Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/freedv-1.4.3~1gdc71a1c/src/afreedvplugin.c
Examining data/freedv-1.4.3~1gdc71a1c/src/comp.h
Examining data/freedv-1.4.3~1gdc71a1c/src/dlg_audiooptions.cpp
Examining data/freedv-1.4.3~1gdc71a1c/src/dlg_audiooptions.h
Examining data/freedv-1.4.3~1gdc71a1c/src/dlg_filter.h
Examining data/freedv-1.4.3~1gdc71a1c/src/dlg_options.cpp
Examining data/freedv-1.4.3~1gdc71a1c/src/dlg_options.h
Examining data/freedv-1.4.3~1gdc71a1c/src/dlg_plugin.cpp
Examining data/freedv-1.4.3~1gdc71a1c/src/dlg_plugin.h
Examining data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_defines.h
Examining data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_pa_wrapper.cpp
Examining data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_pa_wrapper.h
Examining data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot.cpp
Examining data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot.h
Examining data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot_scalar.cpp
Examining data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot_scalar.h
Examining data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot_scatter.cpp
Examining data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot_scatter.h
Examining data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot_spectrum.cpp
Examining data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot_spectrum.h
Examining data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot_waterfall.cpp
Examining data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot_waterfall.h
Examining data/freedv-1.4.3~1gdc71a1c/src/hamlib.cpp
Examining data/freedv-1.4.3~1gdc71a1c/src/hamlib.h
Examining data/freedv-1.4.3~1gdc71a1c/src/osx_interface.h
Examining data/freedv-1.4.3~1gdc71a1c/src/serialport.cpp
Examining data/freedv-1.4.3~1gdc71a1c/src/serialport.h
Examining data/freedv-1.4.3~1gdc71a1c/src/sox/band.h
Examining data/freedv-1.4.3~1gdc71a1c/src/sox/biquad.c
Examining data/freedv-1.4.3~1gdc71a1c/src/sox/biquad.h
Examining data/freedv-1.4.3~1gdc71a1c/src/sox/biquads.c
Examining data/freedv-1.4.3~1gdc71a1c/src/sox/effects.c
Examining data/freedv-1.4.3~1gdc71a1c/src/sox/effects.h
Examining data/freedv-1.4.3~1gdc71a1c/src/sox/effects_i.c
Examining data/freedv-1.4.3~1gdc71a1c/src/sox/formats_i.c
Examining data/freedv-1.4.3~1gdc71a1c/src/sox/libsox.c
Parsing failed to find end of parameter list; semicolon terminated it in (file, "sun c " STRINGIZE(__SUNPRO_C),
#else
        NULL,
#endif
        /* sox_arch */
        NULL
    };

    if (!info.version)
    {
        info.version = sox_version();
    }

    if (!info.ar
Examining data/freedv-1.4.3~1gdc71a1c/src/sox/sox.h
Examining data/freedv-1.4.3~1gdc71a1c/src/sox/sox_i.h
Examining data/freedv-1.4.3~1gdc71a1c/src/sox/soxomp.h
Examining data/freedv-1.4.3~1gdc71a1c/src/sox/util.h
Examining data/freedv-1.4.3~1gdc71a1c/src/sox/xmalloc.c
Examining data/freedv-1.4.3~1gdc71a1c/src/sox/xmalloc.h
Examining data/freedv-1.4.3~1gdc71a1c/src/sox_biquad.c
Examining data/freedv-1.4.3~1gdc71a1c/src/sox_biquad.h
Examining data/freedv-1.4.3~1gdc71a1c/src/topFrame.cpp
Examining data/freedv-1.4.3~1gdc71a1c/src/topFrame.h
Examining data/freedv-1.4.3~1gdc71a1c/src/dlg_filter.cpp
Examining data/freedv-1.4.3~1gdc71a1c/src/dlg_ptt.cpp
Examining data/freedv-1.4.3~1gdc71a1c/src/dlg_ptt.h
Examining data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.h
Examining data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp

FINAL RESULTS:

data/freedv-1.4.3~1gdc71a1c/src/dlg_ptt.cpp:562:34:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            hamlib_serial_config.sprintf(" %d, %d, %d", 
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1147:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(callsign_checksum_cr, "%s%2x", callsign, checksum);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1150:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(callsign, callsign_checksum_cr);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1201:21:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                    sprintf(s1,"rx_txtmsg %s", m_callsign);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:3656:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(arg[argc++], "%s", filterType);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:3662:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(arg[argc++], "%s", filterType);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:4737:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(value, v.mb_str().data());
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot_scalar.cpp:62:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(m_a_fmt, a_fmt);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot_scalar.cpp:305:13:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            sprintf(buf, m_a_fmt, a);
data/freedv-1.4.3~1gdc71a1c/src/sox/effects_i.c:41:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(*usage, lines[0]);
data/freedv-1.4.3~1gdc71a1c/src/sox/effects_i.c:44:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(*usage, lines[i]);
data/freedv-1.4.3~1gdc71a1c/src/sox/formats_i.c:34:3:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  vsnprintf(ft->sox_errstr, sizeof(ft->sox_errstr), fmt, args);
data/freedv-1.4.3~1gdc71a1c/src/sox/formats_i.c:36:3:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
  vsprintf(ft->sox_errstr, fmt, args);
data/freedv-1.4.3~1gdc71a1c/src/sox/libsox.c:82:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(file, "sun c " STRINGIZE(__SUNPRO_C),
data/freedv-1.4.3~1gdc71a1c/src/sox/libsox.c:119:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, fmt, ap);
data/freedv-1.4.3~1gdc71a1c/src/sox/sox.h:73:47:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define LSX_PRINTF12  __attribute__ ((format (printf, 1, 2))) /* Function has printf-style arguments. */
