Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cutesdr-1.20/dsp/agc.cpp
Examining data/cutesdr-1.20/dsp/agc.h
Examining data/cutesdr-1.20/dsp/amdemod.cpp
Examining data/cutesdr-1.20/dsp/amdemod.h
Examining data/cutesdr-1.20/dsp/demodulator.cpp
Examining data/cutesdr-1.20/dsp/demodulator.h
Examining data/cutesdr-1.20/dsp/downconvert.cpp
Examining data/cutesdr-1.20/dsp/downconvert.h
Examining data/cutesdr-1.20/dsp/fastfir.cpp
Examining data/cutesdr-1.20/dsp/fastfir.h
Examining data/cutesdr-1.20/dsp/fft.h
Examining data/cutesdr-1.20/dsp/filtercoef.h
Examining data/cutesdr-1.20/dsp/fir.cpp
Examining data/cutesdr-1.20/dsp/fir.h
Examining data/cutesdr-1.20/dsp/fircoef.h
Examining data/cutesdr-1.20/dsp/fmdemod.cpp
Examining data/cutesdr-1.20/dsp/fmdemod.h
Examining data/cutesdr-1.20/dsp/fractresampler.cpp
Examining data/cutesdr-1.20/dsp/fractresampler.h
Examining data/cutesdr-1.20/dsp/fskdemod.cpp
Examining data/cutesdr-1.20/dsp/fskdemod.h
Examining data/cutesdr-1.20/dsp/fskmod.cpp
Examining data/cutesdr-1.20/dsp/fskmod.h
Examining data/cutesdr-1.20/dsp/iir.cpp
Examining data/cutesdr-1.20/dsp/iir.h
Examining data/cutesdr-1.20/dsp/noiseproc.cpp
Examining data/cutesdr-1.20/dsp/noiseproc.h
Examining data/cutesdr-1.20/dsp/pskdemod.cpp
Examining data/cutesdr-1.20/dsp/pskdemod.h
Examining data/cutesdr-1.20/dsp/pskmod.cpp
Examining data/cutesdr-1.20/dsp/pskmod.h
Examining data/cutesdr-1.20/dsp/psktables.h
Examining data/cutesdr-1.20/dsp/rbdsconstants.h
Examining data/cutesdr-1.20/dsp/samdemod.cpp
Examining data/cutesdr-1.20/dsp/samdemod.h
Examining data/cutesdr-1.20/dsp/smeter.cpp
Examining data/cutesdr-1.20/dsp/smeter.h
Examining data/cutesdr-1.20/dsp/ssbdemod.cpp
Examining data/cutesdr-1.20/dsp/ssbdemod.h
Examining data/cutesdr-1.20/dsp/wfmdemod.cpp
Examining data/cutesdr-1.20/dsp/wfmdemod.h
Examining data/cutesdr-1.20/dsp/wfmmod.cpp
Examining data/cutesdr-1.20/dsp/wfmmod.h
Examining data/cutesdr-1.20/dsp/datatypes.h
Examining data/cutesdr-1.20/dsp/fft.cpp
Examining data/cutesdr-1.20/dsp/datamodifier.cpp
Examining data/cutesdr-1.20/dsp/datamodifier.h
Examining data/cutesdr-1.20/gui/aboutdlg.cpp
Examining data/cutesdr-1.20/gui/aboutdlg.h
Examining data/cutesdr-1.20/gui/chatdialog.cpp
Examining data/cutesdr-1.20/gui/chatdialog.h
Examining data/cutesdr-1.20/gui/demodsetupdlg.cpp
Examining data/cutesdr-1.20/gui/demodsetupdlg.h
Examining data/cutesdr-1.20/gui/displaydlg.cpp
Examining data/cutesdr-1.20/gui/displaydlg.h
Examining data/cutesdr-1.20/gui/editnetdlg.cpp
Examining data/cutesdr-1.20/gui/editnetdlg.h
Examining data/cutesdr-1.20/gui/freqctrl.h
Examining data/cutesdr-1.20/gui/ipeditwidget.cpp
Examining data/cutesdr-1.20/gui/main.cpp
Examining data/cutesdr-1.20/gui/meter.cpp
Examining data/cutesdr-1.20/gui/meter.h
Examining data/cutesdr-1.20/gui/noiseprocdlg.cpp
Examining data/cutesdr-1.20/gui/noiseprocdlg.h
Examining data/cutesdr-1.20/gui/plotter.cpp
Examining data/cutesdr-1.20/gui/plotter.h
Examining data/cutesdr-1.20/gui/rdsdecode.cpp
Examining data/cutesdr-1.20/gui/rdsdecode.h
Examining data/cutesdr-1.20/gui/recordsetupdlg.cpp
Examining data/cutesdr-1.20/gui/recordsetupdlg.h
Examining data/cutesdr-1.20/gui/sdrdiscoverdlg.cpp
Examining data/cutesdr-1.20/gui/sdrdiscoverdlg.h
Examining data/cutesdr-1.20/gui/sdrsetupdlg.cpp
Examining data/cutesdr-1.20/gui/sdrsetupdlg.h
Examining data/cutesdr-1.20/gui/sliderctrl.cpp
Examining data/cutesdr-1.20/gui/sliderctrl.h
Examining data/cutesdr-1.20/gui/sounddlg.cpp
Examining data/cutesdr-1.20/gui/sounddlg.h
Examining data/cutesdr-1.20/gui/testbench.cpp
Examining data/cutesdr-1.20/gui/testbench.h
Examining data/cutesdr-1.20/gui/freqctrl.cpp
Examining data/cutesdr-1.20/gui/ipeditwidget.h
Examining data/cutesdr-1.20/gui/filetxdlg.cpp
Examining data/cutesdr-1.20/gui/filetxdlg.h
Examining data/cutesdr-1.20/gui/mainwindow.cpp
Examining data/cutesdr-1.20/gui/mainwindow.h
Examining data/cutesdr-1.20/interface/ad6620.cpp
Examining data/cutesdr-1.20/interface/ad6620.h
Examining data/cutesdr-1.20/interface/dataprocess.h
Examining data/cutesdr-1.20/interface/perform.cpp
Examining data/cutesdr-1.20/interface/perform.h
Examining data/cutesdr-1.20/interface/soundout.cpp
Examining data/cutesdr-1.20/interface/soundout.h
Examining data/cutesdr-1.20/interface/threadwrapper.h
Examining data/cutesdr-1.20/interface/wavefilewriter.cpp
Examining data/cutesdr-1.20/interface/wavefilewriter.h
Examining data/cutesdr-1.20/interface/ascpmsg.h
Examining data/cutesdr-1.20/interface/dataprocess.cpp
Examining data/cutesdr-1.20/interface/protocoldefs.h
Examining data/cutesdr-1.20/interface/sdrinterface.cpp
Examining data/cutesdr-1.20/interface/sdrinterface.h
