Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/gr-gsm-0.42.2.20200214/include/grgsm/api.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/constants.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/decoding/control_channels_decoder.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/decoding/tch_f_decoder.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/decoding/tch_h_decoder.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/decryption/decryption.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/demapping/tch_f_chans_demapper.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/demapping/tch_h_chans_demapper.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/demapping/universal_ctrl_chans_demapper.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/endian.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/flow_control/burst_fnr_filter.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/flow_control/burst_sdcch_subslot_filter.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/flow_control/burst_sdcch_subslot_splitter.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/flow_control/burst_timeslot_filter.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/flow_control/burst_timeslot_splitter.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/flow_control/burst_type_filter.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/flow_control/common.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/flow_control/dummy_burst_filter.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/flow_control/uplink_downlink_splitter.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/gsm_constants.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/gsmtap.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/misc_utils/burst_file_sink.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/misc_utils/burst_file_source.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/misc_utils/burst_to_fn_time.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/misc_utils/bursts_printer.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/misc_utils/collect_system_info.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/misc_utils/controlled_fractional_resampler_cc.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/misc_utils/controlled_rotator_cc.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/misc_utils/extract_assignment_cmd.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/misc_utils/extract_cmc.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/misc_utils/extract_immediate_assignment.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/misc_utils/extract_system_info.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/misc_utils/fn_time.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/misc_utils/message_file_sink.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/misc_utils/message_file_source.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/misc_utils/message_printer.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/misc_utils/msg_to_tag.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/misc_utils/time_spec.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/misc_utils/tmsi_dumper.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/misc_utils/udp_socket.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/plotting.hpp Examining data/gr-gsm-0.42.2.20200214/include/grgsm/qa_utils/burst_sink.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/qa_utils/burst_source.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/qa_utils/message_sink.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/qa_utils/message_source.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/receiver/clock_offset_control.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/receiver/cx_channel_hopper.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/receiver/receiver.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/transmitter/gen_test_ab.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/transmitter/preprocess_tx_burst.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/transmitter/txtime_setter.h Examining data/gr-gsm-0.42.2.20200214/include/grgsm/trx/trx_burst_if.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/control_channels_decoder_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/decoding/control_channels_decoder_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/AmrCoder.cpp Examining data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/AmrCoder.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/BitVector.cpp Examining data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/BitVector.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/GSM503Tables.cpp Examining data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/GSM503Tables.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/GSM610Tables.cpp Examining data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/GSM610Tables.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/GSM660Tables.cpp Examining data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/GSM660Tables.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/Vector.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/Viterbi.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/ViterbiR204.cpp Examining data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/ViterbiR204.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/codec/codec.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/codec/gsm610.c Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/codec/gsm610_bits.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/codec/gsm620.c Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/codec/gsm660.c Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/codec/gsm690.c Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_conv.c Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_interleaving.c Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_interleaving.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_mapping.c Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_mapping.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_parity.c Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_parity.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_tables.c Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_tables.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/bit16gen.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/bit32gen.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/bit64gen.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/bits.c Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/bits.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/bitvec.c Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/bitvec.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/conv.c Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/conv.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/conv_acc.c Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/conv_acc_generic.c Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/crc16gen.c Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/crc16gen.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/crc32gen.