Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/baresip-1.0.0/include/baresip.h
Examining data/baresip-1.0.0/mk/win32/static.c
Examining data/baresip-1.0.0/modules/aac/aac.c
Examining data/baresip-1.0.0/modules/aac/aac.h
Examining data/baresip-1.0.0/modules/aac/decode.c
Examining data/baresip-1.0.0/modules/aac/encode.c
Examining data/baresip-1.0.0/modules/aac/sdp.c
Examining data/baresip-1.0.0/modules/account/account.c
Examining data/baresip-1.0.0/modules/alsa/alsa.c
Examining data/baresip-1.0.0/modules/alsa/alsa.h
Examining data/baresip-1.0.0/modules/alsa/alsa_play.c
Examining data/baresip-1.0.0/modules/alsa/alsa_src.c
Examining data/baresip-1.0.0/modules/amr/amr.h
Examining data/baresip-1.0.0/modules/amr/sdp.c
Examining data/baresip-1.0.0/modules/amr/amr.c
Examining data/baresip-1.0.0/modules/aptx/aptx.c
Examining data/baresip-1.0.0/modules/aptx/aptx.h
Examining data/baresip-1.0.0/modules/aptx/decode.c
Examining data/baresip-1.0.0/modules/aptx/encode.c
Examining data/baresip-1.0.0/modules/aptx/sdp.c
Examining data/baresip-1.0.0/modules/aubridge/aubridge.c
Examining data/baresip-1.0.0/modules/aubridge/aubridge.h
Examining data/baresip-1.0.0/modules/aubridge/device.c
Examining data/baresip-1.0.0/modules/aubridge/play.c
Examining data/baresip-1.0.0/modules/aubridge/src.c
Examining data/baresip-1.0.0/modules/audiounit/audiounit.c
Examining data/baresip-1.0.0/modules/audiounit/audiounit.h
Examining data/baresip-1.0.0/modules/audiounit/player.c
Examining data/baresip-1.0.0/modules/audiounit/recorder.c
Examining data/baresip-1.0.0/modules/audiounit/sess.c
Examining data/baresip-1.0.0/modules/aufile/aufile.c
Examining data/baresip-1.0.0/modules/auloop/auloop.c
Examining data/baresip-1.0.0/modules/ausine/ausine.c
Examining data/baresip-1.0.0/modules/av1/av1.c
Examining data/baresip-1.0.0/modules/av1/av1.h
Examining data/baresip-1.0.0/modules/av1/decode.c
Examining data/baresip-1.0.0/modules/av1/encode.c
Examining data/baresip-1.0.0/modules/avcodec/avcodec.c
Examining data/baresip-1.0.0/modules/avcodec/avcodec.h
Examining data/baresip-1.0.0/modules/avcodec/decode.c
Examining data/baresip-1.0.0/modules/avcodec/encode.c
Examining data/baresip-1.0.0/modules/avcodec/h263.c
Examining data/baresip-1.0.0/modules/avcodec/h265.c
Examining data/baresip-1.0.0/modules/avcodec/h26x.h
Examining data/baresip-1.0.0/modules/avcodec/sdp.c
Examining data/baresip-1.0.0/modules/avfilter/avfilter.c
Examining data/baresip-1.0.0/modules/avfilter/avfilter.h
Examining data/baresip-1.0.0/modules/avfilter/filter.c
Examining data/baresip-1.0.0/modules/avfilter/util.c
Examining data/baresip-1.0.0/modules/avfilter/util.h
Examining data/baresip-1.0.0/modules/avformat/audio.c
Examining data/baresip-1.0.0/modules/avformat/avformat.c
Examining data/baresip-1.0.0/modules/avformat/mod_avformat.h
Examining data/baresip-1.0.0/modules/avformat/video.c
Examining data/baresip-1.0.0/modules/b2bua/b2bua.c
Examining data/baresip-1.0.0/modules/cairo/cairo.c
Examining data/baresip-1.0.0/modules/codec2/codec2.c
Examining data/baresip-1.0.0/modules/cons/cons.c
Examining data/baresip-1.0.0/modules/contact/contact.c
Examining data/baresip-1.0.0/modules/coreaudio/coreaudio.c
Examining data/baresip-1.0.0/modules/coreaudio/coreaudio.h
Examining data/baresip-1.0.0/modules/coreaudio/player.c
Examining data/baresip-1.0.0/modules/coreaudio/recorder.c
Examining data/baresip-1.0.0/modules/ctrl_tcp/ctrl_tcp.c
Examining data/baresip-1.0.0/modules/ctrl_tcp/netstring/netstring.c
Examining data/baresip-1.0.0/modules/ctrl_tcp/netstring/netstring.h
Examining data/baresip-1.0.0/modules/ctrl_tcp/tcp_netstring.c
Examining data/baresip-1.0.0/modules/ctrl_tcp/tcp_netstring.h
Examining data/baresip-1.0.0/modules/debug_cmd/debug_cmd.c
Examining data/baresip-1.0.0/modules/directfb/directfb.c
Examining data/baresip-1.0.0/modules/dshow/dshow.cpp
Examining data/baresip-1.0.0/modules/dtls_srtp/dtls.c
Examining data/baresip-1.0.0/modules/dtls_srtp/dtls_srtp.c
Examining data/baresip-1.0.0/modules/dtls_srtp/dtls_srtp.h
Examining data/baresip-1.0.0/modules/dtls_srtp/srtp.c
Examining data/baresip-1.0.0/modules/ebuacip/ebuacip.c
Examining data/baresip-1.0.0/modules/echo/echo.c
Examining data/baresip-1.0.0/modules/evdev/evdev.c
Examining data/baresip-1.0.0/modules/evdev/print.c
Examining data/baresip-1.0.0/modules/evdev/print.h
Examining data/baresip-1.0.0/modules/fakevideo/fakevideo.c
Examining data/baresip-1.0.0/modules/g711/g711.c
Examining data/baresip-1.0.0/modules/g722/g722.c
Examining data/baresip-1.0.0/modules/g7221/decode.c
Examining data/baresip-1.0.0/modules/g7221/encode.c
Examining data/baresip-1.0.0/modules/g7221/g7221.c
Examining data/baresip-1.0.0/modules/g7221/g7221.h
Examining data/baresip-1.0.0/modules/g7221/sdp.c
Examining data/baresip-1.0.0/modules/g726/g726.c
Examining data/baresip-1.0.0/modules/gsm/gsm.c
Examining data/baresip-1.0.0/modules/gst/gst.c
Examining data/baresip-1.0.0/modules/gst_video/encode.c
Examining data/baresip-1.0.0/modules/gst_video/gst_video.c
Examining data/baresip-1.0.0/modules/gst_video/gst_video.h
Examining data/baresip-1.0.0/modules/gst_video/sdp.c
Examining data/baresip-1.0.0/modules/gtk/call_window.c
Examining data/baresip-1.0.0/modules/gtk/dial_dialog.c
Examining data/baresip-1.0.0/modules/gtk/gtk_mod.c
Examining data/baresip-1.0.0/modules/gtk/gtk_mod.h
Examining data/baresip-1.0.0/modules/gtk/transfer_dialog.c
Examining data/baresip-1.0.0/modules/gtk/uri_entry.c
Examining data/baresip-1.0.0/modules/gzrtp/gzrtp.cpp
Examining data/baresip-1.0.0/modules/gzrtp/messages.cpp
Examining data/baresip-1.0.0/modules/gzrtp/session.cpp
Examining data/baresip-1.0.0/modules/gzrtp/session.h
Examining data/baresip-1.0.0/modules/gzrtp/srtp.cpp
Examining data/baresip-1.0.0/modules/gzrtp/srtp.h
Examining data/baresip-1.0.0/modules/gzrtp/stream.cpp
Examining data/baresip-1.0.0/modules/gzrtp/stream.h
Examining data/baresip-1.0.0/modules/httpd/httpd.c
Examining data/baresip-1.0.0/modules/i2s/i2s.c
Examining data/baresip-1.0.0/modules/i2s/i2s.h
Examining data/baresip-1.0.0/modules/i2s/i2s_play.c
Examining data/baresip-1.0.0/modules/i2s/i2s_src.c
Examining data/baresip-1.0.0/modules/ice/ice.c
Examining data/baresip-1.0.0/modules/ilbc/ilbc.c
Examining data/baresip-1.0.0/modules/isac/isac.c
Examining data/baresip-1.0.0/modules/jack/jack.c