Examining data/cutesdr-1.20/interface/netiobase.cpp
Examining data/cutesdr-1.20/interface/netiobase.h
Examining data/cutesdr-1.20/interface/wavefilereader.cpp
Examining data/cutesdr-1.20/interface/wavefilereader.h
Examining data/cutesdr-1.20/siqs/logger.h
Examining data/cutesdr-1.20/siqs/logger.cpp
Examining data/cutesdr-1.20/siqs/netsupport.h
Examining data/cutesdr-1.20/siqs/siqs_serial.cpp
Examining data/cutesdr-1.20/siqs/minithread.h
Examining data/cutesdr-1.20/siqs/siqs_ftdi.cpp
Examining data/cutesdr-1.20/siqs/discover.cpp
Examining data/cutesdr-1.20/siqs/discover.h
FINAL RESULTS:
data/cutesdr-1.20/dsp/fskdemod.cpp:548:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
m_Str1.sprintf("*** Valid Msg ");
data/cutesdr-1.20/dsp/fskdemod.cpp:551:24: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
m_Str1 += m_Str2.sprintf("% d",m_RxBuf[i]);
data/cutesdr-1.20/dsp/fskdemod.cpp:565:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
m_Str1.sprintf("??? Got Bad Msg Cnt=%d",rxphzcnt);
data/cutesdr-1.20/gui/rdsdecode.cpp:83:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( m_RDSText, m_PTYText );
data/cutesdr-1.20/gui/rdsdecode.cpp:84:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( m_RDSText, m_RTextOut );
data/cutesdr-1.20/gui/rdsdecode.cpp:87:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Str,m_RDSText);
data/cutesdr-1.20/gui/rdsdecode.cpp:103:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Str,m_RBDSCallSign);
data/cutesdr-1.20/gui/rdsdecode.cpp:156:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_PTYText, PTYPETABLERBDS[m_PrgType] );
data/cutesdr-1.20/gui/rdsdecode.cpp:158:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_PTYText, PTYPETABLERDS[m_PrgType] );
data/cutesdr-1.20/gui/rdsdecode.cpp:187:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_RTextOut,m_RText);
data/cutesdr-1.20/gui/rdsdecode.cpp:232:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_RTextOut,m_RText);
data/cutesdr-1.20/gui/rdsdecode.cpp:260:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_PSTextOut,m_PSText);
data/cutesdr-1.20/interface/wavefilereader.cpp:156:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
m_FileInfoStr.sprintf("%d Samples of %s Data\nSampleRate = %d Bits/Sample= %d", m_NumSamples, Tbuf, (int)m_FmtSubChunk.sampleRate, (int)m_FmtSubChunk.bitsPerSample );
data/cutesdr-1.20/siqs/discover.cpp:147:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pa->name, hostname); //fill in name string field
data/cutesdr-1.20/siqs/siqs_ftdi.cpp:623:11: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hi:d:",
data/cutesdr-1.20/dsp/fastfir.cpp:242:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(File.open(QIODevice::WriteOnly))
data/cutesdr-1.20/dsp/fastfir.cpp:245:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Buf[256];
data/cutesdr-1.20/dsp/fastfir.cpp:248:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( Buf, "%19.12g %19.12g\r\n", (TYPEREAL)CONV_FFT_SIZE*m_pFilterCoef[i].re, (TYPEREAL)CONV_FFT_SIZE*m_pFilterCoef[i].im);
data/cutesdr-1.20/dsp/fir.cpp:318:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(File.open(QIODevice::WriteOnly))
data/cutesdr-1.20/dsp/fir.cpp:321:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Buf[256];
data/cutesdr-1.20/dsp/fir.cpp:324:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( Buf, "%g\r\n", m_Coef[n]);
data/cutesdr-1.20/dsp/fir.cpp:431:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(File.open(QIODevice::WriteOnly))
data/cutesdr-1.20/dsp/fir.cpp:434:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Buf[256];
data/cutesdr-1.20/dsp/fir.cpp:437:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( Buf, "%g\r\n", m_Coef[n]);
data/cutesdr-1.20/dsp/fir.cpp:472:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(File.open(QIODevice::WriteOnly))
data/cutesdr-1.20/dsp/fir.cpp:475:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Buf[256];
data/cutesdr-1.20/dsp/fir.cpp:478:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( Buf, "%19.12g %19.12g\r\n", m_ICoef[n], m_QCoef[n]);
data/cutesdr-1.20/dsp/fractresampler.cpp:125:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(File.open(QIODevice::WriteOnly))
data/cutesdr-1.20/dsp/fractresampler.cpp:128:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Buf[30000];
data/cutesdr-1.20/dsp/fractresampler.cpp:131:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( Buf, "%19.12g\r\n", m_pSinc[i]);
data/cutesdr-1.20/dsp/rbdsconstants.h:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char csign[4];
data/cutesdr-1.20/dsp/rbdsconstants.h:191:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char PTYPETABLERBDS[32][17] =
