Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/cutesdr-1.20/dsp/agc.cpp Examining data/cutesdr-1.20/dsp/agc.h Examining data/cutesdr-1.20/dsp/amdemod.cpp Examining data/cutesdr-1.20/dsp/amdemod.h Examining data/cutesdr-1.20/dsp/demodulator.cpp Examining data/cutesdr-1.20/dsp/demodulator.h Examining data/cutesdr-1.20/dsp/downconvert.cpp Examining data/cutesdr-1.20/dsp/downconvert.h Examining data/cutesdr-1.20/dsp/fastfir.cpp Examining data/cutesdr-1.20/dsp/fastfir.h Examining data/cutesdr-1.20/dsp/fft.h Examining data/cutesdr-1.20/dsp/filtercoef.h Examining data/cutesdr-1.20/dsp/fir.cpp Examining data/cutesdr-1.20/dsp/fir.h Examining data/cutesdr-1.20/dsp/fircoef.h Examining data/cutesdr-1.20/dsp/fmdemod.cpp Examining data/cutesdr-1.20/dsp/fmdemod.h Examining data/cutesdr-1.20/dsp/fractresampler.cpp Examining data/cutesdr-1.20/dsp/fractresampler.h Examining data/cutesdr-1.20/dsp/fskdemod.cpp Examining data/cutesdr-1.20/dsp/fskdemod.h Examining data/cutesdr-1.20/dsp/fskmod.cpp Examining data/cutesdr-1.20/dsp/fskmod.h Examining data/cutesdr-1.20/dsp/iir.cpp Examining data/cutesdr-1.20/dsp/iir.h Examining data/cutesdr-1.20/dsp/noiseproc.cpp Examining data/cutesdr-1.20/dsp/noiseproc.h Examining data/cutesdr-1.20/dsp/pskdemod.cpp Examining data/cutesdr-1.20/dsp/pskdemod.h Examining data/cutesdr-1.20/dsp/pskmod.cpp Examining data/cutesdr-1.20/dsp/pskmod.h Examining data/cutesdr-1.20/dsp/psktables.h Examining data/cutesdr-1.20/dsp/rbdsconstants.h Examining data/cutesdr-1.20/dsp/samdemod.cpp Examining data/cutesdr-1.20/dsp/samdemod.h Examining data/cutesdr-1.20/dsp/smeter.cpp Examining data/cutesdr-1.20/dsp/smeter.h Examining data/cutesdr-1.20/dsp/ssbdemod.cpp Examining data/cutesdr-1.20/dsp/ssbdemod.h Examining data/cutesdr-1.20/dsp/wfmdemod.cpp Examining data/cutesdr-1.20/dsp/wfmdemod.h Examining data/cutesdr-1.20/dsp/wfmmod.cpp Examining data/cutesdr-1.20/dsp/wfmmod.h Examining data/cutesdr-1.20/dsp/datatypes.h Examining data/cutesdr-1.20/dsp/fft.cpp Examining data/cutesdr-1.20/dsp/datamodifier.cpp Examining data/cutesdr-1.20/dsp/datamodifier.h Examining data/cutesdr-1.20/gui/aboutdlg.cpp Examining data/cutesdr-1.20/gui/aboutdlg.h Examining data/cutesdr-1.20/gui/chatdialog.cpp Examining data/cutesdr-1.20/gui/chatdialog.h Examining data/cutesdr-1.20/gui/demodsetupdlg.cpp Examining data/cutesdr-1.20/gui/demodsetupdlg.h Examining data/cutesdr-1.20/gui/displaydlg.cpp Examining data/cutesdr-1.20/gui/displaydlg.h Examining data/cutesdr-1.20/gui/editnetdlg.cpp Examining data/cutesdr-1.20/gui/editnetdlg.h Examining data/cutesdr-1.20/gui/freqctrl.h Examining data/cutesdr-1.20/gui/ipeditwidget.cpp Examining data/cutesdr-1.20/gui/main.cpp Examining data/cutesdr-1.20/gui/meter.cpp Examining data/cutesdr-1.20/gui/meter.h Examining data/cutesdr-1.20/gui/noiseprocdlg.cpp Examining data/cutesdr-1.20/gui/noiseprocdlg.h Examining data/cutesdr-1.20/gui/plotter.cpp Examining data/cutesdr-1.20/gui/plotter.h Examining data/cutesdr-1.20/gui/rdsdecode.cpp Examining data/cutesdr-1.20/gui/rdsdecode.h Examining data/cutesdr-1.20/gui/recordsetupdlg.cpp Examining data/cutesdr-1.20/gui/recordsetupdlg.h Examining data/cutesdr-1.20/gui/sdrdiscoverdlg.cpp Examining data/cutesdr-1.20/gui/sdrdiscoverdlg.h Examining data/cutesdr-1.20/gui/sdrsetupdlg.cpp Examining data/cutesdr-1.20/gui/sdrsetupdlg.h Examining data/cutesdr-1.20/gui/sliderctrl.cpp Examining data/cutesdr-1.20/gui/sliderctrl.h Examining data/cutesdr-1.20/gui/sounddlg.cpp Examining data/cutesdr-1.20/gui/sounddlg.h Examining data/cutesdr-1.20/gui/testbench.cpp Examining data/cutesdr-1.20/gui/testbench.h Examining data/cutesdr-1.20/gui/freqctrl.cpp Examining data/cutesdr-1.20/gui/ipeditwidget.h Examining data/cutesdr-1.20/gui/filetxdlg.cpp Examining data/cutesdr-1.20/gui/filetxdlg.h Examining data/cutesdr-1.20/gui/mainwindow.cpp Examining data/cutesdr-1.20/gui/mainwindow.h Examining data/cutesdr-1.20/interface/ad6620.cpp Examining data/cutesdr-1.20/interface/ad6620.h Examining data/cutesdr-1.20/interface/dataprocess.h Examining data/cutesdr-1.20/interface/perform.cpp Examining data/cutesdr-1.20/interface/perform.h Examining data/cutesdr-1.20/interface/soundout.cpp Examining data/cutesdr-1.20/interface/soundout.h Examining data/cutesdr-1.20/interface/threadwrapper.h Examining data/cutesdr-1.20/interface/wavefilewriter.cpp Examining data/cutesdr-1.20/interface/wavefilewriter.h Examining data/cutesdr-1.20/interface/ascpmsg.h Examining data/cutesdr-1.20/interface/dataprocess.cpp Examining data/cutesdr-1.20/interface/protocoldefs.h Examining data/cutesdr-1.20/interface/sdrinterface.cpp Examining data/cutesdr-1.20/interface/sdrinterface.h Examining data/cutesdr-1.20/interface/netiobase.cpp Examining data/cutesdr-1.20/interface/netiobase.h Examining