Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ffms2-2.23/include/ffms.h
Examining data/ffms2-2.23/include/ffmscompat.h
Examining data/ffms2-2.23/src/avisynth/avisynth.cpp
Examining data/ffms2-2.23/src/avisynth/avssources.cpp
Examining data/ffms2-2.23/src/avisynth/avssources.h
Examining data/ffms2-2.23/src/config/libs.cpp
Examining data/ffms2-2.23/src/config/msvc-config.h
Examining data/ffms2-2.23/src/core/audiosource.cpp
Examining data/ffms2-2.23/src/core/audiosource.h
Examining data/ffms2-2.23/src/core/ffms.cpp
Examining data/ffms2-2.23/src/core/filehandle.cpp
Examining data/ffms2-2.23/src/core/filehandle.h
Examining data/ffms2-2.23/src/core/indexing.cpp
Examining data/ffms2-2.23/src/core/indexing.h
Examining data/ffms2-2.23/src/core/lavfaudio.cpp
Examining data/ffms2-2.23/src/core/lavfindexer.cpp
Examining data/ffms2-2.23/src/core/lavfvideo.cpp
Examining data/ffms2-2.23/src/core/track.cpp
Examining data/ffms2-2.23/src/core/track.h
Examining data/ffms2-2.23/src/core/utils.cpp
Examining data/ffms2-2.23/src/core/utils.h
Examining data/ffms2-2.23/src/core/videosource.cpp
Examining data/ffms2-2.23/src/core/videosource.h
Examining data/ffms2-2.23/src/core/videoutils.cpp
Examining data/ffms2-2.23/src/core/videoutils.h
Examining data/ffms2-2.23/src/core/wave64writer.cpp
Examining data/ffms2-2.23/src/core/wave64writer.h
Examining data/ffms2-2.23/src/core/zipfile.cpp
Examining data/ffms2-2.23/src/core/zipfile.h
Examining data/ffms2-2.23/src/index/ffmsindex.cpp
Examining data/ffms2-2.23/src/vapoursynth/VSHelper.h
Examining data/ffms2-2.23/src/vapoursynth/VapourSynth.h
Examining data/ffms2-2.23/src/vapoursynth/vapoursource.cpp
Examining data/ffms2-2.23/src/vapoursynth/vapoursource.h
Examining data/ffms2-2.23/src/vapoursynth/vapoursynth.cpp

FINAL RESULTS:

data/ffms2-2.23/include/ffmscompat.h:49:10:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#	define snprintf _snprintf
data/ffms2-2.23/include/ffmscompat.h:49:19:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#	define snprintf _snprintf
data/ffms2-2.23/src/core/ffms.cpp:60:13:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	written += vsnprintf(line + written, sizeof(line) - written, fmt, vl);
data/ffms2-2.23/src/core/ffms.cpp:75:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(prev, line);
data/ffms2-2.23/src/core/ffms.cpp:358:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(FileName, s.c_str());
data/ffms2-2.23/src/core/filehandle.cpp:107:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		ret = vsnprintf(OutBuffer.data(), OutBuffer.size(), fmt, args);
data/ffms2-2.23/src/core/filehandle.h:47:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((format(printf, 2, 3)))
data/ffms2-2.23/src/index/ffmsindex.cpp:143:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	return snprintf(FileName, FileName ? FNSize : 0, AudioFile.c_str(), SourceFile, Track) + 1;
data/ffms2-2.23/src/avisynth/avssources.h:30:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ErrorBuffer[1024];
data/ffms2-2.23/src/core/audiosource.cpp:254:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dst, data, DecodeFrame->nb_samples * BytesPerSample);
data/ffms2-2.23/src/core/audiosource.cpp:323:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, ptr - MissingBytes, MissingBytes);
data/ffms2-2.23/src/core/audiosource.cpp:367:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(Dst + DstOffset * BytesPerSample, it->Data.get() + SrcOffset * BytesPerSample, Bytes);
data/ffms2-2.23/src/core/ffms.cpp:52:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char line[1024] = {}, prev[1024] = {};
data/ffms2-2.23/src/core/indexing.cpp:56:47:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void FFMS_Index::CalculateFileSignature(const char *Filename, int64_t *Filesize, uint8_t Digest[20]) {
data/ffms2-2.23/src/core/indexing.h:54:43:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static void CalculateFileSignature(const char *Filename, int64_t *Filesize, uint8_t Digest[20]);
data/ffms2-2.23/src/core/wave64writer.cpp:80:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(Header + 0, GuidRIFF, 16);
data/ffms2-2.23/src/core/wave64writer.cpp:86:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(Header + 3, GuidWAVE, 16);
data/ffms2-2.23/src/core/wave64writer.cpp:87:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(Header + 5, Guidfmt, 16);
data/ffms2-2.23/src/core/wave64writer.cpp:91:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(Header + 8, &WFEX, sizeof(WFEX));
data/ffms2-2.23/src/core/wave64writer.cpp:92:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(Header + 11, Guiddata, 16);
data/ffms2-2.23/src/core/zipfile.cpp:144:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ret, reinterpret_cast<uint8_t *>(&index_buffer[0]), index_buffer.size());
data/ffms2-2.23/src/index/ffmsindex.cpp:101:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			IgnoreErrors = atoi(OPTION_ARG("s"));
data/ffms2-2.23/src/index/ffmsindex.cpp:150:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tn[3];
data/ffms2-2.23/src/index/ffmsindex.cpp:156:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ErrorMsg[1024];
data/ffms2-2.23/src/vapoursynth/VSHelper.h:119:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(dstp, srcp, row_size * height);
data/ffms2-2.23/src/vapoursynth/VSHelper.h:125:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(dstp8, srcp8, row_size);
data/ffms2-2.23/src/vapoursynth/VapourSynth.h:143:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[32];
data/ffms2-2.23/src/vapoursynth/vapoursource.cpp:114:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char ErrorMsg[1024];
data/ffms2-2.23/src/vapoursynth/vapoursource.cpp:207:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ErrorMsg[1024];
data/ffms2-2.23/src/vapoursynth/vapoursource.cpp:259:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ErrorMsg[1024];
data/ffms2-2.23/src/vapoursynth/vapoursynth.cpp:34:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ErrorMsg[1024];
data/ffms2-2.23/src/vapoursynth/vapoursynth.cpp:132:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ErrorMsg[1024];
data/ffms2-2.23/src/vapoursynth/vapoursynth.cpp:257:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[100];
data/ffms2-2.23/src/vapoursynth/vapoursynth.cpp:258:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buf, "%d.%d.%d.%d", Version >> 24, (Version & 0xFF0000) >> 16, (Version & 0xFF00) >> 8, Version & 0xFF);
data/ffms2-2.23/src/core/ffms.cpp:343:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		s.replace(idx, strlen(from), to);

ANALYSIS SUMMARY:

Hits = 35
Lines analyzed = 7712 in approximately 0.27 seconds (29074 lines/second)
Physical Source Lines of Code (SLOC) = 5569
Hits@level = [0]   2 [1]   1 [2]  26 [3]   0 [4]   8 [5]   0
Hits@level+ = [0+]  37 [1+]  35 [2+]  34 [3+]   8 [4+]   8 [5+]   0
Hits/KSLOC@level+ = [0+] 6.64392 [1+] 6.28479 [2+] 6.10523 [3+] 1.43652 [4+] 1.43652 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.