data/cutesdr-1.20/dsp/rbdsconstants.h:229:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char PTYPETABLERDS[32][20] =
data/cutesdr-1.20/dsp/wfmmod.cpp:215:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(File.open(QIODevice::WriteOnly))
data/cutesdr-1.20/dsp/wfmmod.cpp:218:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Buf[256];
data/cutesdr-1.20/dsp/wfmmod.cpp:221:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( Buf, "%g\r\n", m_RdsPulseCoef[n]);
data/cutesdr-1.20/gui/filetxdlg.cpp:45:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_FileReader.open(m_TxFilePath);
data/cutesdr-1.20/gui/filetxdlg.cpp:75:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_FileReader.open(m_TxFilePath);
data/cutesdr-1.20/gui/filetxdlg.cpp:134:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(m_FileReader.open(m_TxFilePath) )
data/cutesdr-1.20/gui/filetxdlg.cpp:366:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(m_FileReader.open(m_TxFilePath) )
data/cutesdr-1.20/gui/filetxdlg.cpp:368:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !FileWriter.open( "d:\\testwr.wav",true, m_FileReader.GetSampleRate(), true, 0) )
data/cutesdr-1.20/gui/plotter.h:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_RdsCall[MAX_TXT];
data/cutesdr-1.20/gui/plotter.h:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_RdsText[MAX_TXT];
data/cutesdr-1.20/gui/rdsdecode.cpp:328:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(m_RBDSCallSign,"%4.4X",PIcode);
data/cutesdr-1.20/gui/rdsdecode.h:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_PTYText[MAX_TEXT];
data/cutesdr-1.20/gui/rdsdecode.h:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_RDSText[MAX_TEXT];
data/cutesdr-1.20/gui/rdsdecode.h:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_RTextOut[MAX_TEXT];
data/cutesdr-1.20/gui/rdsdecode.h:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_RText[MAX_TEXT];
data/cutesdr-1.20/gui/rdsdecode.h:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_PSTextOut[MAX_TEXT];
data/cutesdr-1.20/gui/rdsdecode.h:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_PSText[MAX_TEXT];
data/cutesdr-1.20/gui/rdsdecode.h:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_RBDSCallSign[MAX_TEXT];
data/cutesdr-1.20/gui/sdrdiscoverdlg.cpp:168:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Buf[2048]; //buffer to hold received UDP packet
data/cutesdr-1.20/gui/sdrdiscoverdlg.cpp:178:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)&tmpmsg, (void*)Buf, length ); //get tmp copy of new message
data/cutesdr-1.20/gui/sdrdiscoverdlg.cpp:190:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)&m_DiscovermsgCommon[index], (void*)Buf, length );
data/cutesdr-1.20/gui/sdrdiscoverdlg.cpp:197:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)&m_DiscovermsgNetSDR[index], (void*)Buf, sizeof(tDiscover_NETSDR) );
data/cutesdr-1.20/gui/sdrdiscoverdlg.cpp:204:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)&m_DiscovermsgCloudSDR[index], (void*)Buf, sizeof(tDiscover_CLOUDSDR) );
data/cutesdr-1.20/gui/sdrdiscoverdlg.cpp:210:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)&m_DiscovermsgSDRxx[index], (void*)Buf, sizeof(tDiscover_SDRxx) );
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:23:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char length[2]; //length of total message in bytes (little endian byte order)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:24:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[2]; //fixed key key[0]==0x5A key[1]==0xA5
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16]; //Device name string null terminated
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sn[16]; //Serial number string null terminated
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:28:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipaddr[16]; //device IP address (little endian byte order)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:29:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char port[2]; //device Port number (little endian byte order)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:35:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char length[2]; //length of total message in bytes (little endian byte order)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:36:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[2]; //fixed key key[0]==0x5A key[1]==0xA5
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16]; //Device name string null terminated
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sn[16]; //Serial number string null terminated