data/cutesdr-1.20/interface/wavefilereader.cpp Examining data/cutesdr-1.20/interface/wavefilereader.h Examining data/cutesdr-1.20/siqs/logger.h Examining data/cutesdr-1.20/siqs/logger.cpp Examining data/cutesdr-1.20/siqs/netsupport.h Examining data/cutesdr-1.20/siqs/siqs_serial.cpp Examining data/cutesdr-1.20/siqs/minithread.h Examining data/cutesdr-1.20/siqs/siqs_ftdi.cpp Examining data/cutesdr-1.20/siqs/discover.cpp Examining data/cutesdr-1.20/siqs/discover.h FINAL RESULTS: data/cutesdr-1.20/dsp/fskdemod.cpp:548:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. m_Str1.sprintf("*** Valid Msg "); data/cutesdr-1.20/dsp/fskdemod.cpp:551:24: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. m_Str1 += m_Str2.sprintf("% d",m_RxBuf[i]); data/cutesdr-1.20/dsp/fskdemod.cpp:565:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. m_Str1.sprintf("??? Got Bad Msg Cnt=%d",rxphzcnt); data/cutesdr-1.20/gui/rdsdecode.cpp:83:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( m_RDSText, m_PTYText ); data/cutesdr-1.20/gui/rdsdecode.cpp:84:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( m_RDSText, m_RTextOut ); data/cutesdr-1.20/gui/rdsdecode.cpp:87:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Str,m_RDSText); data/cutesdr-1.20/gui/rdsdecode.cpp:103:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Str,m_RBDSCallSign); data/cutesdr-1.20/gui/rdsdecode.cpp:156:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(m_PTYText, PTYPETABLERBDS[m_PrgType] ); data/cutesdr-1.20/gui/rdsdecode.cpp:158:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(m_PTYText, PTYPETABLERDS[m_PrgType] ); data/cutesdr-1.20/gui/rdsdecode.cpp:187:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(m_RTextOut,m_RText); data/cutesdr-1.20/gui/rdsdecode.cpp:232:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(m_RTextOut,m_RText); data/cutesdr-1.20/gui/rdsdecode.cpp:260:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(m_PSTextOut,m_PSText); data/cutesdr-1.20/interface/wavefilereader.cpp:156:17: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. m_FileInfoStr.sprintf("%d Samples of %s Data\nSampleRate = %d Bits/Sample= %d", m_NumSamples, Tbuf, (int)m_FmtSubChunk.sampleRate, (int)m_FmtSubChunk.bitsPerSample ); data/cutesdr-1.20/siqs/discover.cpp:147:18: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( pa->name, hostname); //fill in name string field data/cutesdr-1.20/siqs/siqs_ftdi.cpp:623:11: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "hi:d:", data/cutesdr-1.20/dsp/fastfir.cpp:242:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(File.open(QIODevice::WriteOnly)) data/cutesdr-1.20/dsp/fastfir.cpp:245:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buf[256]; data/cutesdr-1.20/dsp/fastfir.cpp:248:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( Buf, "%19.12g %19.12g\r\n", (TYPEREAL)CONV_FFT_SIZE*m_pFilterCoef[i].re, (TYPEREAL)CONV_FFT_SIZE*m_pFilterCoef[i].im); data/cutesdr-1.20/dsp/fir.cpp:318:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(File.open(QIODevice::WriteOnly)) data/cutesdr-1.20/dsp/fir.cpp:321:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buf[256]; data/cutesdr-1.20/dsp/fir.cpp:324:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( Buf, "%g\r\n", m_Coef[n]); data/cutesdr-1.20/dsp/fir.cpp:431:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(File.open(QIODevice::WriteOnly)) data/cutesdr-1.20/dsp/fir.cpp:434:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buf[256]; data/cutesdr-1.20/dsp/fir.cpp:437:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( Buf, "%g\r\n", m_Coef[n]); data/cutesdr-1.20/dsp/fir.cpp:472:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(File.open(QIODevice::WriteOnly)) data/cutesdr-1.20/dsp/fir.cpp:475:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buf[256]; data/cutesdr-1.20/dsp/fir.cpp:478:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( Buf, "%19.12g %19.12g\r\n", m_ICoef[n], m_QCoef[n]); data/cutesdr-1.20/dsp/fractresampler.cpp:125:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(File.open(QIODevice::WriteOnly)) data/cutesdr-1.20/dsp/fractresampler.cpp:128:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buf[30000]; data/cutesdr-1.20/dsp/fractresampler.cpp:131:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( Buf, "%19.12g\r\n", m_pSinc[i]); data/cutesdr-1.20/dsp/rbdsconstants.h:111:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char csign[4]; data/cutesdr-1.20/dsp/rbdsconstants.h:191:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char PTYPETABLERBDS[32][17] = data/cutesdr-1.20/dsp/rbdsconstants.h:229:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char