data/freedv-1.4.3~1gdc71a1c/src/sox/sox_i.h:211:25:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 3, 4)));
data/freedv-1.4.3~1gdc71a1c/src/sox/util.h:118:9:  [4] (tmpfile) mktemp:
  Temporary file race condition (CWE-377).
#define mktemp _mktemp
data/freedv-1.4.3~1gdc71a1c/src/sox/util.h:122:9:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
#define popen _popen
data/freedv-1.4.3~1gdc71a1c/src/sox/util.h:124:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf _snprintf
data/freedv-1.4.3~1gdc71a1c/src/sox/util.h:124:18:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf _snprintf
data/freedv-1.4.3~1gdc71a1c/src/sox/xmalloc.h:29:29:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
#define lsx_strdup(p) ((p)? strcpy((char *)lsx_malloc(strlen(p) + 1), p) : NULL)
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:212:22:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
    m_plugInHandle = LoadLibrary(dll_path);
data/freedv-1.4.3~1gdc71a1c/src/afreedvplugin.c:52:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(name, "aFreeDVplugIn");
data/freedv-1.4.3~1gdc71a1c/src/afreedvplugin.c:73:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(param_names[0], "SymbolRate");
data/freedv-1.4.3~1gdc71a1c/src/afreedvplugin.c:74:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(param_names[1], "NumTones");
data/freedv-1.4.3~1gdc71a1c/src/afreedvplugin.c:95:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char txt[80];
data/freedv-1.4.3~1gdc71a1c/src/afreedvplugin.c:100:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    states->symbol_rate = atoi(txt);
data/freedv-1.4.3~1gdc71a1c/src/afreedvplugin.c:103:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    states->num_tones = atoi(txt);
data/freedv-1.4.3~1gdc71a1c/src/dlg_filter.cpp:733:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  *argBass[10];
data/freedv-1.4.3~1gdc71a1c/src/dlg_filter.cpp:734:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  *argTreble[10];
data/freedv-1.4.3~1gdc71a1c/src/dlg_filter.cpp:735:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  *argMid[10];
data/freedv-1.4.3~1gdc71a1c/src/dlg_filter.cpp:736:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char   argstorage[10][80];
data/freedv-1.4.3~1gdc71a1c/src/dlg_filter.cpp:747:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(argBass[0], "bass");                
data/freedv-1.4.3~1gdc71a1c/src/dlg_filter.cpp:748:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(argBass[1], "%f", eqBass->gaindB+1E-6);
data/freedv-1.4.3~1gdc71a1c/src/dlg_filter.cpp:749:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(argBass[2], "%f", eqBass->freqHz);      
data/freedv-1.4.3~1gdc71a1c/src/dlg_filter.cpp:753:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(argTreble[0], "treble");                
data/freedv-1.4.3~1gdc71a1c/src/dlg_filter.cpp:754:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(argTreble[1], "%f", eqTreble->gaindB+1E-6);
data/freedv-1.4.3~1gdc71a1c/src/dlg_filter.cpp:755:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(argTreble[2], "%f", eqTreble->freqHz);      
data/freedv-1.4.3~1gdc71a1c/src/dlg_filter.cpp:759:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(argTreble[0], "equalizer");                
data/freedv-1.4.3~1gdc71a1c/src/dlg_filter.cpp:760:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(argTreble[1], "%f", eqMid->freqHz);      
data/freedv-1.4.3~1gdc71a1c/src/dlg_filter.cpp:761:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(argTreble[2], "%f", eqMid->Q);      
data/freedv-1.4.3~1gdc71a1c/src/dlg_filter.cpp:762:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(argTreble[3], "%f", eqMid->gaindB+1E-6);
data/freedv-1.4.3~1gdc71a1c/src/dlg_options.cpp:793:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[80];
data/freedv-1.4.3~1gdc71a1c/src/dlg_options.cpp:794:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(s, "hello from FreeDV!");
data/freedv-1.4.3~1gdc71a1c/src/dlg_options.cpp:800:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fifo_counters[256];
data/freedv-1.4.3~1gdc71a1c/src/dlg_options.cpp:802:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(fifo_counters, "Fifos: infull1: %d outempty1: %d infull2: %d outempty2: %d", g_infifo1_full, g_outfifo1_empty, g_infifo2_full, g_outfifo2_empty);
data/freedv-1.4.3~1gdc71a1c/src/dlg_options.cpp:806:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pa_counters1[256];
data/freedv-1.4.3~1gdc71a1c/src/dlg_options.cpp:809:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(pa_counters1, "PortAudio1: inUnderflow: %d inOverflow: %d outUnderflow %d outOverflow %d framesPerBuf: %d", g_PAstatus1[0], g_PAstatus1[1], g_PAstatus1[2], g_PAstatus1[3], g_PAframesPerBuffer1);
data/freedv-1.4.3~1gdc71a1c/src/dlg_options.cpp:812:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pa_counters2[256];
data/freedv-1.4.3~1gdc71a1c/src/dlg_options.cpp:815:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(pa_counters2, "PortAudio2: inUnderflow: %d inOverflow: %d outUnderflow %d outOverflow %d framesPerBuf: %d", g_PAstatus2[0], g_PAstatus2[1], g_PAstatus2[2], g_PAstatus2[3], g_PAframesPerBuffer2);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:241:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char s[256];
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:247:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char param_name1[80], param_name2[80];
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:248:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char *param_names[2] = {param_name1, param_name2};
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:615:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sqsnr[15];
