcoords[i], points_->ycoords[i]);
decimal_coords += coordpair;
}
Reported by FlawFinder.
src/api/pdfrenderer.cpp
15 issues
Line: 479
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
const std::string &text = pdf_str.str();
char *result = new char[text.length() + 1];
strcpy(result, text.c_str());
return result;
}
bool TessPDFRenderer::BeginDocumentHandler() {
AppendPDFObject("%PDF-1.5\n%\xDE\xAD\xBE\xEB\n");
Reported by FlawFinder.
Line: 304
Column: 42
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
}
static bool CodepointToUtf16be(int code, char utf16[kMaxBytesPerCodepoint]) {
if ((code > 0xD7FF && code < 0xE000) || code > 0x10FFFF) {
tprintf("Dropping invalid codepoint %d\n", code);
return false;
}
if (code < 0x10000) {
Reported by FlawFinder.
Line: 450
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const std::unique_ptr<const char[]> grapheme(res_it->GetUTF8Text(RIL_SYMBOL));
if (grapheme && grapheme[0] != '\0') {
std::vector<char32> unicodes = UNICHAR::UTF8ToUTF32(grapheme.get());
char utf16[kMaxBytesPerCodepoint];
for (char32 code : unicodes) {
if (CodepointToUtf16be(code, utf16)) {
pdf_word += utf16;
pdf_word_len++;
}
Reported by FlawFinder.
Line: 791
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*pdf_object = new char[*pdf_object_size];
char *p = *pdf_object;
memcpy(p, b1.str().c_str(), b1_len);
p += b1_len;
memcpy(p, colorspace.str().c_str(), colorspace_len);
p += colorspace_len;
memcpy(p, b2.str().c_str(), b2_len);
p += b2_len;
Reported by FlawFinder.
Line: 793
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
char *p = *pdf_object;
memcpy(p, b1.str().c_str(), b1_len);
p += b1_len;
memcpy(p, colorspace.str().c_str(), colorspace_len);
p += colorspace_len;
memcpy(p, b2.str().c_str(), b2_len);
p += b2_len;
memcpy(p, cid->datacomp, cid->nbytescomp);
p += cid->nbytescomp;
Reported by FlawFinder.
Line: 795
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p += b1_len;
memcpy(p, colorspace.str().c_str(), colorspace_len);
p += colorspace_len;
memcpy(p, b2.str().c_str(), b2_len);
p += b2_len;
memcpy(p, cid->datacomp, cid->nbytescomp);
p += cid->nbytescomp;
memcpy(p, b3, b3_len);
l_CIDataDestroy(&cid);
Reported by FlawFinder.
Line: 797
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p += colorspace_len;
memcpy(p, b2.str().c_str(), b2_len);
p += b2_len;
memcpy(p, cid->datacomp, cid->nbytescomp);
p += cid->nbytescomp;
memcpy(p, b3, b3_len);
l_CIDataDestroy(&cid);
return true;
}
Reported by FlawFinder.
Line: 799
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p += b2_len;
memcpy(p, cid->datacomp, cid->nbytescomp);
p += cid->nbytescomp;
memcpy(p, b3, b3_len);
l_CIDataDestroy(&cid);
return true;
}
bool TessPDFRenderer::AddImageHandler(TessBaseAPI *api) {
Reported by FlawFinder.
Line: 922
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// INFO
std::string utf16_title = "FEFF"; // byte_order_marker
std::vector<char32> unicodes = UNICHAR::UTF8ToUTF32(title());
char utf16[kMaxBytesPerCodepoint];
for (char32 code : unicodes) {
if (CodepointToUtf16be(code, utf16)) {
utf16_title += utf16;
}
}
Reported by FlawFinder.
Line: 196
Column: 22
CWE codes:
126
}
void TessPDFRenderer::AppendPDFObject(const char *data) {
AppendPDFObjectDIY(strlen(data));
AppendString(data);
}
// Helper function to prevent us from accidentally writing
// scientific notation to an HOCR or PDF file. Besides, three
Reported by FlawFinder.
unittest/scanutils_test.cc
14 issues
Line: 24
void SetUp() override {}
};
TEST_F(ScanutilsTest, DoesScanf) {
// This test verifies that tfscanf does Scanf the same as stdio fscanf.
// There are probably a gazillion more test cases that could be added, but
// these brought the tesseract and unittest test results in line.
std::string filename = file::JoinPath(TESTDATA_DIR, "scanftest.txt");
FILE *fp1 = fopen(filename.c_str(), "r");
Reported by Cppcheck.
Line: 29
Column: 15
CWE codes:
362
// There are probably a gazillion more test cases that could be added, but
// these brought the tesseract and unittest test results in line.
std::string filename = file::JoinPath(TESTDATA_DIR, "scanftest.txt");
FILE *fp1 = fopen(filename.c_str(), "r");
if (fp1 == nullptr) {
std::cout << "Failed to open file " << filename << '\n';
GTEST_SKIP();
}
FILE *fp2 = fopen(filename.c_str(), "r");
Reported by FlawFinder.