PTYPETABLERDS[32][20] = data/cutesdr-1.20/dsp/wfmmod.cpp:215:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(File.open(QIODevice::WriteOnly)) data/cutesdr-1.20/dsp/wfmmod.cpp:218:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buf[256]; data/cutesdr-1.20/dsp/wfmmod.cpp:221:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( Buf, "%g\r\n", m_RdsPulseCoef[n]); data/cutesdr-1.20/gui/filetxdlg.cpp:45:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_FileReader.open(m_TxFilePath); data/cutesdr-1.20/gui/filetxdlg.cpp:75:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_FileReader.open(m_TxFilePath); data/cutesdr-1.20/gui/filetxdlg.cpp:134:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(m_FileReader.open(m_TxFilePath) ) data/cutesdr-1.20/gui/filetxdlg.cpp:366:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(m_FileReader.open(m_TxFilePath) ) data/cutesdr-1.20/gui/filetxdlg.cpp:368:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( !FileWriter.open( "d:\\testwr.wav",true, m_FileReader.GetSampleRate(), true, 0) ) data/cutesdr-1.20/gui/plotter.h:49:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_RdsCall[MAX_TXT]; data/cutesdr-1.20/gui/plotter.h:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_RdsText[MAX_TXT]; data/cutesdr-1.20/gui/rdsdecode.cpp:328:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(m_RBDSCallSign,"%4.4X",PIcode); data/cutesdr-1.20/gui/rdsdecode.h:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_PTYText[MAX_TEXT]; data/cutesdr-1.20/gui/rdsdecode.h:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_RDSText[MAX_TEXT]; data/cutesdr-1.20/gui/rdsdecode.h:44:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_RTextOut[MAX_TEXT]; data/cutesdr-1.20/gui/rdsdecode.h:45:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_RText[MAX_TEXT]; data/cutesdr-1.20/gui/rdsdecode.h:46:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_PSTextOut[MAX_TEXT]; data/cutesdr-1.20/gui/rdsdecode.h:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_PSText[MAX_TEXT]; data/cutesdr-1.20/gui/rdsdecode.h:48:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_RBDSCallSign[MAX_TEXT]; data/cutesdr-1.20/gui/sdrdiscoverdlg.cpp:168:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buf[2048]; //buffer to hold received UDP packet data/cutesdr-1.20/gui/sdrdiscoverdlg.cpp:178:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void*)&tmpmsg, (void*)Buf, length ); //get tmp copy of new message data/cutesdr-1.20/gui/sdrdiscoverdlg.cpp:190:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void*)&m_DiscovermsgCommon[index], (void*)Buf, length ); data/cutesdr-1.20/gui/sdrdiscoverdlg.cpp:197:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void*)&m_DiscovermsgNetSDR[index], (void*)Buf, sizeof(tDiscover_NETSDR) ); data/cutesdr-1.20/gui/sdrdiscoverdlg.cpp:204:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void*)&m_DiscovermsgCloudSDR[index], (void*)Buf, sizeof(tDiscover_CLOUDSDR) ); data/cutesdr-1.20/gui/sdrdiscoverdlg.cpp:210:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void*)&m_DiscovermsgSDRxx[index], (void*)Buf, sizeof(tDiscover_SDRxx) ); data/cutesdr-1.20/gui/sdrdiscoverdlg.h:23:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char length[2]; //length of total message in bytes (little endian byte order) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:24:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char key[2]; //fixed key key[0]==0x5A key[1]==0xA5 data/cutesdr-1.20/gui/sdrdiscoverdlg.h:26:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[16]; //Device name string null terminated data/cutesdr-1.20/gui/sdrdiscoverdlg.h:27:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sn[16]; //Serial number string null terminated data/cutesdr-1.20/gui/sdrdiscoverdlg.h:28:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ipaddr[16]; //device IP address (little endian byte order) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:29:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char port[2]; //device Port number (little endian byte order) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:35:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char length[2]; //length of total message in bytes (little endian byte order) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:36:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char key[2]; //fixed key key[0]==0x5A key[1]==0xA5 data/cutesdr-1.20/gui/sdrdiscoverdlg.h:38:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[16]; //Device name string null terminated data/cutesdr-1.20/gui/sdrdiscoverdlg.h:39:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sn[16]; //Serial number string null terminated data/cutesdr-1.20/gui/sdrdiscoverdlg.h:40:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ipaddr[16]; //device