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:40:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipaddr[16]; //device IP address (little endian byte order)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:41:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char port[2]; //device Port number (little endian byte order)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:44:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char macaddr[6]; //HW mac address (little endian byte order) (read only)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:45:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hwver[2]; //Hardware version*100 (little endian byte order) (read only)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:46:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fwver[2]; //Firmware version*100 (little endian byte order)(read only)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:47:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char btver[2]; //Boot version*100 (little endian byte order) (read only)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:52:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char subnet[4]; //IP subnet mask (little endian byte order)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:53:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gwaddr[4]; //gateway address (little endian byte order)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:54:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dataipaddr[4];// Alternate data IP address for UDP data (little endian byte order)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:55:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dataport[2]; // Alternate data Port address for UDP (little endian byte order)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:58:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char future[15]; //future use
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:63:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char length[2]; //length of total message in bytes (little endian byte order)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:64:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[2]; //fixed key key[0]==0x5A key[1]==0xA5
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16]; //Device name string null terminated
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sn[16]; //Serial number string null terminated
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:68:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipaddr[16]; //device IP address (little endian byte order)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:69:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char port[2]; //device Port number (little endian byte order)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:72:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fwver[2]; //Firmware version*100 (little endian byte order)(read only)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:73:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char btver[2]; //Boot version*100 (little endian byte order) (read only)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:74:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char subnet[4]; //IP subnet mask (little endian byte order)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:75:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gwaddr[4]; //gateway address (little endian byte order)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char connection[32]; //interface connection string null terminated(ex: COM3, DEVTTY5, etc)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:78:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char future[15]; //future use
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:83:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char length[2]; //length of total message in bytes (little endian byte order)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:84:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[2]; //fixed key key[0]==0x5A key[1]==0xA5
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16]; //Device name string null terminated
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sn[16]; //Serial number string null terminated