Line: 34
Column: 15
CWE codes:
362
std::cout << "Failed to open file " << filename << '\n';
GTEST_SKIP();
}
FILE *fp2 = fopen(filename.c_str(), "r");
if (fp2 == nullptr) {
std::cout << "Failed to open file " << filename << '\n';
fclose(fp1);
GTEST_SKIP();
}
Reported by FlawFinder.
Line: 71
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
}
const int kStrLen = 1024;
char s1[kStrLen];
char s2[kStrLen];
r1 = fscanf(fp1, "%1023s", s1);
r2 = tfscanf(fp2, "%1023s", s2);
EXPECT_EQ(r1, r2);
EXPECT_STREQ(s1, s2);
Reported by FlawFinder.
Line: 72
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
const int kStrLen = 1024;
char s1[kStrLen];
char s2[kStrLen];
r1 = fscanf(fp1, "%1023s", s1);
r2 = tfscanf(fp2, "%1023s", s2);
EXPECT_EQ(r1, r2);
EXPECT_STREQ(s1, s2);
EXPECT_EQ(26, strlen(s2));
Reported by FlawFinder.
Line: 73
Column: 8
CWE codes:
120
Suggestion:
Check that the limit is sufficiently small, or use a different input function
const int kStrLen = 1024;
char s1[kStrLen];
char s2[kStrLen];
r1 = fscanf(fp1, "%1023s", s1);
r2 = tfscanf(fp2, "%1023s", s2);
EXPECT_EQ(r1, r2);
EXPECT_STREQ(s1, s2);
EXPECT_EQ(26, strlen(s2));
r1 = fscanf(fp1, "%20s", s1);
Reported by FlawFinder.
Line: 77
Column: 17
CWE codes:
126
r2 = tfscanf(fp2, "%1023s", s2);
EXPECT_EQ(r1, r2);
EXPECT_STREQ(s1, s2);
EXPECT_EQ(26, strlen(s2));
r1 = fscanf(fp1, "%20s", s1);
r2 = tfscanf(fp2, "%20s", s2);
EXPECT_EQ(r1, r2);
EXPECT_STREQ(s1, s2);
EXPECT_EQ(20, strlen(s2));
Reported by FlawFinder.
Line: 78
Column: 8
CWE codes:
120
Suggestion:
Check that the limit is sufficiently small, or use a different input function
EXPECT_EQ(r1, r2);
EXPECT_STREQ(s1, s2);
EXPECT_EQ(26, strlen(s2));
r1 = fscanf(fp1, "%20s", s1);
r2 = tfscanf(fp2, "%20s", s2);
EXPECT_EQ(r1, r2);
EXPECT_STREQ(s1, s2);
EXPECT_EQ(20, strlen(s2));
// Now read the rest of the alphabet.
Reported by FlawFinder.
Line: 82
Column: 17
CWE codes:
126
r2 = tfscanf(fp2, "%20s", s2);
EXPECT_EQ(r1, r2);
EXPECT_STREQ(s1, s2);
EXPECT_EQ(20, strlen(s2));
// Now read the rest of the alphabet.
r1 = fscanf(fp1, "%1023s", s1);
r2 = tfscanf(fp2, "%1023s", s2);
EXPECT_EQ(r1, r2);
EXPECT_STREQ(s1, s2);
Reported by FlawFinder.
Line: 84
Column: 8
CWE codes:
120
Suggestion:
Check that the limit is sufficiently small, or use a different input function
EXPECT_STREQ(s1, s2);
EXPECT_EQ(20, strlen(s2));
// Now read the rest of the alphabet.
r1 = fscanf(fp1, "%1023s", s1);
r2 = tfscanf(fp2, "%1023s", s2);
EXPECT_EQ(r1, r2);
EXPECT_STREQ(s1, s2);
EXPECT_EQ(6, strlen(s2));
r1 = fscanf(fp1, "%1023s", s1);
Reported by FlawFinder.
unittest/recodebeam_test.cc
12 issues
Line: 334
Dict lstm_dict_;
};
TEST_F(RecodeBeamTest, DoesChinese) {
LOG(INFO) << "Testing chi_tra"
<< "\n";
LoadUnicharset("chi_tra.unicharset");
// Correctly reproduce the first kNumchars characters from easy output.
std::vector<int> transcription;
Reported by Cppcheck.
Line: 207
Column: 11
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
int num_codes = recoder_.code_range();
GENERIC_2D_ARRAY<float> outputs(width + padding, num_codes, 0.0f);
// Fill with random data.
TRand random;
for (int t = 0; t < width; ++t) {
for (int i = 0; i < num_codes; ++i) {
outputs(t, i) = random.UnsignedRand(0.25);
}
}
Reported by FlawFinder.
Line: 210
Column: 25
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
TRand random;
for (int t = 0; t < width; ++t) {
for (int i = 0; i < num_codes; ++i) {
outputs(t, i) = random.UnsignedRand(0.25);
}
}
int t = 0;
for (int unichar_id : unichar_ids) {
RecodedCharID code;
Reported by FlawFinder.