IP address (little endian byte order) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:41:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char port[2]; //device Port number (little endian byte order) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:44:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char macaddr[6]; //HW mac address (little endian byte order) (read only) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:45:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hwver[2]; //Hardware version*100 (little endian byte order) (read only) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:46:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char fwver[2]; //Firmware version*100 (little endian byte order)(read only) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:47:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char btver[2]; //Boot version*100 (little endian byte order) (read only) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:52:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char subnet[4]; //IP subnet mask (little endian byte order) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:53:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char gwaddr[4]; //gateway address (little endian byte order) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:54:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dataipaddr[4];// Alternate data IP address for UDP data (little endian byte order) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:55:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dataport[2]; // Alternate data Port address for UDP (little endian byte order) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:58:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char future[15]; //future use data/cutesdr-1.20/gui/sdrdiscoverdlg.h:63:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char length[2]; //length of total message in bytes (little endian byte order) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:64:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char key[2]; //fixed key key[0]==0x5A key[1]==0xA5 data/cutesdr-1.20/gui/sdrdiscoverdlg.h:66:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[16]; //Device name string null terminated data/cutesdr-1.20/gui/sdrdiscoverdlg.h:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sn[16]; //Serial number string null terminated data/cutesdr-1.20/gui/sdrdiscoverdlg.h:68:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ipaddr[16]; //device IP address (little endian byte order) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:69:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char port[2]; //device Port number (little endian byte order) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:72:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char fwver[2]; //Firmware version*100 (little endian byte order)(read only) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:73:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char btver[2]; //Boot version*100 (little endian byte order) (read only) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:74:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char subnet[4]; //IP subnet mask (little endian byte order) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:75:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char gwaddr[4]; //gateway address (little endian byte order) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:76:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char connection[32]; //interface connection string null terminated(ex: COM3, DEVTTY5, etc) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:78:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char future[15]; //future use data/cutesdr-1.20/gui/sdrdiscoverdlg.h:83:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char length[2]; //length of total message in bytes (little endian byte order) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:84:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char key[2]; //fixed key key[0]==0x5A key[1]==0xA5 data/cutesdr-1.20/gui/sdrdiscoverdlg.h:86:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[16]; //Device name string null terminated data/cutesdr-1.20/gui/sdrdiscoverdlg.h:87:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sn[16]; //Serial number string null terminated data/cutesdr-1.20/gui/sdrdiscoverdlg.h:88:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ipaddr[16]; //device IP address (little endian byte order) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:89:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char port[2]; //device Port number (little endian byte order) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:92:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char macaddr[6]; //HW mac address (little endian byte order) (read only) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:93:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hwver[2]; //Hardware version*100 (little endian byte order) (read only) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:94:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char fwver[2]; //Firmware version*100 (little endian byte order)(read only) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:95:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char btver[2]; //Boot version*100 (little endian byte order) (read only) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:100:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char subnet[4]; //IP subnet mask (little endian byte order) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:101:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char gwaddr[4]; //gateway address (little endian byte order) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:102:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dataipaddr[4];// Alternate data IP address for UDP data (little endian byte order) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:103:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dataport[2]; // Alternate data Port address for UDP (little endian byte order) data/cutesdr-1.20/gui/sdrdiscoverdlg.h:106:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serverdescr[151]; //up to 150 character NULL terminated server description string data/cutesdr-1.20/gui/sdrdiscoverdlg.h:107:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serverdescrurl[151]; //up to 150 character NULL terminated server description URL string data/cutesdr-1.20/gui/sdrdiscoverdlg.h:108:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serverdomain[81]; //up to 80 character NULL terminated optional server domain string data/cutesdr-1.20/gui/sdrdiscoverdlg.h:109:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char listdomain[81]; //up to 80 character NULL terminated list server domain string data/cutesdr-1.20/gui/sdrdiscoverdlg.h:110:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char listscript[81]; //up to 80 character NULL terminated list server path/script string data/cutesdr-1.20/gui/sdrdiscoverdlg.h:111:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rxpw[17]; //up to 16 character NULL terminated Rx Password string data/cutesdr-1.20/gui/sdrdiscoverdlg.h:112:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txpw[17]; //up to 16 character NULL terminated Tx Password string data/cutesdr-1.20/gui/sdrdiscoverdlg.h:113:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gpslat[33]; //up to 32 character NULL terminated Latitude string data/cutesdr-1.20/gui/sdrdiscoverdlg.h:114:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gpslon[33]; //up to 32 character NULL terminated Longitude string data/cutesdr-1.20/gui/sdrdiscoverdlg.h:117:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char antselrangemin[4]; //RF port 2 range min== 3,2,1,0 data/cutesdr-1.20/gui/sdrdiscoverdlg.h:118:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char antselrangemax[4]; //RF port 2 range max== 3,2,1,0 data/cutesdr-1.20/gui/sdrdiscoverdlg.h:119:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char future[119]; //future use data/cutesdr-1.20/gui/testbench.cpp:153:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(m_File.open(QIODevice::ReadOnly)) data/cutesdr-1.20/gui/testbench.cpp:461:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16384]; data/cutesdr-1.20/interface/netiobase.cpp:137:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pBuf[20000]; data/cutesdr-1.20/interface/sdrinterface.cpp:227:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(m_pWaveFileWriter->open(Filename, true, m_SampleRate, m_24BitData, CenterFreq) ) data/cutesdr-1.20/interface/sdrinterface.cpp:236:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(m_pWaveFileWriter->open(Filename, m_StereoOut, 48000, false, CenterFreq) ) data/cutesdr-1.20/interface/soundout.h:100:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_pData[SOUND_WRITEBUFSIZE]; data/cutesdr-1.20/interface/wavefilereader.cpp:48:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[4]; data/cutesdr-1.20/interface/wavefilereader.cpp:55:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[4]; // "WAVE" data/cutesdr-1.20/interface/wavefilereader.cpp:83:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool CWaveFileReader::open(const QString &fileName) data/cutesdr-1.20/interface/wavefilereader.cpp:89:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return