Examining data/baresip-1.0.0/modules/jack/jack_play.c
Examining data/baresip-1.0.0/modules/jack/jack_src.c
Examining data/baresip-1.0.0/modules/jack/mod_jack.h
Examining data/baresip-1.0.0/modules/l16/l16.c
Examining data/baresip-1.0.0/modules/menu/menu.c
Examining data/baresip-1.0.0/modules/mpa/decode.c
Examining data/baresip-1.0.0/modules/mpa/encode.c
Examining data/baresip-1.0.0/modules/mpa/mpa.c
Examining data/baresip-1.0.0/modules/mpa/mpa.h
Examining data/baresip-1.0.0/modules/mpa/sdp.c
Examining data/baresip-1.0.0/modules/mqtt/mqtt.c
Examining data/baresip-1.0.0/modules/mqtt/mqtt.h
Examining data/baresip-1.0.0/modules/mqtt/publish.c
Examining data/baresip-1.0.0/modules/mqtt/subscribe.c
Examining data/baresip-1.0.0/modules/mwi/mwi.c
Examining data/baresip-1.0.0/modules/natpmp/libnatpmp.c
Examining data/baresip-1.0.0/modules/natpmp/libnatpmp.h
Examining data/baresip-1.0.0/modules/natpmp/natpmp.c
Examining data/baresip-1.0.0/modules/omx/module.c
Examining data/baresip-1.0.0/modules/omx/omx.c
Examining data/baresip-1.0.0/modules/omx/omx.h
Examining data/baresip-1.0.0/modules/opensles/opensles.c
Examining data/baresip-1.0.0/modules/opensles/opensles.h
Examining data/baresip-1.0.0/modules/opensles/player.c
Examining data/baresip-1.0.0/modules/opensles/recorder.c
Examining data/baresip-1.0.0/modules/opus/decode.c
Examining data/baresip-1.0.0/modules/opus/encode.c
Examining data/baresip-1.0.0/modules/opus/opus.c
Examining data/baresip-1.0.0/modules/opus/opus.h
Examining data/baresip-1.0.0/modules/opus/sdp.c
Examining data/baresip-1.0.0/modules/opus_multistream/decode.c
Examining data/baresip-1.0.0/modules/opus_multistream/encode.c
Examining data/baresip-1.0.0/modules/opus_multistream/opus_multistream.c
Examining data/baresip-1.0.0/modules/opus_multistream/opus_multistream.h
Examining data/baresip-1.0.0/modules/opus_multistream/sdp.c
Examining data/baresip-1.0.0/modules/oss/oss.c
Examining data/baresip-1.0.0/modules/pcp/listener.c
Examining data/baresip-1.0.0/modules/pcp/pcp.c
Examining data/baresip-1.0.0/modules/pcp/pcp.h
Examining data/baresip-1.0.0/modules/plc/plc.c
Examining data/baresip-1.0.0/modules/portaudio/portaudio.c
Examining data/baresip-1.0.0/modules/presence/notifier.c
Examining data/baresip-1.0.0/modules/presence/presence.c
Examining data/baresip-1.0.0/modules/presence/presence.h
Examining data/baresip-1.0.0/modules/presence/publisher.c
Examining data/baresip-1.0.0/modules/presence/subscriber.c
Examining data/baresip-1.0.0/modules/pulse/player.c
Examining data/baresip-1.0.0/modules/pulse/pulse.c
Examining data/baresip-1.0.0/modules/pulse/pulse.h
Examining data/baresip-1.0.0/modules/pulse/recorder.c
Examining data/baresip-1.0.0/modules/rst/audio.c
Examining data/baresip-1.0.0/modules/rst/rst.c
Examining data/baresip-1.0.0/modules/rst/rst.h
Examining data/baresip-1.0.0/modules/rst/video.c
Examining data/baresip-1.0.0/modules/rtcpsummary/rtcpsummary.c
Examining data/baresip-1.0.0/modules/sdl/sdl.c
Examining data/baresip-1.0.0/modules/selfview/selfview.c
Examining data/baresip-1.0.0/modules/snapshot/png_vf.c
Examining data/baresip-1.0.0/modules/snapshot/png_vf.h
Examining data/baresip-1.0.0/modules/snapshot/snapshot.c
Examining data/baresip-1.0.0/modules/sndfile/sndfile.c
Examining data/baresip-1.0.0/modules/sndio/sndio.c
Examining data/baresip-1.0.0/modules/speex_pp/speex_pp.c
Examining data/baresip-1.0.0/modules/srtp/sdes.c
Examining data/baresip-1.0.0/modules/srtp/sdes.h
Examining data/baresip-1.0.0/modules/srtp/srtp.c
Examining data/baresip-1.0.0/modules/stdio/stdio.c
Examining data/baresip-1.0.0/modules/stun/stun.c
Examining data/baresip-1.0.0/modules/swscale/swscale.c
Examining data/baresip-1.0.0/modules/syslog/syslog.c
Examining data/baresip-1.0.0/modules/turn/turn.c
Examining data/baresip-1.0.0/modules/uuid/uuid.c
Examining data/baresip-1.0.0/modules/v4l2/v4l2.c
Examining data/baresip-1.0.0/modules/v4l2_codec/v4l2_codec.c
Examining data/baresip-1.0.0/modules/vidbridge/disp.c
Examining data/baresip-1.0.0/modules/vidbridge/src.c
Examining data/baresip-1.0.0/modules/vidbridge/vidbridge.c
Examining data/baresip-1.0.0/modules/vidbridge/vidbridge.h
Examining data/baresip-1.0.0/modules/vidinfo/draw.c
Examining data/baresip-1.0.0/modules/vidinfo/vidinfo.c
Examining data/baresip-1.0.0/modules/vidinfo/vidinfo.h
Examining data/baresip-1.0.0/modules/vidinfo/xga_font_data.c
Examining data/baresip-1.0.0/modules/vidinfo/xga_font_data.h
Examining data/baresip-1.0.0/modules/vidloop/vidloop.c
Examining data/baresip-1.0.0/modules/vp8/decode.c
Examining data/baresip-1.0.0/modules/vp8/encode.c
Examining data/baresip-1.0.0/modules/vp8/sdp.c
Examining data/baresip-1.0.0/modules/vp8/vp8.c
Examining data/baresip-1.0.0/modules/vp8/vp8.h
Examining data/baresip-1.0.0/modules/vp9/decode.c
Examining data/baresip-1.0.0/modules/vp9/encode.c
Examining data/baresip-1.0.0/modules/vp9/sdp.c
Examining data/baresip-1.0.0/modules/vp9/vp9.c
Examining data/baresip-1.0.0/modules/vp9/vp9.h
Examining data/baresip-1.0.0/modules/vumeter/vumeter.c
Examining data/baresip-1.0.0/modules/webrtc_aec/aec.cpp
Examining data/baresip-1.0.0/modules/webrtc_aec/aec.h
Examining data/baresip-1.0.0/modules/webrtc_aec/decode.cpp
Examining data/baresip-1.0.0/modules/webrtc_aec/encode.cpp
Examining data/baresip-1.0.0/modules/wincons/wincons.c
Examining data/baresip-1.0.0/modules/winwave/play.c
Examining data/baresip-1.0.0/modules/winwave/src.c
Examining data/baresip-1.0.0/modules/winwave/winwave.c
Examining data/baresip-1.0.0/modules/winwave/winwave.h
Examining data/baresip-1.0.0/modules/x11/x11.c
Examining data/baresip-1.0.0/modules/x11grab/x11grab.c
Examining data/baresip-1.0.0/modules/zrtp/zrtp.c
Examining data/baresip-1.0.0/src/account.c
Examining data/baresip-1.0.0/src/aucodec.c
Examining data/baresip-1.0.0/src/audio.c
Examining data/baresip-1.0.0/src/aufilt.c
Examining data/baresip-1.0.0/src/auframe.c
Examining data/baresip-1.0.0/src/aulevel.c
Examining data/baresip-1.0.0/src/auplay.c
Examining data/baresip-1.0.0/src/ausrc.c
Examining data/baresip-1.0.0/src/baresip.c
Examining data/baresip-1.0.0/src/call.c
Examining data/baresip-1.0.0/src/cmd.c
Examining data/baresip-1.0.0/src/conf.c
Examining data/baresip-1.0.0/src/config.c
Examining data/baresip-1.0.0/src/contact.c
Examining data/baresip-1.0.0/src/core.h