Line: 244
Column: 73
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
}
// Encodes a utf8 string (character) as unichar_id, then recodes, and sets
// the score for the appropriate sequence of codes, returning the ending t.
int EncodeUTF8(const char *utf8_str, float score, int start_t, TRand *random,
GENERIC_2D_ARRAY<float> *outputs) {
int t = start_t;
std::vector<int> unichar_ids;
EXPECT_TRUE(ccutil_.unicharset.encode_string(utf8_str, true, &unichar_ids, nullptr, nullptr));
if (unichar_ids.empty() || utf8_str[0] == '\0') {
Reported by FlawFinder.
Line: 261
Column: 13
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
for (int i = 0; i < len; ++i) {
// Apply the desired score.
(*outputs)(t++, code(i)) = score;
if (random != nullptr && t + (num_ids - u) * RecodedCharID::kMaxCodeLen < outputs->dim1()) {
int dups = static_cast<int>(random->UnsignedRand(3.0));
for (int d = 0; d < dups; ++d) {
// Duplicate the desired score.
(*outputs)(t++, code(i)) = score;
}
Reported by FlawFinder.
Line: 269
Column: 11
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
}
}
}
if (random != nullptr && t + (num_ids - u) * RecodedCharID::kMaxCodeLen < outputs->dim1()) {
int dups = static_cast<int>(random->UnsignedRand(3.0));
for (int d = 0; d < dups; ++d) {
// Add a random number of nulls as well.
(*outputs)(t++, encoded_null_char_) = score;
}
Reported by FlawFinder.
Line: 285
Column: 59
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
// null_char_.
GENERIC_2D_ARRAY<float> GenerateSyntheticOutputs(const char *chars1[], const float scores1[],
const char *chars2[], const float scores2[],
TRand *random) {
int width = 0;
while (chars1[width] != nullptr) {
++width;
}
int padding = width * RecodedCharID::kMaxCodeLen;
Reported by FlawFinder.
Line: 297
Column: 57
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
for (int i = 0; i < width; ++i) {
// In case there is overlap in the codes between 1st and 2nd choice, it
// is better to encode the 2nd choice first.
int end_t2 = EncodeUTF8(chars2[i], scores2[i], t, random, &outputs);
int end_t1 = EncodeUTF8(chars1[i], scores1[i], t, random, &outputs);
// Advance t to the max end, setting everything else to the leftovers.
int max_t = std::max(end_t1, end_t2);
while (t < max_t) {
double total_score = 0.0;
Reported by FlawFinder.
Line: 298
Column: 57
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
// In case there is overlap in the codes between 1st and 2nd choice, it
// is better to encode the 2nd choice first.
int end_t2 = EncodeUTF8(chars2[i], scores2[i], t, random, &outputs);
int end_t1 = EncodeUTF8(chars1[i], scores1[i], t, random, &outputs);
// Advance t to the max end, setting everything else to the leftovers.
int max_t = std::max(end_t1, end_t2);
while (t < max_t) {
double total_score = 0.0;
for (int j = 0; j < num_codes; ++j) {
Reported by FlawFinder.
Line: 476
Column: 9
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
<< "\n";
LoadUnicharset("vie.d.unicharset");
tesseract::SetupBasicProperties(false, true, &ccutil_.unicharset);
TRand random;
GENERIC_2D_ARRAY<float> outputs =
GenerateSyntheticOutputs(kViTops, kViTopScores, kVi2nds, kVi2ndScores, &random);
PointerVector<WERD_RES> words;
std::string truth_str;
tesseract::NormalizeUTF8String(tesseract::UnicodeNormMode::kNFKC, tesseract::OCRNorm::kNormalize,
Reported by FlawFinder.
src/textord/pitsync1.h
12 issues
Line: 81
double cost; // cost function
};
ELISTIZEH(FPSEGPT)
CLISTIZEH(FPSEGPT_LIST)
extern INT_VAR_H(pitsync_linear_version);
extern double_VAR_H(pitsync_joined_edge);
extern double_VAR_H(pitsync_offset_freecut_fraction);
double check_pitch_sync( // find segmentation
Reported by Cppcheck.
Line: 81
double cost; // cost function
};
ELISTIZEH(FPSEGPT)
CLISTIZEH(FPSEGPT_LIST)
extern INT_VAR_H(pitsync_linear_version);
extern double_VAR_H(pitsync_joined_edge);
extern double_VAR_H(pitsync_offset_freecut_fraction);
double check_pitch_sync( // find segmentation
Reported by Cppcheck.
Line: 81
double cost; // cost function
};
ELISTIZEH(FPSEGPT)
CLISTIZEH(FPSEGPT_LIST)
extern INT_VAR_H(pitsync_linear_version);
extern double_VAR_H(pitsync_joined_edge);
extern double_VAR_H(pitsync_offset_freecut_fraction);
double check_pitch_sync( // find segmentation
Reported by Cppcheck.
Line: 81
double cost; // cost function
};
ELISTIZEH(FPSEGPT)
CLISTIZEH(FPSEGPT_LIST)
extern INT_VAR_H(pitsync_linear_version);
extern double_VAR_H(pitsync_joined_edge);
extern double_VAR_H(pitsync_offset_freecut_fraction);
double check_pitch_sync( // find segmentation
Reported by Cppcheck.