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:88:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipaddr[16]; //device IP address (little endian byte order)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:89:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char port[2]; //device Port number (little endian byte order)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:92:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char macaddr[6]; //HW mac address (little endian byte order) (read only)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:93:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hwver[2]; //Hardware version*100 (little endian byte order) (read only)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:94:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fwver[2]; //Firmware version*100 (little endian byte order)(read only)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:95:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char btver[2]; //Boot version*100 (little endian byte order) (read only)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:100:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char subnet[4]; //IP subnet mask (little endian byte order)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:101:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gwaddr[4]; //gateway address (little endian byte order)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:102:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dataipaddr[4];// Alternate data IP address for UDP data (little endian byte order)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:103:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dataport[2]; // Alternate data Port address for UDP (little endian byte order)
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serverdescr[151]; //up to 150 character NULL terminated server description string
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serverdescrurl[151]; //up to 150 character NULL terminated server description URL string
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serverdomain[81]; //up to 80 character NULL terminated optional server domain string
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char listdomain[81]; //up to 80 character NULL terminated list server domain string
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char listscript[81]; //up to 80 character NULL terminated list server path/script string
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rxpw[17]; //up to 16 character NULL terminated Rx Password string
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txpw[17]; //up to 16 character NULL terminated Tx Password string
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gpslat[33]; //up to 32 character NULL terminated Latitude string
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gpslon[33]; //up to 32 character NULL terminated Longitude string
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:117:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char antselrangemin[4]; //RF port 2 range min== 3,2,1,0
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:118:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char antselrangemax[4]; //RF port 2 range max== 3,2,1,0
data/cutesdr-1.20/gui/sdrdiscoverdlg.h:119:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char future[119]; //future use
data/cutesdr-1.20/gui/testbench.cpp:153:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(m_File.open(QIODevice::ReadOnly))
data/cutesdr-1.20/gui/testbench.cpp:461:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16384];
data/cutesdr-1.20/interface/netiobase.cpp:137:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pBuf[20000];
data/cutesdr-1.20/interface/sdrinterface.cpp:227:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(m_pWaveFileWriter->open(Filename, true, m_SampleRate, m_24BitData, CenterFreq) )
data/cutesdr-1.20/interface/sdrinterface.cpp:236:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(m_pWaveFileWriter->open(Filename, m_StereoOut, 48000, false, CenterFreq) )
data/cutesdr-1.20/interface/soundout.h:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_pData[SOUND_WRITEBUFSIZE];
data/cutesdr-1.20/interface/wavefilereader.cpp:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[4];
data/cutesdr-1.20/interface/wavefilereader.cpp:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[4]; // "WAVE"
data/cutesdr-1.20/interface/wavefilereader.cpp:83:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool CWaveFileReader::open(const QString &fileName)
data/cutesdr-1.20/interface/wavefilereader.cpp:89:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return QFile::open(QIODevice::ReadOnly) && readHeader();
data/cutesdr-1.20/interface/wavefilereader.cpp:124:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reinterpret_cast<char *>(&m_FmtSubChunk), &m_HeaderBuffer[Start],Length);