Examining data/baresip-1.0.0/src/custom_hdrs.c
Examining data/baresip-1.0.0/src/event.c
Examining data/baresip-1.0.0/src/h264.c
Examining data/baresip-1.0.0/src/log.c
Examining data/baresip-1.0.0/src/magic.h
Examining data/baresip-1.0.0/src/main.c
Examining data/baresip-1.0.0/src/mctrl.c
Examining data/baresip-1.0.0/src/mediadev.c
Examining data/baresip-1.0.0/src/menc.c
Examining data/baresip-1.0.0/src/message.c
Examining data/baresip-1.0.0/src/metric.c
Examining data/baresip-1.0.0/src/mnat.c
Examining data/baresip-1.0.0/src/module.c
Examining data/baresip-1.0.0/src/net.c
Examining data/baresip-1.0.0/src/play.c
Examining data/baresip-1.0.0/src/reg.c
Examining data/baresip-1.0.0/src/rtpext.c
Examining data/baresip-1.0.0/src/rtpstat.c
Examining data/baresip-1.0.0/src/sdp.c
Examining data/baresip-1.0.0/src/sipreq.c
Examining data/baresip-1.0.0/src/stream.c
Examining data/baresip-1.0.0/src/stunuri.c
Examining data/baresip-1.0.0/src/timer.c
Examining data/baresip-1.0.0/src/timestamp.c
Examining data/baresip-1.0.0/src/ua.c
Examining data/baresip-1.0.0/src/ui.c
Examining data/baresip-1.0.0/src/vidcodec.c
Examining data/baresip-1.0.0/src/video.c
Examining data/baresip-1.0.0/src/vidfilt.c
Examining data/baresip-1.0.0/src/vidisp.c
Examining data/baresip-1.0.0/src/vidsrc.c
Examining data/baresip-1.0.0/src/vidutil.c
Examining data/baresip-1.0.0/test/account.c
Examining data/baresip-1.0.0/test/aulevel.c
Examining data/baresip-1.0.0/test/call.c
Examining data/baresip-1.0.0/test/cmd.c
Examining data/baresip-1.0.0/test/contact.c
Examining data/baresip-1.0.0/test/event.c
Examining data/baresip-1.0.0/test/main.c
Examining data/baresip-1.0.0/test/message.c
Examining data/baresip-1.0.0/test/mock/cert.c
Examining data/baresip-1.0.0/test/mock/dnssrv.c
Examining data/baresip-1.0.0/test/mock/mock_aucodec.c
Examining data/baresip-1.0.0/test/mock/mock_aufilt.c
Examining data/baresip-1.0.0/test/mock/mock_auplay.c
Examining data/baresip-1.0.0/test/mock/mock_ausrc.c
Examining data/baresip-1.0.0/test/mock/mock_menc.c
Examining data/baresip-1.0.0/test/mock/mock_mnat.c
Examining data/baresip-1.0.0/test/mock/mock_vidcodec.c
Examining data/baresip-1.0.0/test/mock/mock_vidisp.c
Examining data/baresip-1.0.0/test/mock/mock_vidsrc.c
Examining data/baresip-1.0.0/test/net.c
Examining data/baresip-1.0.0/test/play.c
Examining data/baresip-1.0.0/test/sip/aor.c
Examining data/baresip-1.0.0/test/sip/auth.c
Examining data/baresip-1.0.0/test/sip/domain.c
Examining data/baresip-1.0.0/test/sip/location.c
Examining data/baresip-1.0.0/test/sip/sipsrv.c
Examining data/baresip-1.0.0/test/sip/sipsrv.h
Examining data/baresip-1.0.0/test/sip/user.c
Examining data/baresip-1.0.0/test/test.c
Examining data/baresip-1.0.0/test/test.h
Examining data/baresip-1.0.0/test/ua.c
Examining data/baresip-1.0.0/test/video.c
FINAL RESULTS:
data/baresip-1.0.0/modules/snapshot/snapshot.c:167:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, (tmx->tm_mon < 9 ? "%s-%d-0%d" : "%s-%d-%d"), name,
data/baresip-1.0.0/modules/snapshot/snapshot.c:170:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf + strlen(buf), (tmx->tm_mday < 10 ? "-0%d" : "-%d"),
data/baresip-1.0.0/modules/snapshot/snapshot.c:173:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf + strlen(buf), (tmx->tm_hour < 10 ? "-0%d" : "-%d"),
data/baresip-1.0.0/modules/snapshot/snapshot.c:176:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf + strlen(buf), (tmx->tm_min < 10 ? "-0%d" : "-%d"),
data/baresip-1.0.0/modules/snapshot/snapshot.c:179:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf + strlen(buf), (tmx->tm_sec < 10 ? "-0%d.png" : "-%d.png"),
data/baresip-1.0.0/modules/syslog/syslog.c:71:38: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
const struct mod_export DECL_EXPORTS(syslog) = {
data/baresip-1.0.0/src/contact.c:11:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
enum access {
data/baresip-1.0.0/src/contact.c:24:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
enum access access;
data/baresip-1.0.0/src/contact.c:24:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
enum access access;
data/baresip-1.0.0/src/contact.c:427:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (c && c->access != ACCESS_UNKNOWN)
data/baresip-1.0.0/src/contact.c:431:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (c && c->access != ACCESS_UNKNOWN)
data/baresip-1.0.0/src/main.c:123:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
const int c = getopt(argc, argv, "46de:f:p:hu:n:vst:m:");
data/baresip-1.0.0/test/main.c:171:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
const int c = getopt(argc, argv, "hlv");
data/baresip-1.0.0/include/baresip.h:276:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid[64]; /**< Universally Unique Identifier */
data/baresip-1.0.0/include/baresip.h:277:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local[64]; /**< Local SIP Address */
data/baresip-1.0.0/include/baresip.h:278:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cert[256]; /**< SIP Certificate */
data/baresip-1.0.0/include/baresip.h:279:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cafile[256]; /**< SIP CA-file */
data/baresip-1.0.0/include/baresip.h:290:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char audio_path[256]; /**< Audio file directory */
data/baresip-1.0.0/include/baresip.h:291:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_mod[16]; /**< Audio source module */
data/baresip-1.0.0/include/baresip.h:292:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_dev[128]; /**< Audio source device */
data/baresip-1.0.0/include/baresip.h:293:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char play_mod[16]; /**< Audio playback module */
data/baresip-1.0.0/include/baresip.h:294:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char play_dev[128]; /**< Audio playback device */
data/baresip-1.0.0/include/baresip.h:295:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alert_mod[16]; /**< Audio alert module */
data/baresip-1.0.0/include/baresip.h:296:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alert_dev[128]; /**< Audio alert device */
data/baresip-1.0.0/include/baresip.h:312:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_mod[16]; /**< Video source module */