Line: 81
double cost; // cost function
};
ELISTIZEH(FPSEGPT)
CLISTIZEH(FPSEGPT_LIST)
extern INT_VAR_H(pitsync_linear_version);
extern double_VAR_H(pitsync_joined_edge);
extern double_VAR_H(pitsync_offset_freecut_fraction);
double check_pitch_sync( // find segmentation
Reported by Cppcheck.
Line: 81
double cost; // cost function
};
ELISTIZEH(FPSEGPT)
CLISTIZEH(FPSEGPT_LIST)
extern INT_VAR_H(pitsync_linear_version);
extern double_VAR_H(pitsync_joined_edge);
extern double_VAR_H(pitsync_offset_freecut_fraction);
double check_pitch_sync( // find segmentation
Reported by Cppcheck.
Line: 81
double cost; // cost function
};
ELISTIZEH(FPSEGPT)
CLISTIZEH(FPSEGPT_LIST)
extern INT_VAR_H(pitsync_linear_version);
extern double_VAR_H(pitsync_joined_edge);
extern double_VAR_H(pitsync_offset_freecut_fraction);
double check_pitch_sync( // find segmentation
Reported by Cppcheck.
Line: 81
double cost; // cost function
};
ELISTIZEH(FPSEGPT)
CLISTIZEH(FPSEGPT_LIST)
extern INT_VAR_H(pitsync_linear_version);
extern double_VAR_H(pitsync_joined_edge);
extern double_VAR_H(pitsync_offset_freecut_fraction);
double check_pitch_sync( // find segmentation
Reported by Cppcheck.
Line: 81
double cost; // cost function
};
ELISTIZEH(FPSEGPT)
CLISTIZEH(FPSEGPT_LIST)
extern INT_VAR_H(pitsync_linear_version);
extern double_VAR_H(pitsync_joined_edge);
extern double_VAR_H(pitsync_offset_freecut_fraction);
double check_pitch_sync( // find segmentation
Reported by Cppcheck.
Line: 81
double cost; // cost function
};
ELISTIZEH(FPSEGPT)
CLISTIZEH(FPSEGPT_LIST)
extern INT_VAR_H(pitsync_linear_version);
extern double_VAR_H(pitsync_joined_edge);
extern double_VAR_H(pitsync_offset_freecut_fraction);
double check_pitch_sync( // find segmentation
Reported by Cppcheck.
unittest/pango_font_info_test.cc
11 issues
Line: 78
PangoFontInfo font_info_;
};
TEST_F(PangoFontInfoTest, TestNonDefaultConstructor) {
PangoFontInfo font("Arial Bold Italic 12");
EXPECT_EQ(12, font.font_size());
EXPECT_EQ("Arial", font.family_name());
}
Reported by Cppcheck.
Line: 122
Column: 52
CWE codes:
126
TEST_F(PangoFontInfoTest, CanRenderString) {
font_info_.ParseFontDescriptionName("Verdana 12");
EXPECT_TRUE(font_info_.CanRenderString(kEngText, strlen(kEngText)));
font_info_.ParseFontDescriptionName("UnBatang 12");
EXPECT_TRUE(font_info_.CanRenderString(kKorText, strlen(kKorText)));
font_info_.ParseFontDescriptionName("Lohit Hindi 12");
Reported by FlawFinder.
Line: 125
Column: 52
CWE codes:
126
EXPECT_TRUE(font_info_.CanRenderString(kEngText, strlen(kEngText)));
font_info_.ParseFontDescriptionName("UnBatang 12");
EXPECT_TRUE(font_info_.CanRenderString(kKorText, strlen(kKorText)));
font_info_.ParseFontDescriptionName("Lohit Hindi 12");
EXPECT_TRUE(font_info_.CanRenderString(kHinText, strlen(kHinText)));
}
Reported by FlawFinder.
Line: 128
Column: 52
CWE codes:
126
EXPECT_TRUE(font_info_.CanRenderString(kKorText, strlen(kKorText)));
font_info_.ParseFontDescriptionName("Lohit Hindi 12");
EXPECT_TRUE(font_info_.CanRenderString(kHinText, strlen(kHinText)));
}
TEST_F(PangoFontInfoTest, CanRenderLigature) {
font_info_.ParseFontDescriptionName("Arab 12");
const char kArabicLigature[] = "لا";
Reported by FlawFinder.
Line: 134
Column: 59
CWE codes:
126
TEST_F(PangoFontInfoTest, CanRenderLigature) {
font_info_.ParseFontDescriptionName("Arab 12");
const char kArabicLigature[] = "لا";
EXPECT_TRUE(font_info_.CanRenderString(kArabicLigature, strlen(kArabicLigature)));
printf("Next word\n");
EXPECT_TRUE(font_info_.CanRenderString(kArabicText, strlen(kArabicText)));
}
Reported by FlawFinder.