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:617:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(sqsnr, "%4.1f", g_SquelchLevel);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:709:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    ftest = fopen("ftest.raw", "wb");
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1045:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char snr[15];
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1046:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(snr, "%d", (int)(g_snr+0.5)); // round to nearest dB
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1128:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char callsign[MAX_CALLSIGN];
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1143:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char callsign_checksum_cr[MAX_CALLSIGN+1];
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1200:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char s1[MAX_CALLSIGN];
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1250:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char bits[80], freqoffset[80];
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1251:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(bits, "Bits: %d", horus_get_total_payload_bits(g_horus)); wxString bits_string(bits); m_textBits->SetLabel(bits_string);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1252:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(freqoffset, "FrqOff: %4.0f", g_stats.foff);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1285:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char bits[80], errors[80], ber[80], resyncs[80], clockoffset[80], freqoffset[80], syncmetric[80];
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1286:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(bits, "Bits: %d", freedv_get_total_bits(g_pfreedv)); wxString bits_string(bits); m_textBits->SetLabel(bits_string);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1287:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(errors, "Errs: %d", freedv_get_total_bit_errors(g_pfreedv)); wxString errors_string(errors); m_textErrors->SetLabel(errors_string);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1289:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(ber, "BER: %4.3f", b); wxString ber_string(ber); m_textBER->SetLabel(ber_string);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1290:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(resyncs, "Resyncs: %d", g_resyncs); wxString resyncs_string(resyncs); m_textResyncs->SetLabel(resyncs_string);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1292:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(freqoffset, "FrqOff: %3.1f", g_stats.foff);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1294:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(syncmetric, "Sync: %3.2f", g_stats.sync_metric);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1302:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char var_str[80]; sprintf(var_str, "Var: %4.1f", var);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1302:31:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            char var_str[80]; sprintf(var_str, "Var: %4.1f", var);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1308:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(clockoffset, "ClkOff: %5d", (int)round(g_stats.clock_offset*1E6));
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1515:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sqsnr[15];
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1517:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(sqsnr, "%4.1f", g_SquelchLevel); // 0.5 dB steps
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1628:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char e[80]; sprintf(e,"ptt"); processTxtEvent(e);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1628:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        char e[80]; sprintf(e,"ptt"); processTxtEvent(e);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1863:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char s[100]; sprintf(s, "rx sync");
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1863:26:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            char s[100]; sprintf(s, "rx sync");
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:2892:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char e[80]; sprintf(e,"start"); processTxtEvent(e);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:2892:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        char e[80]; sprintf(e,"start"); processTxtEvent(e);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:2984:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char e[80]; sprintf(e,"stop"); processTxtEvent(e);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:2984:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        char e[80]; sprintf(e,"stop"); processTxtEvent(e);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:3640:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  *arg[SBQ_MAX_ARGS];
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:3641:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char   argstorage[SBQ_MAX_ARGS][80];
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:3657:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(arg[argc++], "%f", gaindB+1E-6);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:3658:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(arg[argc++], "%f", freqHz);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:3663:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(arg[argc++], "%f", freqHz);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:3664:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(arg[argc++], "%f", Q);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:3665:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(arg[argc++], "%f", gaindB+1E-6);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:3950:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(outfreedv, infreedv, sizeof(short)*nfreedv);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:4193:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char  ascii_out[max_ascii_out];