data/baresip-1.0.0/include/baresip.h:313:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_dev[128]; /**< Video source device */
data/baresip-1.0.0/include/baresip.h:314:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char disp_mod[16]; /**< Video display module */
data/baresip-1.0.0/include/baresip.h:315:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char disp_dev[128]; /**< Video display device */
data/baresip-1.0.0/include/baresip.h:337:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[64]; /**< Bind to interface (optional) */
data/baresip-1.0.0/include/baresip.h:339:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[64];
data/baresip-1.0.0/modules/aac/aac.c:57:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fmtp_local[256] = "";
data/baresip-1.0.0/modules/aac/aac.c:58:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fmtp_mirror[256];
data/baresip-1.0.0/modules/aac/aac.h:14:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config[64];
data/baresip-1.0.0/modules/aac/aac.h:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[8];
data/baresip-1.0.0/modules/aac/decode.c:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_str[64];
data/baresip-1.0.0/modules/account/account.c:38:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(file, "w");
data/baresip-1.0.0/modules/account/account.c:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/baresip-1.0.0/modules/account/account.c:176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256] = "", file[256] = "";
data/baresip-1.0.0/modules/alsa/alsa.c:31:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alsa_dev[64] = "default";
data/baresip-1.0.0/modules/alsa/alsa.h:8:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char alsa_dev[64];
data/baresip-1.0.0/modules/aubridge/device.c:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/baresip-1.0.0/modules/audiounit/audiounit.c:115:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->mem[(mem_idx+1)%2],
data/baresip-1.0.0/modules/ausine/ausine.c:154:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
st->freq = atoi(dev);
data/baresip-1.0.0/modules/avcodec/avcodec.c:152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char h264enc[64] = "libx264";
data/baresip-1.0.0/modules/avcodec/avcodec.c:153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char h264dec[64] = "h264";
data/baresip-1.0.0/modules/avcodec/avcodec.c:154:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char h265enc[64] = "libx265";
data/baresip-1.0.0/modules/avcodec/avcodec.c:155:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char h265dec[64] = "hevc";
data/baresip-1.0.0/modules/avcodec/avcodec.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hwaccel[64];
data/baresip-1.0.0/modules/avfilter/avfilter.c:45:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filter_descr[MAX_DESCR] = "";
data/baresip-1.0.0/modules/avfilter/filter.c:22:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[512];
data/baresip-1.0.0/modules/avfilter/util.c:18:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, a, size);
data/baresip-1.0.0/modules/avfilter/util.c:19:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a, b, size);
data/baresip-1.0.0/modules/avfilter/util.c:20:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b, tmp, size);
data/baresip-1.0.0/modules/avformat/avformat.c:197:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/baresip-1.0.0/modules/avformat/avformat.c:216:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[32];
data/baresip-1.0.0/modules/b2bua/b2bua.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[64], b[64];
data/baresip-1.0.0/modules/cairo/cairo.c:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096] = "";
data/baresip-1.0.0/modules/cairo/cairo.c:259:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logo[256];
data/baresip-1.0.0/modules/contact/contact.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256] = "", file[256] = "";
data/baresip-1.0.0/modules/contact/contact.c:50:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(file, "w");
data/baresip-1.0.0/modules/contact/contact.c:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[256] = "";
data/baresip-1.0.0/modules/contact/contact.c:135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/baresip-1.0.0/modules/contact/contact.c:147:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(file, "r");
data/baresip-1.0.0/modules/contact/contact.c:256:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(file, "w");
data/baresip-1.0.0/modules/contact/contact.c:299:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256] = "", file[256] = "";
data/baresip-1.0.0/modules/coreaudio/coreaudio.c:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_buf[64];
data/baresip-1.0.0/modules/ctrl_tcp/ctrl_tcp.c:113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m[256];
data/baresip-1.0.0/modules/ctrl_tcp/ctrl_tcp.c:174:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/baresip-1.0.0/modules/ctrl_tcp/netstring/netstring.c:123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num_str[32];
data/baresip-1.0.0/modules/ctrl_tcp/netstring/netstring.c:161:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ns, "%lu:", (unsigned long)len);
data/baresip-1.0.0/modules/ctrl_tcp/netstring/netstring.c:162:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ns + num_len + 1, data, len);
data/baresip-1.0.0/modules/ctrl_tcp/tcp_netstring.c:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num_str[32];
data/baresip-1.0.0/modules/directfb/directfb.c:122:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, s, sz);
data/baresip-1.0.0/modules/dshow/dshow.cpp:209:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[256];
data/baresip-1.0.0/modules/dtls_srtp/dtls_srtp.c:209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = "";
data/baresip-1.0.0/modules/ebuacip/ebuacip.c:25:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char jb_type[16];
data/baresip-1.0.0/modules/echo/echo.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[64];
data/baresip-1.0.0/modules/evdev/evdev.c:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char evdev_device[64] = "/dev/input/event0";
data/baresip-1.0.0/modules/evdev/evdev.c:235:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
st->fd = open(dev, O_RDWR);