Line: 137
Column: 55
CWE codes:
126
EXPECT_TRUE(font_info_.CanRenderString(kArabicLigature, strlen(kArabicLigature)));
printf("Next word\n");
EXPECT_TRUE(font_info_.CanRenderString(kArabicText, strlen(kArabicText)));
}
TEST_F(PangoFontInfoTest, CannotRenderUncoveredString) {
font_info_.ParseFontDescriptionName("Verdana 12");
EXPECT_FALSE(font_info_.CanRenderString(kKorText, strlen(kKorText)));
Reported by FlawFinder.
Line: 142
Column: 53
CWE codes:
126
TEST_F(PangoFontInfoTest, CannotRenderUncoveredString) {
font_info_.ParseFontDescriptionName("Verdana 12");
EXPECT_FALSE(font_info_.CanRenderString(kKorText, strlen(kKorText)));
}
TEST_F(PangoFontInfoTest, CannotRenderInvalidString) {
font_info_.ParseFontDescriptionName("Lohit Hindi 12");
for (int i = 0; kBadlyFormedHinWords[i] != nullptr; ++i) {
Reported by FlawFinder.
Line: 149
Column: 61
CWE codes:
126
font_info_.ParseFontDescriptionName("Lohit Hindi 12");
for (int i = 0; kBadlyFormedHinWords[i] != nullptr; ++i) {
EXPECT_FALSE(
font_info_.CanRenderString(kBadlyFormedHinWords[i], strlen(kBadlyFormedHinWords[i])))
<< "Can render " << kBadlyFormedHinWords[i];
}
}
TEST_F(PangoFontInfoTest, CanDropUncoveredChars) {
Reported by FlawFinder.
Line: 196
Column: 31
CWE codes:
126
void CountUnicodeChars(const char *utf8_text, std::unordered_map<char32, int64_t> *ch_map) {
ch_map->clear();
UnicodeText ut;
ut.PointToUTF8(utf8_text, strlen(utf8_text));
for (UnicodeText::const_iterator it = ut.begin(); it != ut.end(); ++it) {
# if 0
if (UnicodeProps::IsWhitespace(*it)) continue;
# else
if (std::isspace(*it))
Reported by FlawFinder.
Line: 270
Column: 45
CWE codes:
126
std::vector<std::string> graphemes;
std::string selected_font;
EXPECT_TRUE(
FontUtils::SelectFont(kLangText[i], strlen(kLangText[i]), &selected_font, &graphemes));
EXPECT_TRUE(selected_font.size());
EXPECT_TRUE(graphemes.size());
}
}
Reported by FlawFinder.
src/training/common/mastertrainer.cpp
11 issues
Line: 139
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void MasterTrainer::ReadTrainingSamples(const char *page_name,
const FEATURE_DEFS_STRUCT &feature_defs,
bool verification) {
char buffer[2048];
const int int_feature_type = ShortNameToFeatureType(feature_defs, kIntFeatureType);
const int micro_feature_type = ShortNameToFeatureType(feature_defs, kMicroFeatureType);
const int cn_feature_type = ShortNameToFeatureType(feature_defs, kCNFeatureType);
const int geo_feature_type = ShortNameToFeatureType(feature_defs, kGeoFeatureType);
Reported by FlawFinder.
Line: 145
Column: 14
CWE codes:
362
const int cn_feature_type = ShortNameToFeatureType(feature_defs, kCNFeatureType);
const int geo_feature_type = ShortNameToFeatureType(feature_defs, kGeoFeatureType);
FILE *fp = fopen(page_name, "rb");
if (fp == nullptr) {
tprintf("Failed to open tr file: %s\n", page_name);
return;
}
tr_filenames_.emplace_back(page_name);
Reported by FlawFinder.
Line: 374
Column: 14
CWE codes:
362
// Loads the basic font properties file into fontinfo_table_.
// Returns false on failure.
bool MasterTrainer::LoadFontInfo(const char *filename) {
FILE *fp = fopen(filename, "rb");
if (fp == nullptr) {
fprintf(stderr, "Failed to load font_properties from %s\n", filename);
return false;
}
int italic, bold, fixed, serif, fraktur;
Reported by FlawFinder.
Line: 412
Column: 13
CWE codes:
362
if (filename == nullptr) {
return true;
}
FILE *f = fopen(filename, "rb");
if (f == nullptr) {
fprintf(stderr, "Failed to load font xheights from %s\n", filename);
return false;
}
tprintf("Reading x-heights from %s ...\n", filename);
Reported by FlawFinder.
Line: 421
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
FontInfo fontinfo;
fontinfo.properties = 0; // Not used to lookup in the table.
fontinfo.universal_id = 0;
char buffer[1024];
int xht;
int total_xheight = 0;
int xheight_count = 0;
while (!feof(f)) {
if (tfscanf(f, "%1023s %d\n", buffer, &xht) != 2) {
Reported by FlawFinder.
Line: 456
Column: 25
CWE codes:
362
// Reads spacing stats from filename and adds them to fontinfo_table.
bool MasterTrainer::AddSpacingInfo(const char *filename) {
FILE *fontinfo_file = fopen(filename, "rb");
if (fontinfo_file == nullptr) {
return true; // We silently ignore missing files!
}
// Find the fontinfo_id.
int fontinfo_id = GetBestMatchingFontInfoId(filename);
Reported by FlawFinder.