QFile::open(QIODevice::ReadOnly) && readHeader(); data/cutesdr-1.20/interface/wavefilereader.cpp:124:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(reinterpret_cast<char *>(&m_FmtSubChunk), &m_HeaderBuffer[Start],Length); data/cutesdr-1.20/interface/wavefilereader.cpp:128:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(reinterpret_cast<char *>(&m_AuxiSubChunk), &m_HeaderBuffer[Start],Length); data/cutesdr-1.20/interface/wavefilereader.cpp:147:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Tbuf[256]; data/cutesdr-1.20/interface/wavefilereader.cpp:150:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(Tbuf, "Complex"); data/cutesdr-1.20/interface/wavefilereader.cpp:154:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(Tbuf, "Real"); data/cutesdr-1.20/interface/wavefilereader.h:48:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). using QFile::open; data/cutesdr-1.20/interface/wavefilereader.h:49:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(const QString &fileName); data/cutesdr-1.20/interface/wavefilewriter.cpp:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[4]; data/cutesdr-1.20/interface/wavefilewriter.cpp:60:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[4]; // "WAVE" data/cutesdr-1.20/interface/wavefilewriter.cpp:127:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool CWaveFileWriter::open( QString fileName, bool complex, int Rate, bool Data24Bit, qint64 CenterFreq) data/cutesdr-1.20/interface/wavefilewriter.cpp:148:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!m_File.open(QIODevice::WriteOnly)) data/cutesdr-1.20/interface/wavefilewriter.cpp:208:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header.riff.descriptor.id, "RIFF", 4); data/cutesdr-1.20/interface/wavefilewriter.cpp:212:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header.riff.type, "WAVE", 4); data/cutesdr-1.20/interface/wavefilewriter.cpp:213:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header.wave.descriptor.id, "fmt ", 4); data/cutesdr-1.20/interface/wavefilewriter.cpp:224:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header.auxi.descriptor.id, "auxi", 4); data/cutesdr-1.20/interface/wavefilewriter.cpp:240:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header.data.descriptor.id,"data", 4); data/cutesdr-1.20/interface/wavefilewriter.h:64:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open( QString fileName, bool complex, int Rate, bool Data24Bit, qint64 CenterFreq); data/cutesdr-1.20/siqs/discover.cpp:81:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip[INET_ADDRSTRLEN]; data/cutesdr-1.20/siqs/discover.cpp:103:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf [10240]; data/cutesdr-1.20/siqs/discover.cpp:143:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&emsg, p, sizeof(*p)); data/cutesdr-1.20/siqs/discover.cpp:148:18: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( pa->sn, "NOT IMPLEMENTED"); //fill in Serial Number string field data/cutesdr-1.20/siqs/discover.h:42:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char length[2]; //length of total message in bytes (little endian byte order) data/cutesdr-1.20/siqs/discover.h:43:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char key[2]; //fixed key key[0]==0x5A key[1]==0xA5 data/cutesdr-1.20/siqs/discover.h:45:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[16]; //Device name string null terminated data/cutesdr-1.20/siqs/discover.h:46:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sn[16]; //Serial number string null terminated data/cutesdr-1.20/siqs/discover.h:47:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ipaddr[16]; //device IP address (little endian byte order) data/cutesdr-1.20/siqs/discover.h:48:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char port[2]; //device Port number (little endian byte order) data/cutesdr-1.20/siqs/discover.h:58:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char fwver[2]; //Firmware version*100 (little endian byte order)(read only) data/cutesdr-1.20/siqs/discover.h:59:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char btver[2]; //Boot version*100 (little endian byte order) (read only) data/cutesdr-1.20/siqs/discover.h:60:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char subnet[4]; //IP subnet mask (little endian byte order) data/cutesdr-1.20/siqs/discover.h:61:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char gwaddr[4]; //gateway address (little endian byte order) data/cutesdr-1.20/siqs/discover.h:62:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char connection[32]; //interface connection string null terminated(ex: COM3, DEVTTY5, etc) data/cutesdr-1.20/siqs/discover.h:64:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char future[15]; //future