data/baresip-1.0.0/modules/evdev/print.c:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256]= "Unknown";
data/baresip-1.0.0/modules/gst_video/encode.c:230:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pipeline[1024];
data/baresip-1.0.0/modules/gst_video/encode.c:517:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data[size], frame->data[0],
data/baresip-1.0.0/modules/gst_video/encode.c:520:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data[size], frame->data[1],
data/baresip-1.0.0/modules/gst_video/encode.c:523:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data[size], frame->data[2],
data/baresip-1.0.0/modules/gtk/call_window.c:223:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wavfile[32];
data/baresip-1.0.0/modules/gtk/call_window.c:478:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/baresip-1.0.0/modules/gtk/gtk_mod.c:207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/baresip-1.0.0/modules/gtk/gtk_mod.c:293:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/baresip-1.0.0/modules/gtk/gtk_mod.c:304:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[128];
data/baresip-1.0.0/modules/gtk/gtk_mod.c:312:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[64];
data/baresip-1.0.0/modules/gtk/gtk_mod.c:390:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[64];
data/baresip-1.0.0/modules/gtk/gtk_mod.c:558:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[128];
data/baresip-1.0.0/modules/gtk/gtk_mod.c:559:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[512];
data/baresip-1.0.0/modules/gtk/gtk_mod.c:647:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[512];
data/baresip-1.0.0/modules/gtk/transfer_dialog.c:137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/baresip-1.0.0/modules/gzrtp/gzrtp.cpp:193:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_path[256];
data/baresip-1.0.0/modules/gzrtp/session.cpp:184:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(carg->prm);
data/baresip-1.0.0/modules/gzrtp/srtp.cpp:110:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_buf, key, key_len);
data/baresip-1.0.0/modules/gzrtp/srtp.cpp:111:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_buf + key_len, salt, salt_len);
data/baresip-1.0.0/modules/gzrtp/stream.cpp:56:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&magic, &mbuf_buf(mb)[4], 4);
data/baresip-1.0.0/modules/gzrtp/stream.cpp:217:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (zf->open((char *)config.zid_filename) == -1) {
data/baresip-1.0.0/modules/gzrtp/stream.cpp:459:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&crc32, buf + size - 4, 4);
data/baresip-1.0.0/modules/gzrtp/stream.cpp:468:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m_peer_ssrc, buf + 8, 4);
data/baresip-1.0.0/modules/gzrtp/stream.h:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char client_id[CLIENT_ID_SIZE + 1];
data/baresip-1.0.0/modules/gzrtp/stream.h:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zid_filename[256];
data/baresip-1.0.0/modules/ice/ice.c:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lufrag[8];
data/baresip-1.0.0/modules/ice/ice.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lpwd[32];
data/baresip-1.0.0/modules/ilbc/ilbc.c:54:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ilbc_fmtp[32];
data/baresip-1.0.0/modules/jack/jack_play.c:147:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/baresip-1.0.0/modules/jack/jack_src.c:148:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/baresip-1.0.0/modules/menu/menu.c:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char redial_aor[128];
data/baresip-1.0.0/modules/menu/menu.c:627:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char driver[16], device[128] = "";
data/baresip-1.0.0/modules/menu/menu.c:701:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char driver[16], device[128] = "";
data/baresip-1.0.0/modules/menu/menu.c:772:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char driver[16], device[128] = "";
data/baresip-1.0.0/modules/menu/menu.c:925:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t linenum = atoi(carg->prm);
data/baresip-1.0.0/modules/menu/menu.c:946:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t bitrate = str_isset(carg->prm) ? atoi(carg->prm) : 0;
data/baresip-1.0.0/modules/mpa/mpa.c:83:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fmtp[256] = "";
data/baresip-1.0.0/modules/mpa/mpa.c:84:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fmtp_mirror[256];
data/baresip-1.0.0/modules/mpa/mpa.c:136:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mode[30];
data/baresip-1.0.0/modules/mqtt/mqtt.c:13:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char broker_host[256] = "127.0.0.1";
data/baresip-1.0.0/modules/mqtt/mqtt.c:15:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mqttusername[256] = "";
data/baresip-1.0.0/modules/mqtt/mqtt.c:17:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mqttpassword[256] = "";
data/baresip-1.0.0/modules/mqtt/mqtt.c:19:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mqttclientid[256] = "baresip";
data/baresip-1.0.0/modules/mqtt/mqtt.c:21:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mqttbasetopic[128] = "baresip";
data/baresip-1.0.0/modules/mqtt/mqtt.c:22:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mqttpublishtopic[256];
data/baresip-1.0.0/modules/mqtt/mqtt.c:23:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mqttsubscribetopic[256];
data/baresip-1.0.0/modules/mqtt/subscribe.c:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], resp_topic[256];
data/baresip-1.0.0/modules/mwi/mwi.c:93:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *routev[1];
data/baresip-1.0.0/modules/opus/opus.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fmtp[256] = "";
data/baresip-1.0.0/modules/opus/opus.c:45:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fmtp_mirror[256];
data/baresip-1.0.0/modules/opus_multistream/decode.c:34:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mapping[256];
data/baresip-1.0.0/modules/opus_multistream/encode.c:76:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mapping[256];
data/baresip-1.0.0/modules/opus_multistream/opus_multistream.c:43:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fmtp[256] = "";