Line: 472
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// to duplicate current behavior.
int scale = kBlnXHeight / xheights_[fontinfo_id];
int num_unichars;
char uch[UNICHAR_LEN];
char kerned_uch[UNICHAR_LEN];
int x_gap, x_gap_before, x_gap_after, num_kerned;
ASSERT_HOST(tfscanf(fontinfo_file, "%d\n", &num_unichars) == 1);
FontInfo *fi = &fontinfo_table_.at(fontinfo_id);
fi->init_spacing(unicharset_.size());
Reported by FlawFinder.
Line: 473
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int scale = kBlnXHeight / xheights_[fontinfo_id];
int num_unichars;
char uch[UNICHAR_LEN];
char kerned_uch[UNICHAR_LEN];
int x_gap, x_gap_before, x_gap_after, num_kerned;
ASSERT_HOST(tfscanf(fontinfo_file, "%d\n", &num_unichars) == 1);
FontInfo *fi = &fontinfo_table_.at(fontinfo_id);
fi->init_spacing(unicharset_.size());
FontSpacingInfo *spacing = nullptr;
Reported by FlawFinder.
Line: 621
Column: 14
CWE codes:
362
// Move the fontinfo table to classify.
fontinfo_table_.MoveTo(&classify->get_fontinfo_table());
INT_TEMPLATES_STRUCT *int_templates = classify->CreateIntTemplates(float_classes, shape_set);
FILE *fp = fopen(inttemp_file, "wb");
if (fp == nullptr) {
tprintf("Error, failed to open file \"%s\"\n", inttemp_file);
} else {
classify->WriteIntTemplates(fp, int_templates, shape_set);
fclose(fp);
Reported by FlawFinder.
Line: 662
Column: 8
CWE codes:
362
}
shapetable_cutoffs.push_back(max_length);
}
fp = fopen(pffmtable_file, "wb");
if (fp == nullptr) {
tprintf("Error, failed to open file \"%s\"\n", pffmtable_file);
} else {
tesseract::Serialize(fp, shapetable_cutoffs);
for (int c = 0; c < unicharset.size(); ++c) {
Reported by FlawFinder.
src/api/tesseractmain.cpp
11 issues
Line: 64
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (module != nullptr) {
fprintf(stderr, "%s: ", module);
}
vfprintf(stderr, fmt, ap);
fprintf(stderr, ".\n");
}
static void Win32WarningHandler(const char *module, const char *fmt, va_list ap) {
if (module != nullptr) {
Reported by FlawFinder.
Line: 73
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
fprintf(stderr, "%s: ", module);
}
fprintf(stderr, "Warning, ");
vfprintf(stderr, fmt, ap);
fprintf(stderr, ".\n");
}
# endif /* HAVE_TIFFIO_H */
Reported by FlawFinder.
Line: 638
Column: 12
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
std::vector<std::string> vars_vec;
std::vector<std::string> vars_values;
if (std::getenv("LEPT_MSG_SEVERITY")) {
// Get Leptonica message level from environment variable.
setMsgSeverity(L_SEVERITY_EXTERNAL);
} else {
// Disable debugging and informational messages from Leptonica.
setMsgSeverity(L_SEVERITY_ERROR);
Reported by FlawFinder.
Line: 120
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (clGetPlatformIDs(4, platform, &num_platforms) == CL_SUCCESS) {
printf(" Found %u platform(s).\n", num_platforms);
for (unsigned n = 0; n < num_platforms; n++) {
char info[256];
if (clGetPlatformInfo(platform[n], CL_PLATFORM_NAME, 256, info, 0) == CL_SUCCESS) {
printf(" Platform %u name: %s.\n", n + 1, info);
}
if (clGetPlatformInfo(platform[n], CL_PLATFORM_VERSION, 256, info, 0) == CL_SUCCESS) {
printf(" Version: %s.\n", info);
Reported by FlawFinder.
Line: 301
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static bool SetVariablesFromCLArgs(tesseract::TessBaseAPI &api, int argc, char **argv) {
bool success = true;
char opt1[256], opt2[255];
for (int i = 0; i < argc; i++) {
if (strcmp(argv[i], "-c") == 0 && i + 1 < argc) {
strncpy(opt1, argv[i + 1], 255);
opt1[255] = '\0';
char *p = strchr(opt1, '=');
Reported by FlawFinder.
Line: 404
Column: 14
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
*datapath = argv[i + 1];
++i;
} else if (strcmp(argv[i], "--dpi") == 0 && i + 1 < argc) {
*dpi = atoi(argv[i + 1]);
++i;
} else if (strcmp(argv[i], "--user-words") == 0 && i + 1 < argc) {
vars_vec->push_back("user_words_file");
vars_values->push_back(argv[i + 1]);
++i;
Reported by FlawFinder.
Line: 418
Column: 27
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
noocr = true;
*list_langs = true;
} else if (strcmp(argv[i], "--psm") == 0 && i + 1 < argc) {
if (!checkArgValues(atoi(argv[i + 1]), "PSM", tesseract::PSM_COUNT)) {
return false;
}
*pagesegmode = static_cast<tesseract::PageSegMode>(atoi(argv[i + 1]));
++i;
} else if (strcmp(argv[i], "--oem") == 0 && i + 1 < argc) {
Reported by FlawFinder.