data/cutesdr-1.20/interface/wavefilereader.cpp:128:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reinterpret_cast<char *>(&m_AuxiSubChunk), &m_HeaderBuffer[Start],Length);
data/cutesdr-1.20/interface/wavefilereader.cpp:147:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Tbuf[256];
data/cutesdr-1.20/interface/wavefilereader.cpp:150:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Tbuf, "Complex");
data/cutesdr-1.20/interface/wavefilereader.cpp:154:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Tbuf, "Real");
data/cutesdr-1.20/interface/wavefilereader.h:48:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
using QFile::open;
data/cutesdr-1.20/interface/wavefilereader.h:49:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const QString &fileName);
data/cutesdr-1.20/interface/wavefilewriter.cpp:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[4];
data/cutesdr-1.20/interface/wavefilewriter.cpp:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[4]; // "WAVE"
data/cutesdr-1.20/interface/wavefilewriter.cpp:127:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool CWaveFileWriter::open( QString fileName, bool complex, int Rate, bool Data24Bit, qint64 CenterFreq)
data/cutesdr-1.20/interface/wavefilewriter.cpp:148:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!m_File.open(QIODevice::WriteOnly))
data/cutesdr-1.20/interface/wavefilewriter.cpp:208:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header.riff.descriptor.id, "RIFF", 4);
data/cutesdr-1.20/interface/wavefilewriter.cpp:212:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header.riff.type, "WAVE", 4);
data/cutesdr-1.20/interface/wavefilewriter.cpp:213:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header.wave.descriptor.id, "fmt ", 4);
data/cutesdr-1.20/interface/wavefilewriter.cpp:224:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header.auxi.descriptor.id, "auxi", 4);
data/cutesdr-1.20/interface/wavefilewriter.cpp:240:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header.data.descriptor.id,"data", 4);
data/cutesdr-1.20/interface/wavefilewriter.h:64:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open( QString fileName, bool complex, int Rate, bool Data24Bit, qint64 CenterFreq);
data/cutesdr-1.20/siqs/discover.cpp:81:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[INET_ADDRSTRLEN];
data/cutesdr-1.20/siqs/discover.cpp:103:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf [10240];
data/cutesdr-1.20/siqs/discover.cpp:143:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&emsg, p, sizeof(*p));
data/cutesdr-1.20/siqs/discover.cpp:148:18: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( pa->sn, "NOT IMPLEMENTED"); //fill in Serial Number string field
data/cutesdr-1.20/siqs/discover.h:42:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char length[2]; //length of total message in bytes (little endian byte order)
data/cutesdr-1.20/siqs/discover.h:43:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[2]; //fixed key key[0]==0x5A key[1]==0xA5
data/cutesdr-1.20/siqs/discover.h:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16]; //Device name string null terminated
data/cutesdr-1.20/siqs/discover.h:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sn[16]; //Serial number string null terminated
data/cutesdr-1.20/siqs/discover.h:47:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipaddr[16]; //device IP address (little endian byte order)
data/cutesdr-1.20/siqs/discover.h:48:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char port[2]; //device Port number (little endian byte order)
data/cutesdr-1.20/siqs/discover.h:58:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fwver[2]; //Firmware version*100 (little endian byte order)(read only)
data/cutesdr-1.20/siqs/discover.h:59:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char btver[2]; //Boot version*100 (little endian byte order) (read only)
data/cutesdr-1.20/siqs/discover.h:60:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char subnet[4]; //IP subnet mask (little endian byte order)
data/cutesdr-1.20/siqs/discover.h:61:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gwaddr[4]; //gateway address (little endian byte order)
data/cutesdr-1.20/siqs/discover.h:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char connection[32]; //interface connection string null terminated(ex: COM3, DEVTTY5, etc)
data/cutesdr-1.20/siqs/discover.h:64:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char future[15]; //future use
data/cutesdr-1.20/siqs/discover.h:106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname [16];