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:4582:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:4583:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char reply[80];
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:4596:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(reply,"nope\n");
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:4603:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(reply,"ok\n");
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:4612:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(reply,"ok\n");
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:4618:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(reply,"ok\n");
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:4624:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(reply,"ok\n");
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:4835:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      m_hidPort = open(wxGetApp().m_strRigHidPort.c_str(),O_RDWR,0);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.h:629:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char        m_callsign[MAX_CALLSIGN];
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot.cpp:254:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[15];
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot.cpp:273:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf, "%1.1f Hz",(double)(p / 10));
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot.cpp:280:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf, "%1.0f", (double)((m_rGrid.GetHeight() - p) * -10));
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot_scalar.cpp:248:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char     buf[15];
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot_scalar.cpp:279:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(buf, "%2.1fs", t);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot_scalar.h:61:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	 char     m_a_fmt[15];
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot_spectrum.cpp:166:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char     buf[15];
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot_spectrum.cpp:187:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%4.0fHz", (float)MAX_F_HZ - STEP_F_HZ);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot_spectrum.cpp:204:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf, "%4.0fHz", f);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot_spectrum.cpp:226:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf, "%3.0fdB", mag);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot_waterfall.cpp:234:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char     buf[15];
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot_waterfall.cpp:255:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%4.0fHz", (float)MAX_F_HZ - STEP_F_HZ);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot_waterfall.cpp:271:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf, "%4.0fHz", f);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot_waterfall.cpp:293:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf, "%3.0fs", time);
data/freedv-1.4.3~1gdc71a1c/src/hamlib.cpp:85:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char name[128];
data/freedv-1.4.3~1gdc71a1c/src/hamlib.cpp:121:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char civ_addr[5];
data/freedv-1.4.3~1gdc71a1c/src/serialport.cpp:43:9:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        TCHAR  lpszFunction[100];
data/freedv-1.4.3~1gdc71a1c/src/serialport.cpp:59:9:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        TCHAR  nameWithStrangePrefix[100];
data/freedv-1.4.3~1gdc71a1c/src/serialport.cpp:193:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if((com_handle=open(name, O_NONBLOCK|O_RDWR))== COM_HANDLE_INVALID)
data/freedv-1.4.3~1gdc71a1c/src/sox/effects.c:40:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(obuf, ibuf, *isamp * sizeof(*obuf));
data/freedv-1.4.3~1gdc71a1c/src/sox/effects.c:83:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(argv2 + 1, argv, argc * sizeof(*argv2));
data/freedv-1.4.3~1gdc71a1c/src/sox/effects_i.c:358:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  else if (!(file = fopen(filename, "r"))) {
data/freedv-1.4.3~1gdc71a1c/src/sox/libsox.c:26:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char versionstr[20];
data/freedv-1.4.3~1gdc71a1c/src/sox/libsox.c:28:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(versionstr, "%d.%d.%d",
data/freedv-1.4.3~1gdc71a1c/src/sox/libsox.c:39:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char arch[30];
data/freedv-1.4.3~1gdc71a1c/src/sox/libsox.c:116:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char base_name[128];
data/freedv-1.4.3~1gdc71a1c/src/sox/sox.h:1549:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char             sox_errstr[256]; /**< Failure error text */
data/freedv-1.4.3~1gdc71a1c/src/sox/util.h:120:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define open _open
data/freedv-1.4.3~1gdc71a1c/src/sox/xmalloc.h:30:31:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define lsx_memdup(p,s) ((p)? memcpy(lsx_malloc(s), p, s) : NULL)