data/baresip-1.0.0/modules/opus_multistream/opus_multistream.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fmtp_mirror[256];
data/baresip-1.0.0/modules/oss/oss.c:65:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char oss_dev[64] = "/dev/dsp";
data/baresip-1.0.0/modules/oss/oss.c:263:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
st->fd = open(device, O_RDONLY);
data/baresip-1.0.0/modules/oss/oss.c:321:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
st->fd = open(device, O_WRONLY);
data/baresip-1.0.0/modules/portaudio/portaudio.c:229:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dev_index = atoi(device);
data/baresip-1.0.0/modules/portaudio/portaudio.c:273:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dev_index = atoi(device);
data/baresip-1.0.0/modules/presence/subscriber.c:220:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *routev[1];
data/baresip-1.0.0/modules/rst/video.c:113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096] = "";
data/baresip-1.0.0/modules/sdl/sdl.c:211:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char capt[256];
data/baresip-1.0.0/modules/sdl/sdl.c:306:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, s, sz);
data/baresip-1.0.0/modules/snapshot/png_vf.c:112:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(path, "wb");
data/baresip-1.0.0/modules/snapshot/snapshot.c:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char path_enc[100], path_dec[100];
data/baresip-1.0.0/modules/sndfile/sndfile.c:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char file_path[256] = ".";
data/baresip-1.0.0/modules/sndfile/sndfile.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[128];
data/baresip-1.0.0/modules/srtp/srtp.c:257:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[128] = "";
data/baresip-1.0.0/modules/srtp/srtp.c:275:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64] = "";
data/baresip-1.0.0/modules/uuid/uuid.c:39:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(file, "r");
data/baresip-1.0.0/modules/uuid/uuid.c:45:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(file, "w");
data/baresip-1.0.0/modules/uuid/uuid.c:73:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(file, "r");
data/baresip-1.0.0/modules/uuid/uuid.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/baresip-1.0.0/modules/v4l2/v4l2.c:31:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define v4l2_open open
data/baresip-1.0.0/modules/v4l2/v4l2.c:417:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/baresip-1.0.0/modules/v4l2/v4l2.c:424:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(name, O_RDONLY)) == -1) {
data/baresip-1.0.0/modules/v4l2_codec/v4l2_codec.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fourcc[5] = {0};
data/baresip-1.0.0/modules/v4l2_codec/v4l2_codec.c:381:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
st->fd = open(device, O_RDWR);
data/baresip-1.0.0/modules/vidinfo/draw.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096] = "";
data/baresip-1.0.0/modules/vumeter/vumeter.c:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/baresip-1.0.0/modules/webrtc_aec/encode.cpp:112:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rec[i], out, aec->subframe_len * sizeof(float));
data/baresip-1.0.0/modules/winwave/play.c:188:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int winwave_get_dev_name(unsigned int i, char name[32])
data/baresip-1.0.0/modules/winwave/src.c:188:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int winwave_get_dev_name(unsigned int i, char name[32])
data/baresip-1.0.0/modules/winwave/winwave.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[32];
data/baresip-1.0.0/modules/winwave/winwave.h:21:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int winwave_enum_devices(const char *name, struct list *dev_list,
data/baresip-1.0.0/modules/x11/x11.c:372:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char capt[256];
data/baresip-1.0.0/modules/zrtp/zrtp.c:99:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&magic, &mbuf_buf(mb)[4], 4);
data/baresip-1.0.0/modules/zrtp/zrtp.c:255:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ZRTP_SIGN_ZRTP_HASH_LENGTH + 1];
data/baresip-1.0.0/modules/zrtp/zrtp.c:469:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128] = "";
data/baresip-1.0.0/modules/zrtp/zrtp.c:549:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rzid[ZRTP_STRING16] = "";
data/baresip-1.0.0/modules/zrtp/zrtp.c:626:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_path[256] = "";
data/baresip-1.0.0/modules/zrtp/zrtp.c:627:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zrtp_zid_path[256] = "";
data/baresip-1.0.0/modules/zrtp/zrtp.c:665:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(zrtp_zid_path, "rb")) != NULL) {
data/baresip-1.0.0/modules/zrtp/zrtp.c:672:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((f = fopen(zrtp_zid_path, "wb")) != NULL) {
data/baresip-1.0.0/src/account.c:222:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cname[64];
data/baresip-1.0.0/src/account.c:279:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cname[64];
data/baresip-1.0.0/src/account.c:333:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expr[16] = "outbound";
data/baresip-1.0.0/src/account.c:780:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/baresip-1.0.0/src/account.c:808:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/baresip-1.0.0/src/audio.c:1994:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t ptime_tx = atoi(attr);
data/baresip-1.0.0/src/baresip.c:52:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/baresip-1.0.0/src/call.c:252:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/baresip-1.0.0/src/call.c:1644:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reason[128] = "";
data/baresip-1.0.0/src/call.c:1866:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *routev[1];
data/baresip-1.0.0/src/cmd.c:633:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[64];
data/baresip-1.0.0/src/cmd.c:634:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/baresip-1.0.0/src/cmd.c:695:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namep[64] = "";
data/baresip-1.0.0/src/conf.c:29:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open _open