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/crc64gen.c Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/crc64gen.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/crc8gen.c Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/crc8gen.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/crcgen.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/defs.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/endian.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/linuxlist.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/panic.c Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/panic.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/utils.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/crypt/auth.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/gsm/a5.c Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/gsm/a5.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/gsm/auth_core.c Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/gsm/gsm0503.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/gsm/gsm48_ie.c Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/gsm/gsm48_ie.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/gsm/kasumi.c Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/gsm/kasumi.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/gsm/protocol/gsm_04_08.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/sch.c Examining data/gr-gsm-0.42.2.20200214/lib/decoding/tch_f_decoder_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/decoding/tch_f_decoder_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/decoding/tch_h_decoder_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/decoding/tch_h_decoder_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/decryption/decryption_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/decryption/decryption_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/demapping/tch_f_chans_demapper_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/demapping/tch_f_chans_demapper_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/demapping/tch_h_chans_demapper_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/demapping/tch_h_chans_demapper_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/demapping/universal_ctrl_chans_demapper_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/demapping/universal_ctrl_chans_demapper_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/flow_control/burst_fnr_filter_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/flow_control/burst_fnr_filter_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/flow_control/burst_sdcch_subslot_filter_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/flow_control/burst_sdcch_subslot_filter_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/flow_control/burst_sdcch_subslot_splitter_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/flow_control/burst_sdcch_subslot_splitter_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/flow_control/burst_timeslot_filter_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/flow_control/burst_timeslot_filter_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/flow_control/burst_timeslot_splitter_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/flow_control/burst_timeslot_splitter_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/flow_control/burst_type_filter_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/flow_control/burst_type_filter_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/flow_control/dummy_burst_filter_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/flow_control/dummy_burst_filter_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/flow_control/uplink_downlink_splitter_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/flow_control/uplink_downlink_splitter_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/burst_file_sink_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/burst_file_sink_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/burst_file_source_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/burst_file_source_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/burst_to_fn_time_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/burst_to_fn_time_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/bursts_printer_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/bursts_printer_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/collect_system_info_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/collect_system_info_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/controlled_fractional_resampler_cc_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/controlled_fractional_resampler_cc_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/controlled_rotator_cc_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/controlled_rotator_cc_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/extract_assignment_cmd_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/extract_assignment_cmd_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/extract_cmc_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/extract_cmc_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/extract_immediate_assignment_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/extract_immediate_assignment_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/extract_system_info_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/extract_system_info_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/fn_time.cc Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/message_file_sink_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/message_file_sink_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/message_file_source_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/message_file_source_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/message_printer_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/message_printer_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/msg_to_tag_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/msg_to_tag_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/time_spec.cc Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/tmsi_dumper_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/tmsi_dumper_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/misc_utils/udp_socket.cc Examining data/gr-gsm-0.42.2.20200214/lib/qa_utils/burst_sink_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/qa_utils/burst_sink_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/qa_utils/burst_source_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/qa_utils/burst_source_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/qa_utils/message_sink_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/qa_utils/message_sink_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/qa_utils/message_source_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/qa_utils/message_source_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/receiver/clock_offset_control_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/receiver/clock_offset_control_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/receiver/cx_channel_hopper_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/receiver/cx_channel_hopper_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/receiver/receiver_config.cc