data/freedv-1.4.3~1gdc71a1c/src/sox_biquad.c:70:36:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        sampleRate = (argc == 4) ? atol(argv[4]) : 8000;
data/freedv-1.4.3~1gdc71a1c/src/sox_biquad.c:73:36:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        sampleRate = (argc == 3) ? atol(argv[3]) : 8000;
data/freedv-1.4.3~1gdc71a1c/src/dlg_options.cpp:795:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    UDPSend(wxGetApp().m_udp_port, s, strlen(s)+1);
data/freedv-1.4.3~1gdc71a1c/src/dlg_ptt.cpp:342:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if(gl.gl_pathv[i][strlen(gl.gl_pathv[i])-1]=='/')
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1129:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(callsign, (const char*) wxGetApp().m_callSign.mb_str(wxConvUTF8), MAX_CALLSIGN-1);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1133:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((unsigned)codec2_fifo_used(g_txDataInFifo) < strlen(callsign)) {
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1145:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            for(i=0; i<strlen(callsign); i++)
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1148:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            callsign_checksum_cr[strlen(callsign)+2] = 13;
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1149:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            callsign_checksum_cr[strlen(callsign)+3] = 0;
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1153:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            callsign[strlen(callsign)] = 13;
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1154:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            callsign[strlen(callsign)+1] = 0;
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1161:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        for(i=0; i<strlen(callsign); i++) {
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1185:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (strlen(m_callsign) > 2) {
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1186:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    for(unsigned int i=0; i<strlen(m_callsign)-2; i++)
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1190:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                int ret = sscanf(&m_callsign[strlen(m_callsign)-2], "%2x", &checksum_tx);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1195:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    m_callsign[strlen(m_callsign)-2] = 0;
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:1865:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                UDPSend(wxGetApp().m_udp_port, s, strlen(s)+1);
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:4204:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                for (i=0; i<(int)strlen(ascii_out); i++) {
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:4211:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                UDPSend(wxGetApp().m_udp_port, ascii_out, strlen(ascii_out));
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:4632:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
       if ( m_udp_sock->SendTo(m_udp_addr, reply, strlen(reply)).LastCount() != strlen(reply)) {
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_main.cpp:4632:81:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
       if ( m_udp_sock->SendTo(m_udp_addr, reply, strlen(reply)).LastCount() != strlen(reply)) {
data/freedv-1.4.3~1gdc71a1c/src/fdmdv2_plot_scalar.cpp:61:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    assert(strlen(a_fmt) < 15);
data/freedv-1.4.3~1gdc71a1c/src/hamlib.cpp:131:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(m_rig->state.rigport.pathname, serial_port, FILPATHLEN - 1);
data/freedv-1.4.3~1gdc71a1c/src/serialport.cpp:26:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            name, (int)strlen(name), useRTS, RTSPos, useDTR, DTRPos);
data/freedv-1.4.3~1gdc71a1c/src/sox/biquad.c:51:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((size_t)p->width_type >= strlen(all_width_types))
data/freedv-1.4.3~1gdc71a1c/src/sox/effects_i.c:39:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (len = i = 0; i < n; len += strlen(lines[i++]) + 1);
data/freedv-1.4.3~1gdc71a1c/src/sox/effects_i.c:43:7:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
      strcat(*usage, "\n");
data/freedv-1.4.3~1gdc71a1c/src/sox/formats_i.c:200:17:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                getc((FILE*)ft->fp);
data/freedv-1.4.3~1gdc71a1c/src/sox/formats_i.c:259:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (lsx_writebuf(ft, c, strlen(c)) != strlen(c))
data/freedv-1.4.3~1gdc71a1c/src/sox/formats_i.c:259:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (lsx_writebuf(ft, c, strlen(c)) != strlen(c))
data/freedv-1.4.3~1gdc71a1c/src/sox/libsox.c:184:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dot_pos = dot_pos ? dot_pos : base_name + strlen(base_name);
data/freedv-1.4.3~1gdc71a1c/src/sox/sox.h:1464:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  sox_format_handler_read read;       /**< called to read (decode) a block of samples */
data/freedv-1.4.3~1gdc71a1c/src/sox/xmalloc.h:29:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define lsx_strdup(p) ((p)? strcpy((char *)lsx_malloc(strlen(p) + 1), p) : NULL)

ANALYSIS SUMMARY:

Hits = 165
Lines analyzed = 20430 in approximately 0.54 seconds (37702 lines/second)
Physical Source Lines of Code (SLOC) = 12914
Hits@level = [0] 132 [1]  31 [2] 111 [3]   1 [4]  22 [5]   0
Hits@level+ = [0+] 297 [1+] 165 [2+] 134 [3+]  23 [4+]  22 [5+]   0
Hits/KSLOC@level+ = [0+] 22.9983 [1+] 12.7768 [2+] 10.3763 [3+] 1.78101 [4+] 1.70358 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.