data/baresip-1.0.0/src/conf.c:89:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int err = 0, fd = open(filename, O_RDONLY);
data/baresip-1.0.0/src/conf.c:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[FS_PATH_MAX];
data/baresip-1.0.0/src/conf.c:335:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[FS_PATH_MAX], file[FS_PATH_MAX];
data/baresip-1.0.0/src/config.c:525:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[64];
data/baresip-1.0.0/src/config.c:713:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(file, "w");
data/baresip-1.0.0/src/core.h:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *outboundv[2]; /**< Optional SIP outbound proxies */
data/baresip-1.0.0/src/log.c:133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/baresip-1.0.0/src/main.c:92:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *execmdv[16];
data/baresip-1.0.0/src/main.c:95:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *modv[16];
data/baresip-1.0.0/src/main.c:181:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmo = atoi(optarg);
data/baresip-1.0.0/src/module.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[FS_PATH_MAX];
data/baresip-1.0.0/src/module.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namestr[256];
data/baresip-1.0.0/src/module.c:223:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/baresip-1.0.0/src/module.c:251:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/baresip-1.0.0/src/net.c:24:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char domain[64]; /**< DNS domain from network */
data/baresip-1.0.0/src/net.c:94:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[256] = "???";
data/baresip-1.0.0/src/net.c:353:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf4[128] = "", buf6[128] = "";
data/baresip-1.0.0/src/play.c:32:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char default_play_path[FS_PATH_MAX] = PREFIX "/share/baresip";
data/baresip-1.0.0/src/play.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char play_path[FS_PATH_MAX];
data/baresip-1.0.0/src/play.c:284:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[FS_PATH_MAX];
data/baresip-1.0.0/src/reg.c:187:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *routev[1];
data/baresip-1.0.0/src/sdp.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expr[64];
data/baresip-1.0.0/src/sipreq.c:117:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *routev[1];
data/baresip-1.0.0/src/ua.c:154:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/baresip-1.0.0/src/ua.c:185:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char params[256] = "";
data/baresip-1.0.0/src/ua.c:447:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_str[2];
data/baresip-1.0.0/src/ua.c:1438:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char to_uri[256];
data/baresip-1.0.0/src/ua.c:1524:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/baresip-1.0.0/src/ui.c:160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/baresip-1.0.0/src/ui.c:226:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pwd[64];
data/baresip-1.0.0/src/video.c:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[128]; /**< Source device name */
data/baresip-1.0.0/src/video.c:132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[128]; /**< Display device name */
data/baresip-1.0.0/test/call.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buri[256];
data/baresip-1.0.0/test/call.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buri_tcp[256];
data/baresip-1.0.0/test/call.c:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curi[256];
data/baresip-1.0.0/test/call.c:452:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[256];
data/baresip-1.0.0/test/call.c:1145:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/baresip-1.0.0/test/call.c:1381:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ASSERT_EQ(20, atoi(sdp_media_rattr(sdp_a, "ptime")));
data/baresip-1.0.0/test/call.c:1384:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ASSERT_EQ(20, atoi(sdp_media_rattr(sdp_b, "ptime")));
data/baresip-1.0.0/test/message.c:22:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[256];
data/baresip-1.0.0/test/message.c:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aor[256];
data/baresip-1.0.0/test/mock/mock_aucodec.c:33:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, sampv, bytes);
data/baresip-1.0.0/test/mock/mock_aucodec.c:57:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sampv, buf, len);
data/baresip-1.0.0/test/mock/mock_menc.c:149:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/baresip-1.0.0/test/sip/auth.c:87:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(auth->realm, realm, len);
data/baresip-1.0.0/test/sip/sipsrv.h:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realm[256];
data/baresip-1.0.0/test/ua.c:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aor[256];
data/baresip-1.0.0/test/ua.c:261:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aor[256];
data/baresip-1.0.0/test/ua.c:262:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srv[256];
data/baresip-1.0.0/test/ua.c:283:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arec[256];
data/baresip-1.0.0/test/ua.c:397:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aor[256];
data/baresip-1.0.0/test/ua.c:503:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aor[256];
data/baresip-1.0.0/test/ua.c:504:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srv[256];
data/baresip-1.0.0/test/ua.c:526:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arec[256];
data/baresip-1.0.0/test/ua.c:715:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[256];
data/baresip-1.0.0/modules/aac/decode.c:121:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = str_hex(config_bin, strlen(config_str)/2, config_str);
data/baresip-1.0.0/modules/aac/decode.c:126:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const UINT length = (UINT)strlen(config_str)/2;
data/baresip-1.0.0/modules/alsa/alsa_src.c:24:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
snd_pcm_t *read;
data/baresip-1.0.0/modules/alsa/alsa_src.c:45:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (st->read)
data/baresip-1.0.0/modules/alsa/alsa_src.c:46:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
snd_pcm_close(st->read);