Line: 421
Column: 58
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
if (!checkArgValues(atoi(argv[i + 1]), "PSM", tesseract::PSM_COUNT)) {
return false;
}
*pagesegmode = static_cast<tesseract::PageSegMode>(atoi(argv[i + 1]));
++i;
} else if (strcmp(argv[i], "--oem") == 0 && i + 1 < argc) {
#ifndef DISABLED_LEGACY_ENGINE
int oem = atoi(argv[i + 1]);
if (!checkArgValues(oem, "OEM", tesseract::OEM_COUNT)) {
Reported by FlawFinder.
Line: 425
Column: 17
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
++i;
} else if (strcmp(argv[i], "--oem") == 0 && i + 1 < argc) {
#ifndef DISABLED_LEGACY_ENGINE
int oem = atoi(argv[i + 1]);
if (!checkArgValues(oem, "OEM", tesseract::OEM_COUNT)) {
return false;
}
*enginemode = static_cast<tesseract::OcrEngineMode>(oem);
#endif
Reported by FlawFinder.
Line: 304
Column: 7
CWE codes:
120
char opt1[256], opt2[255];
for (int i = 0; i < argc; i++) {
if (strcmp(argv[i], "-c") == 0 && i + 1 < argc) {
strncpy(opt1, argv[i + 1], 255);
opt1[255] = '\0';
char *p = strchr(opt1, '=');
if (!p) {
fprintf(stderr, "Missing = in configvar assignment\n");
success = false;
Reported by FlawFinder.
src/api/baseapi.cpp
10 issues
Line: 1493
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
char *ret = new char[tsv_str.length() + 1];
strcpy(ret, tsv_str.c_str());
return ret;
}
/** The 5 numbers output for each box (the usual 4 and a page number.) */
const int kNumbersPerBlob = 5;
Reported by FlawFinder.
Line: 1744
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
<< "Script confidence: " << script_conf << "\n";
const std::string &text = stream.str();
char *result = new char[text.length() + 1];
strcpy(result, text.c_str());
return result;
}
#endif // ndef DISABLED_LEGACY_ENGINE
Reported by FlawFinder.
Line: 254
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ds_device device = OpenclDevice::getDeviceSelection();
if (device.type == DS_DEVICE_OPENCL_DEVICE) {
*data = new cl_device_id;
memcpy(*data, &device.oclDeviceID, sizeof(cl_device_id));
return sizeof(cl_device_id);
}
#endif
*data = nullptr;
Reported by FlawFinder.
Line: 974
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return false;
}
unsigned page = (tessedit_page_number >= 0) ? tessedit_page_number : 0;
char pagename[MAX_PATH];
std::vector<std::string> lines;
if (!flist) {
std::string line;
for (const auto ch : *buf) {
Reported by FlawFinder.
Line: 1184
Column: 22
CWE codes:
362
#endif
} else {
// Check whether the input file can be read.
if (FILE *file = fopen(filename, "rb")) {
fclose(file);
} else {
fprintf(stderr, "Error, cannot read input file %s: %s\n", filename, strerror(errno));
return false;
}
Reported by FlawFinder.
Line: 1284
Column: 16
CWE codes:
362
if (failed && retry_config != nullptr && retry_config[0] != '\0') {
// Save current config variables before switching modes.
FILE *fp = fopen(kOldVarsFile, "wb");
if (fp == nullptr) {
tprintf("Error, failed to open file \"%s\"\n", kOldVarsFile);
} else {
PrintVariables(fp);
fclose(fp);
Reported by FlawFinder.
Line: 170
Column: 24
CWE codes:
126
if ((data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) == FILE_ATTRIBUTE_DIRECTORY) {
addAvailableLanguages(datadir, base2 + name, langs);
} else {
size_t len = strlen(name);
if (len > extlen && name[len - extlen] == '.' &&
strcmp(&name[len - extlen + 1], kTrainedDataSuffix) == 0) {
name[len - extlen] = '\0';
langs->push_back(base2 + name);
}
Reported by FlawFinder.
Line: 194
Column: 24
CWE codes:
126
if (stat((datadir + base2 + name).c_str(), &st) == 0 && (st.st_mode & S_IFDIR) == S_IFDIR) {
addAvailableLanguages(datadir, base2 + name, langs);
} else {
size_t len = strlen(name);
if (len > extlen && name[len - extlen] == '.' &&
strcmp(&name[len - extlen + 1], kTrainedDataSuffix) == 0) {
name[len - extlen] = '\0';
langs->push_back(base2 + name);
}
Reported by FlawFinder.
Line: 1368
Column: 3
CWE codes:
120
text += para_text.get();
} while (it->Next(RIL_PARA));
char *result = new char[text.length() + 1];
strncpy(result, text.c_str(), text.length() + 1);
return result;
}
static void AddBoxToTSV(const PageIterator *it, PageIteratorLevel level, std::string &text) {
int left, top, right, bottom;
Reported by FlawFinder.