use data/cutesdr-1.20/siqs/discover.h:106:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname [16]; data/cutesdr-1.20/siqs/logger.cpp:89:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out_.open(logFile_.c_str(), std::ios::app); data/cutesdr-1.20/siqs/siqs_ftdi.cpp:144:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ascpMsg[10240]; data/cutesdr-1.20/siqs/siqs_ftdi.cpp:227:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dataMsg [10240]; data/cutesdr-1.20/siqs/siqs_ftdi.cpp:234:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dataMsg[4], (msg+i), 1024); data/cutesdr-1.20/siqs/siqs_ftdi.cpp:334:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf [64]; data/cutesdr-1.20/siqs/siqs_ftdi.cpp:379:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ascpMsg[10240]; data/cutesdr-1.20/siqs/siqs_ftdi.cpp:510:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[1024]; data/cutesdr-1.20/siqs/siqs_ftdi.cpp:547:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char manufacturer[128], description[128]; data/cutesdr-1.20/siqs/siqs_ftdi.cpp:632:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). debug_level = atoi(optarg); data/cutesdr-1.20/siqs/siqs_serial.cpp:106:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sdriq_fd = open(name.c_str(), O_RDWR | O_NOCTTY); data/cutesdr-1.20/siqs/siqs_serial.cpp:135:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sdriq_fd = open(name.c_str(), O_RDWR | O_NONBLOCK); data/cutesdr-1.20/siqs/siqs_serial.cpp:329:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ascpMsg[10240]; data/cutesdr-1.20/siqs/siqs_serial.cpp:413:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dataMsg [10240]; data/cutesdr-1.20/siqs/siqs_serial.cpp:420:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dataMsg[4], (msg+i), 1024); data/cutesdr-1.20/siqs/siqs_serial.cpp:524:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf [64]; data/cutesdr-1.20/siqs/siqs_serial.cpp:571:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ascpMsg[10240]; data/cutesdr-1.20/siqs/siqs_serial.cpp:704:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[1024]; data/cutesdr-1.20/gui/testbench.cpp:471:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(m_File.read(buf,6*length)<=0) data/cutesdr-1.20/gui/testbench.cpp:489:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(m_File.read(buf,4*length)<=0) data/cutesdr-1.20/interface/netiobase.cpp:284:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_pTcpClient->read((char*)pBuf, n); data/cutesdr-1.20/interface/wavefilereader.cpp:104:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool result = read(reinterpret_cast<char *>(&riffheader), sizeof(RIFFHeader)) == sizeof(RIFFHeader); data/cutesdr-1.20/interface/wavefilereader.cpp:118:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). qint64 bytesread = read((char*)m_HeaderBuffer, MAX_HEADER); data/cutesdr-1.20/interface/wavefilereader.cpp:233:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). qint64 bytesread = read((char*)m_DataBuffer, ByteLength); data/cutesdr-1.20/interface/wavefilereader.cpp:260:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). qint64 bytesread = read((char*)m_DataBuffer, ByteLength); data/cutesdr-1.20/siqs/discover.cpp:111:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int rc = read (sock, buf, sizeof(buf)); data/cutesdr-1.20/siqs/discover.cpp:127:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(p->name)) { data/cutesdr-1.20/siqs/discover.cpp:130:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(p->sn)) { data/cutesdr-1.20/siqs/siqs_ftdi.cpp:512:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nr = read (sock, buf, sizeof(buf)); data/cutesdr-1.20/siqs/siqs_ftdi.cpp:691:20: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((ch = getc(stdin)) != EOF) { data/cutesdr-1.20/siqs/siqs_serial.cpp:129:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((nr = read(sdriq_fd, &ch, sizeof(ch))) > 0) { data/cutesdr-1.20/siqs/siqs_serial.cpp:531:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int len = read (usb_fd, buf, sizeof(buf)); data/cutesdr-1.20/siqs/siqs_serial.cpp:706:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nr = read (sock, buf, sizeof(buf)); data/cutesdr-1.20/siqs/siqs_serial.cpp:762:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((ch = getc(stdin)) != EOF) { ANALYSIS SUMMARY: Hits = 193 Lines analyzed = 27142 in approximately 1.06 seconds (25542 lines/second) Physical Source Lines of Code (SLOC) = 18902 Hits@level = [0] 62 [1] 16 [2] 162 [3] 1 [4] 14 [5] 0 Hits@level+ = [0+] 255 [1+] 193 [2+] 177 [3+] 15 [4+] 14 [5+] 0 Hits/KSLOC@level+ = [0+] 13.4906 [1+] 10.2106 [2+] 9.36409 [3+] 0.793567 [4+] 0.740662 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.