data/cutesdr-1.20/siqs/logger.cpp:89:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_.open(logFile_.c_str(), std::ios::app);
data/cutesdr-1.20/siqs/siqs_ftdi.cpp:144:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ascpMsg[10240];
data/cutesdr-1.20/siqs/siqs_ftdi.cpp:227:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dataMsg [10240];
data/cutesdr-1.20/siqs/siqs_ftdi.cpp:234:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dataMsg[4], (msg+i), 1024);
data/cutesdr-1.20/siqs/siqs_ftdi.cpp:334:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf [64];
data/cutesdr-1.20/siqs/siqs_ftdi.cpp:379:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ascpMsg[10240];
data/cutesdr-1.20/siqs/siqs_ftdi.cpp:510:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/cutesdr-1.20/siqs/siqs_ftdi.cpp:547:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char manufacturer[128], description[128];
data/cutesdr-1.20/siqs/siqs_ftdi.cpp:632:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_level = atoi(optarg);
data/cutesdr-1.20/siqs/siqs_serial.cpp:106:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sdriq_fd = open(name.c_str(), O_RDWR | O_NOCTTY);
data/cutesdr-1.20/siqs/siqs_serial.cpp:135:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sdriq_fd = open(name.c_str(), O_RDWR | O_NONBLOCK);
data/cutesdr-1.20/siqs/siqs_serial.cpp:329:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ascpMsg[10240];
data/cutesdr-1.20/siqs/siqs_serial.cpp:413:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dataMsg [10240];
data/cutesdr-1.20/siqs/siqs_serial.cpp:420:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dataMsg[4], (msg+i), 1024);
data/cutesdr-1.20/siqs/siqs_serial.cpp:524:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf [64];
data/cutesdr-1.20/siqs/siqs_serial.cpp:571:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ascpMsg[10240];
data/cutesdr-1.20/siqs/siqs_serial.cpp:704:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/cutesdr-1.20/gui/testbench.cpp:471:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(m_File.read(buf,6*length)<=0)
data/cutesdr-1.20/gui/testbench.cpp:489:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(m_File.read(buf,4*length)<=0)
data/cutesdr-1.20/interface/netiobase.cpp:284:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_pTcpClient->read((char*)pBuf, n);
data/cutesdr-1.20/interface/wavefilereader.cpp:104:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool result = read(reinterpret_cast<char *>(&riffheader), sizeof(RIFFHeader)) == sizeof(RIFFHeader);
data/cutesdr-1.20/interface/wavefilereader.cpp:118:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qint64 bytesread = read((char*)m_HeaderBuffer, MAX_HEADER);
data/cutesdr-1.20/interface/wavefilereader.cpp:233:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qint64 bytesread = read((char*)m_DataBuffer, ByteLength);
data/cutesdr-1.20/interface/wavefilereader.cpp:260:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qint64 bytesread = read((char*)m_DataBuffer, ByteLength);
data/cutesdr-1.20/siqs/discover.cpp:111:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int rc = read (sock, buf, sizeof(buf));
data/cutesdr-1.20/siqs/discover.cpp:127:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p->name)) {
data/cutesdr-1.20/siqs/discover.cpp:130:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p->sn)) {
data/cutesdr-1.20/siqs/siqs_ftdi.cpp:512:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nr = read (sock, buf, sizeof(buf));
data/cutesdr-1.20/siqs/siqs_ftdi.cpp:691:20: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((ch = getc(stdin)) != EOF) {
data/cutesdr-1.20/siqs/siqs_serial.cpp:129:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((nr = read(sdriq_fd, &ch, sizeof(ch))) > 0) {
data/cutesdr-1.20/siqs/siqs_serial.cpp:531:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int len = read (usb_fd, buf, sizeof(buf));
data/cutesdr-1.20/siqs/siqs_serial.cpp:706:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nr = read (sock, buf, sizeof(buf));
data/cutesdr-1.20/siqs/siqs_serial.cpp:762:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((ch = getc(stdin)) != EOF) {
ANALYSIS SUMMARY:
Hits = 193
Lines analyzed = 27142 in approximately 1.06 seconds (25542 lines/second)
Physical Source Lines of Code (SLOC) = 18902
Hits@level = [0] 62 [1] 16 [2] 162 [3] 1 [4] 14 [5] 0
Hits@level+ = [0+] 255 [1+] 193 [2+] 177 [3+] 15 [4+] 14 [5+] 0
Hits/KSLOC@level+ = [0+] 13.4906 [1+] 10.2106 [2+] 9.36409 [3+] 0.793567 [4+] 0.740662 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.