Examining data/gr-gsm-0.42.2.20200214/lib/receiver/receiver_config.h Examining data/gr-gsm-0.42.2.20200214/lib/receiver/receiver_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/receiver/receiver_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/receiver/sch.h Examining data/gr-gsm-0.42.2.20200214/lib/receiver/time_sample_ref.cc Examining data/gr-gsm-0.42.2.20200214/lib/receiver/time_sample_ref.h Examining data/gr-gsm-0.42.2.20200214/lib/receiver/viterbi_detector.cc Examining data/gr-gsm-0.42.2.20200214/lib/receiver/viterbi_detector.h Examining data/gr-gsm-0.42.2.20200214/lib/transmitter/gen_test_ab_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/transmitter/gen_test_ab_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/transmitter/preprocess_tx_burst_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/transmitter/preprocess_tx_burst_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/transmitter/txtime_setter_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/transmitter/txtime_setter_impl.h Examining data/gr-gsm-0.42.2.20200214/lib/trx/trx_burst_if_impl.cc Examining data/gr-gsm-0.42.2.20200214/lib/trx/trx_burst_if_impl.h FINAL RESULTS: data/gr-gsm-0.42.2.20200214/include/grgsm/misc_utils/udp_socket.h:50:41: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void handle_udp_read(const boost::system::error_code& error, data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/Vector.h:36:28: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define VECTORDEBUG(...) { printf(__VA_ARGS__); printf(" this=%p [%p,%p,%p]\n",(void*)this,(void*)&mData,mStart,mEnd); } data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/panic.c:46:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, args); data/gr-gsm-0.42.2.20200214/lib/misc_utils/udp_socket.cc:102:20: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. const boost::system::error_code& error, data/gr-gsm-0.42.2.20200214/include/grgsm/gsm_constants.h:105:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char train_seq[TRAIN_SEQ_NUM][N_TRAIN_BITS] = { data/gr-gsm-0.42.2.20200214/lib/decoding/control_channels_decoder_impl.cc:102:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bursts_u[ii*116], &burst_bits[3],58); data/gr-gsm-0.42.2.20200214/lib/decoding/control_channels_decoder_impl.cc:103:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bursts_u[ii*116+58], &burst_bits[3+57+1+26],58); data/gr-gsm-0.42.2.20200214/lib/decoding/control_channels_decoder_impl.cc:114:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header_plus_data, header, sizeof(gsmtap_hdr)); data/gr-gsm-0.42.2.20200214/lib/decoding/control_channels_decoder_impl.cc:115:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header_plus_data+sizeof(gsmtap_hdr), result, DATA_BYTES); data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/AmrCoder.h:70:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rState[mIRate];///< real states of encoders associated with this candidate data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/AmrCoder.h:183:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rState[mIRate];///< real states of encoders associated with this candidate data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/AmrCoder.h:297:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rState[mIRate];///< real states of encoders associated with this candidate data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/AmrCoder.h:411:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rState[mIRate];///< real states of encoders associated with this candidate data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/AmrCoder.h:525:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rState[mIRate];///< real states of encoders associated with this candidate data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/AmrCoder.h:639:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rState[mIRate];///< real states of encoders associated with this candidate data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/AmrCoder.h:753:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rState[mIRate];///< real states of encoders associated with this candidate data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/AmrCoder.h:867:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rState[mIRate];///< real states of encoders associated with this candidate data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/Vector.h:194:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mData,other.mStart,other.bytes()); data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/Vector.h:199:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->mStart, other1.mStart, other1.bytes()); data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/Vector.h:200:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->mStart+other1.size(), other2.mStart, other2.bytes()); data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/Vector.h:225:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/Vector.h:242:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(base,mStart,span*sizeof(T)); data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/Vector.h:262:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(other.mStart,base,span*sizeof(T)); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:527:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cB, gsm0503_usf2twelve_ubit[usf], 12); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:777:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d, u, 95); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:778:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, u + 95, 3); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:783:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(u, d, 95); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:784:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(u + 95, p, 3); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:789:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(w, s, 71); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:791:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(w + 73, s + 71, 50); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:793:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(w + 125, s + 121, 53); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:795:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(w + 180, s + 174, 50); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:797:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(w + 232, s + 224, 20); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:798:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(w + 252, p, 8); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:805:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, w, 71); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:808:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + 71, w + 73, 50); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:811:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + 121, w + 125, 53); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:814:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + 174, w + 180, 50); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:817:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + 224, w + 232, 20); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:818:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, w + 252, 8); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:823:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(u, d, prot); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:824:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(u + prot, p, 6); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:825:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(u + prot + 6, d + prot, len - prot); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:830:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d, u, prot); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:831:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, u + prot, 6); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:832:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d + prot, u + prot + 6, len - prot); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:958:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cB + 378, d + 182, 78); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:1085:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cB + 211, d + 95, 17); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:1481:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cB, gsm0503_afs_ic_ubit[id], 8); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:1778:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cB + 192, d + 123, 36); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:1793:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cB + 200, d + 120, 28); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:1808:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cB + 204, d + 110, 24); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:1823:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cB + 212, d + 102, 16); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:1838:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cB + 216, d + 91, 12); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:1853:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cB + 216, d + 83, 12); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_coding.c:1861:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cB, gsm0503_afs_ic_ubit[id], 4); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_interleaving.c:374:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dc[0], c1, 612); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_interleaving.c:375:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dc[612], c2, 612); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_interleaving.c:413:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c1, &dc[0], 612); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_interleaving.c:414:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c2, &dc[612], 612); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_interleaving.c:436:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dc[0], c1, 612); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_interleaving.c:437:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dc[612], c2, 612); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_interleaving.c:475:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c1, &dc[0], 612); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_interleaving.c:476:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c2, &dc[612], 612); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_interleaving.c:498:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dc[0], c1, 612); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_interleaving.c:499:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dc[612], c2, 612); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_interleaving.c:538:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c1, &dc[0], 612); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_interleaving.c:539:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c2, &dc[612], 612); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_interleaving.c:561:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dc[0], c1, 612); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_interleaving.c:562:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dc[612], c2, 612); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_interleaving.c:600:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c1, &dc[0], 612); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_interleaving.c:601:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c2, &dc[612], 612); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_mapping.c:43:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iB, eB, 57); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_mapping.c:44:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iB + 57, eB + 59, 57); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_mapping.c:56:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eB, iB, 57); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/coding/gsm0503_mapping.c:57:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eB + 59, iB + 57, 57); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/bitvec.c:346:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bytes, bv->data + byte_offs, count); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/bitvec.c:382:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bv->data + byte_offs, bytes, count); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/conv.c:378:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(in_sym, &input[i_idx], code->N); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/conv.c:418:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ae, ae_next, sizeof(unsigned int) * n_states); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/conv.c:480:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(in_sym, &input[i_idx], code->N); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/conv.c:524:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ae, ae_next, sizeof(unsigned int) * n_states); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/core/conv_acc_generic.c:132:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sums, new_sums, num_states * sizeof(int16_t)); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/gsm/auth_core.c:108:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ik+4, kc, 8); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/gsm/auth_core.c:116:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ck, kc, 8); data/gr-gsm-0.42.2.20200214/lib/decoding/osmocom/gsm/auth_core.c:117:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ck+8, kc, 8); data/gr-gsm-0.42.2.20200214/lib/decoding/sch.c:61:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bursts_u, buf, SCH_DATA_LEN); data/gr-gsm-0.42.2.20200214/lib/decoding/sch.c:62:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bursts_u + SCH_DATA_LEN, buf + SCH_DATA_LEN + N_SYNC_BITS, SCH_DATA_LEN); data/gr-gsm-0.42.2.20200214/lib/decoding/tch_f_decoder_impl.cc:120:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char amr_nb_magic[7] = "#!AMR\n"; data/gr-gsm-0.42.2.20200214/lib/decoding/tch_f_decoder_impl.cc:143:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bursts_u[ii*116], &burst_bits[3],58); data/gr-gsm-0.42.2.20200214/lib/decoding/tch_f_decoder_impl.cc:144:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bursts_u[ii*116+58], &burst_bits[3+57+1+26],58); data/gr-gsm-0.42.2.20200214/lib/decoding/tch_f_decoder_impl.cc:174:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char outmsg[28]; data/gr-gsm-0.42.2.20200214/lib/decoding/tch_f_decoder_impl.cc:187:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header_plus_data, header, sizeof(gsmtap_hdr)); data/gr-gsm-0.42.2.20200214/lib/decoding/tch_f_decoder_impl.cc:188:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header_plus_data+sizeof(gsmtap_hdr), outmsg, DATA_BYTES); data/gr-gsm-0.42.2.20200214/lib/decoding/tch_f_decoder_impl.h:78:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char iBLOCK[2*BLOCKS*iBLOCK_SIZE]; data/gr-gsm-0.42.2.20200214/lib/decoding/tch_h_decoder_impl.cc:235:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bursts_u[n*116], &burst_bits[3],58); data/gr-gsm-0.42.2.20200214/lib/decoding/tch_h_decoder_impl.cc:236:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bursts_u[n*116+58], &burst_bits[3+57+1+26],58); data/gr-gsm-0.42.2.20200214/lib/decoding/tch_h_decoder_impl.cc:282:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header_plus_data, header, sizeof(gsmtap_hdr)); data/gr-gsm-0.42.2.20200214/lib/decoding/tch_h_decoder_impl.cc:283:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header_plus_data+sizeof(gsmtap_hdr), frameBuffer, frameLength); data/gr-gsm-0.42.2.20200214/lib/decoding/tch_h_decoder_impl.cc:347:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char amr_nb_magic[7] = "#!AMR\n"; data/gr-gsm-0.42.2.20200214/lib/decryption/decryption_impl.cc:160:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_header_plus_burst, header, sizeof(gsmtap_hdr)); data/gr-gsm-0.42.2.20200214/lib/decryption/decryption_impl.cc:161:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_header_plus_burst+sizeof(gsmtap_hdr), decrypted_data, BURST_SIZE); data/gr-gsm-0.42.2.20200214/lib/demapping/tch_f_chans_demapper_impl.cc:86:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_msg, header, sizeof(gsmtap_hdr)+BURST_SIZE); data/gr-gsm-0.42.2.20200214/lib/demapping/tch_h_chans_demapper_impl.cc:87:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_msg, header, sizeof(gsmtap_hdr)+BURST_SIZE); data/gr-gsm-0.42.2.20200214/lib/demapping/universal_ctrl_chans_demapper_impl.cc:109:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(burst_tmp, burst_in_int8, sizeof(gsmtap_hdr)+BURST_SIZE); data/gr-gsm-0.42.2.20200214/lib/misc_utils/msg_to_tag_impl.cc:92:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output_items[0], input_items[0], sizeof(gr_complex)*noutput_items); data/gr-gsm-0.42.2.20200214/lib/misc_utils/tmsi_dumper_impl.cc:218:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dump_file.open("tmsicount.txt", std::ios_base::app); data/gr-gsm-0.42.2.20200214/lib/qa_utils/burst_source_impl.cc:150:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header_plus_burst, tap_header.get(), sizeof(gsmtap_hdr)); data/gr-gsm-0.42.2.20200214/lib/qa_utils/burst_source_impl.cc:151:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header_plus_burst + sizeof(gsmtap_hdr), burst, BURST_SIZE); data/gr-gsm-0.42.2.20200214/lib/receiver/cx_channel_hopper_impl.cc:89:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char RNTABLE[114] = { data/gr-gsm-0.42.2.20200214/lib/receiver/receiver_impl.cc:242:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char burst_buf[BURST_SIZE]; data/gr-gsm-0.42.2.20200214/lib/receiver/receiver_impl.cc:290:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char output_binary[BURST_SIZE]; data/gr-gsm-0.42.2.20200214/lib/receiver/receiver_impl.cc:1062:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(burst, burst_binary, BURST_SIZE); data/gr-gsm-0.42.2.20200214/lib/transmitter/gen_test_ab_impl.cc:86:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(access_burst, AB, 148); data/gr-gsm-0.42.2.20200214/lib/trx/trx_burst_if_impl.cc:224:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + sizeof(gsmtap_hdr), payload + 6, BURST_SIZE); data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/AmrCoder.cpp:438:72: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. const ViterbiTCH_AFS12_2::vCand &minCost = decoder.step(*ip, match, mismatch); data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/AmrCoder.cpp:645:72: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. const ViterbiTCH_AFS10_2::vCand &minCost = decoder.step(*ip, match, mismatch); data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/AmrCoder.cpp:852:72: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. const ViterbiTCH_AFS7_95::vCand &minCost = decoder.step(*ip, match, mismatch); data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/AmrCoder.cpp:1059:71: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. const ViterbiTCH_AFS7_4::vCand &minCost = decoder.step(*ip, match, mismatch); data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/AmrCoder.cpp:1268:71: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. const ViterbiTCH_AFS6_7::vCand &minCost = decoder.step(*ip, match, mismatch); data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/AmrCoder.cpp:1477:71: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. const ViterbiTCH_AFS5_9::vCand &minCost = decoder.step(*ip, match, mismatch); data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/AmrCoder.cpp:1688:72: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. const ViterbiTCH_AFS5_15::vCand &minCost = decoder.step(*ip, match, mismatch); data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/AmrCoder.cpp:1899:72: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. const ViterbiTCH_AFS4_75::vCand &minCost = decoder.step(*ip, match, mismatch); data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/BitVector.cpp:43:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vInit(strlen(valString)); data/gr-gsm-0.42.2.20200214/lib/decoding/openbts/ViterbiR204.cpp:290:40: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. minCost = decoder.vstep(*ip, match, mismatch, oCount < oSize); data/gr-gsm-0.42.2.20200214/lib/misc_utils/message_file_source_impl.cc:90:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (d_input_file.read(unserialized, PMT_SIZE) && !d_finished) ANALYSIS SUMMARY: Hits = 126 Lines analyzed = 38894 in approximately 1.25 seconds (31077 lines/second) Physical Source Lines of Code (SLOC) = 23250 Hits@level = [0] 7 [1] 11 [2] 111 [3] 0 [4] 4 [5] 0 Hits@level+ = [0+] 133 [1+] 126 [2+] 115 [3+] 4 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 5.72043 [1+] 5.41935 [2+] 4.94624 [3+] 0.172043 [4+] 0.172043 [5+] 0 Symlinks skipped = 1 (--allowlink overrides but see doc for security issue) Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.