Line: 1550
Column: 24
CWE codes:
126
}
snprintf(result + output_length, total_length - output_length, "%s %d %d %d %d %d\n",
text.get(), left, image_height_ - bottom, right, image_height_ - top, page_number);
output_length += strlen(result + output_length);
// Just in case...
if (output_length + kMaxBytesPerLine > total_length) {
break;
}
}
Reported by FlawFinder.
src/training/text2image.cpp
10 issues
Line: 720
Column: 13
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
// If not set force fontconfig for Mac OS.
// See https://github.com/tesseract-ocr/tesseract/issues/736
char *backend;
backend = getenv("PANGOCAIRO_BACKEND");
if (backend == nullptr) {
static char envstring[] = "PANGOCAIRO_BACKEND=fc";
putenv(envstring);
} else {
printf(
Reported by FlawFinder.
Line: 313
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
std::string output_string;
const int kBufSize = 1024;
char buf[kBufSize];
snprintf(buf, kBufSize, "%d\n", static_cast<int>(spacing_map.size()));
output_string.append(buf);
std::map<std::string, SpacingProperties>::const_iterator spacing_map_it;
for (spacing_map_it = spacing_map.begin(); spacing_map_it != spacing_map.end();
++spacing_map_it) {
Reported by FlawFinder.
Line: 406
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
// Write out
Image pix_glyph_sq_pad_8 = pixConvertTo8(pix_glyph_sq_pad, false);
char filename[1024];
snprintf(filename, 1024, "%s_%d.jpg", FLAGS_outputbase.c_str(), glyph_count++);
if (pixWriteJpeg(filename, pix_glyph_sq_pad_8, 100, 0)) {
tprintf(
"ERROR: MakeIndividualGlyphs(): Failed to write JPEG to %s,"
" at i=%d\n",
Reported by FlawFinder.
Line: 490
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
FLAGS_output_word_boxes = true;
}
char font_desc_name[1024];
snprintf(font_desc_name, 1024, "%s %d", font_name.c_str(), static_cast<int>(FLAGS_ptsize));
StringRenderer render(font_desc_name, FLAGS_xsize, FLAGS_ysize);
render.set_add_ligatures(FLAGS_ligatures);
render.set_leading(FLAGS_leading);
Reported by FlawFinder.
Line: 662
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
pix.destroy();
Image binary = pixThresholdToBinary(gray_pix, 128);
gray_pix.destroy();
char tiff_name[1024];
if (FLAGS_find_fonts) {
if (FLAGS_render_per_font) {
std::string fontname_for_file = tesseract::StringReplace(font_used, " ", "_");
snprintf(tiff_name, 1024, "%s.%s.tif", FLAGS_outputbase.c_str(),
fontname_for_file.c_str());
Reported by FlawFinder.
Line: 700
Column: 16
CWE codes:
362
} else if (!FLAGS_render_per_font && !font_names.empty()) {
std::string filename = FLAGS_outputbase.c_str();
filename += ".fontlist.txt";
FILE *fp = fopen(filename.c_str(), "wb");
if (fp == nullptr) {
tprintf("Failed to create output font list %s\n", filename.c_str());
} else {
for (auto &font_name : font_names) {
fprintf(fp, "%s\n", font_name.c_str());
Reported by FlawFinder.
Line: 248
Column: 52
CWE codes:
126
int offset = 0;
const char *text = utf8_text.c_str();
while (offset < len) {
offset += render->RenderToImage(text + offset, strlen(text + offset), nullptr);
const std::vector<BoxChar *> &boxes = render->GetBoxes();
// If the page break split a bigram, correct the offset so we try the bigram
// on the next iteration.
if (boxes.size() > 2 && !IsWhitespaceBox(boxes[boxes.size() - 1]) &&
Reported by FlawFinder.
Line: 625
Column: 19
CWE codes:
126
int page_num = 0;
std::string font_used;
for (size_t offset = 0;
offset < strlen(to_render_utf8) && (FLAGS_max_pages == 0 || page_num < FLAGS_max_pages);
++im, ++page_num) {
tlog(1, "Starting page %d\n", im);
Image pix = nullptr;
if (FLAGS_find_fonts) {
offset += render.RenderAllFontsToImage(FLAGS_min_coverage, to_render_utf8 + offset,
Reported by FlawFinder.
Line: 631
Column: 48
CWE codes:
126
Image pix = nullptr;
if (FLAGS_find_fonts) {
offset += render.RenderAllFontsToImage(FLAGS_min_coverage, to_render_utf8 + offset,
strlen(to_render_utf8 + offset), &font_used, &pix);
} else {
offset +=
render.RenderToImage(to_render_utf8 + offset, strlen(to_render_utf8 + offset), &pix);
}
if (pix != nullptr) {
Reported by FlawFinder.
Line: 634
Column: 59
CWE codes:
126
strlen(to_render_utf8 + offset), &font_used, &pix);
} else {
offset +=
render.RenderToImage(to_render_utf8 + offset, strlen(to_render_utf8 + offset), &pix);
}
if (pix != nullptr) {
float rotation = 0;
if (pass == 1) {
// Pass 2, do mirror rotation.
Reported by FlawFinder.