data/baresip-1.0.0/modules/alsa/alsa_src.c:63:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
err = snd_pcm_start(st->read);
data/baresip-1.0.0/modules/alsa/alsa_src.c:74:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = snd_pcm_readi(st->read, st->sampv, num_frames);
data/baresip-1.0.0/modules/alsa/alsa_src.c:76:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
snd_pcm_prepare(st->read);
data/baresip-1.0.0/modules/alsa/alsa_src.c:138:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
err = snd_pcm_open(&st->read, st->device, SND_PCM_STREAM_CAPTURE, 0);
data/baresip-1.0.0/modules/alsa/alsa_src.c:153:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
err = alsa_reset(st->read, st->prm.srate, st->prm.ch, num_frames,
data/baresip-1.0.0/modules/ctrl_tcp/netstring/netstring.c:127:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(num_str);
data/baresip-1.0.0/modules/ctrl_tcp/tcp_netstring.c:71:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
num_len = strlen(num_str);
data/baresip-1.0.0/modules/evdev/evdev.c:188:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(st->fd, evv, sizeof(evv));
data/baresip-1.0.0/modules/ilbc/ilbc.c:120:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (re_regex(fmtp, strlen(fmtp), "mode=[0-9]+", &mode))
data/baresip-1.0.0/modules/ilbc/ilbc.c:134:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (re_regex(fmtp, strlen(fmtp), "mode=[0-9]+", &mode))
data/baresip-1.0.0/modules/mpa/mpa.c:148:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)re_snprintf(fmtp+strlen(fmtp),
data/baresip-1.0.0/modules/mpa/mpa.c:149:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(fmtp)-strlen(fmtp),
data/baresip-1.0.0/modules/mpa/mpa.c:166:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)re_snprintf(fmtp+strlen(fmtp),
data/baresip-1.0.0/modules/mpa/mpa.c:167:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(fmtp)-strlen(fmtp),
data/baresip-1.0.0/modules/mpa/mpa.c:177:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)re_snprintf(fmtp+strlen(fmtp),
data/baresip-1.0.0/modules/mpa/mpa.c:178:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(fmtp)-strlen(fmtp),
data/baresip-1.0.0/modules/mpa/mpa.c:197:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)re_snprintf(fmtp+strlen(fmtp),
data/baresip-1.0.0/modules/mpa/mpa.c:198:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(fmtp)-strlen(fmtp),
data/baresip-1.0.0/modules/oss/oss.c:190:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(st->fd, st->sampv, st->sampc*2);
data/baresip-1.0.0/modules/rst/rst.c:332:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (re_regex(dev, strlen(dev), "http://[^:/]+[:]*[0-9]*[^]+",
data/baresip-1.0.0/modules/rst/video.c:165:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!re_regex(meta, strlen(meta),
data/baresip-1.0.0/modules/snapshot/snapshot.c:162:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) + 24 >= length) {
data/baresip-1.0.0/modules/snapshot/snapshot.c:170:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf + strlen(buf), (tmx->tm_mday < 10 ? "-0%d" : "-%d"),
data/baresip-1.0.0/modules/snapshot/snapshot.c:173:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf + strlen(buf), (tmx->tm_hour < 10 ? "-0%d" : "-%d"),
data/baresip-1.0.0/modules/snapshot/snapshot.c:176:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf + strlen(buf), (tmx->tm_min < 10 ? "-0%d" : "-%d"),
data/baresip-1.0.0/modules/snapshot/snapshot.c:179:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf + strlen(buf), (tmx->tm_sec < 10 ? "-0%d.png" : "-%d.png"),
data/baresip-1.0.0/modules/stdio/stdio.c:85:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (1 != read(STDIN_FILENO, &key, 1)) {
data/baresip-1.0.0/modules/uuid/uuid.c:98:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(path, "/uuid", sizeof(path) - strlen(path) - 1);
data/baresip-1.0.0/modules/uuid/uuid.c:98:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(path, "/uuid", sizeof(path) - strlen(path) - 1);
data/baresip-1.0.0/modules/v4l2/v4l2.c:32:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define v4l2_read read
data/baresip-1.0.0/modules/v4l2_codec/v4l2_codec.c:123:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fourcc, (char *)&fmtdesc.pixelformat, 4);
data/baresip-1.0.0/modules/v4l2_codec/v4l2_codec.c:162:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fourcc, (char *)&fmt.fmt.pix.pixelformat, 4);
data/baresip-1.0.0/modules/zrtp/zrtp.c:288:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = re_regex(attr_val, strlen(attr_val),
data/baresip-1.0.0/src/cmd.c:154:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(buf, " ..", sz-1);
data/baresip-1.0.0/src/conf.c:30:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read _read
data/baresip-1.0.0/src/conf.c:102:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const ssize_t n = read(fd, (void *)buf, sizeof(buf));
data/baresip-1.0.0/src/config.c:642:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(dp->d_name);
data/baresip-1.0.0/src/ua.c:214:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (re_snprintf(¶ms[strlen(params)],
data/baresip-1.0.0/src/ua.c:215:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(params) - strlen(params),
data/baresip-1.0.0/src/ua.c:223:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (re_snprintf(¶ms[strlen(params)],
data/baresip-1.0.0/src/ua.c:224:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(params) - strlen(params),
data/baresip-1.0.0/test/cmd.c:138:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(input_str); i++) {
data/baresip-1.0.0/test/message.c:56:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_STRCMP(text_plain, strlen(text_plain),
data/baresip-1.0.0/test/sip/auth.c:83:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(realm);
data/baresip-1.0.0/test/sip/sipsrv.c:281:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(test_certificate));
ANALYSIS SUMMARY:
Hits = 293
Lines analyzed = 74915 in approximately 1.50 seconds (49780 lines/second)
Physical Source Lines of Code (SLOC) = 50531
Hits@level = [0] 304 [1] 50 [2] 230 [3] 2 [4] 11 [5] 0
Hits@level+ = [0+] 597 [1+] 293 [2+] 243 [3+] 13 [4+] 11 [5+] 0
Hits/KSLOC@level+ = [0+] 11.8145 [1+] 5.79842 [2+] 4.80893 [3+] 0.257268 [4+] 0.217688 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.