Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/jaaa-0.9.2/source/audio.cc
Examining data/jaaa-0.9.2/source/rngen.h
Examining data/jaaa-0.9.2/source/jaaa.cc
Examining data/jaaa-0.9.2/source/audio.h
Examining data/jaaa-0.9.2/source/mainwin.cc
Examining data/jaaa-0.9.2/source/rngen.cc
Examining data/jaaa-0.9.2/source/styles.h
Examining data/jaaa-0.9.2/source/mainwin.h
Examining data/jaaa-0.9.2/source/styles.cc
Examining data/jaaa-0.9.2/source/messages.h

FINAL RESULTS:

data/jaaa-0.9.2/source/mainwin.cc:908:9:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
        sprintf (s, _fform, f / _funit);
data/jaaa-0.9.2/source/mainwin.cc:1064:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf (s, "  %5s (%+2.0lf)", _notes [n], 100.0f * f);  
data/jaaa-0.9.2/source/mainwin.cc:1174:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf (s, "%s-%s  [%s]", PROGNAME, VERSION, Z->_jname);
data/jaaa-0.9.2/source/audio.cc:179:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           s [16];
data/jaaa-0.9.2/source/audio.cc:203:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(s, "out_%d", i + 1);
data/jaaa-0.9.2/source/audio.cc:208:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(s, "in_%d", i + 1);
data/jaaa-0.9.2/source/audio.cc:262:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy (_data + _dind, p, sizeof(jack_default_audio_sample_t) * n);
data/jaaa-0.9.2/source/audio.cc:269:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy (_data + _dind, p, sizeof(jack_default_audio_sample_t) * m);
data/jaaa-0.9.2/source/audio.cc:281:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    	if (b & 1) memcpy (p, _outs, sizeof(jack_default_audio_sample_t) * nframes);
data/jaaa-0.9.2/source/jaaa.cc:32:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
#define CP (char *)
data/jaaa-0.9.2/source/mainwin.cc:822:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  s [16];
data/jaaa-0.9.2/source/mainwin.cc:834:25:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	if      (_p_val < 1e3) sprintf (s, "%5.3f", _p_val);
data/jaaa-0.9.2/source/mainwin.cc:835:32:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        else if (_p_val < 1e6) sprintf (s, "%5.3fk", _p_val / 1e3);
data/jaaa-0.9.2/source/mainwin.cc:836:32:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        else                   sprintf (s, "%5.3fM", _p_val / 1e6);
data/jaaa-0.9.2/source/mainwin.cc:841:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf (s, "%1.0f dB", _p_val);
data/jaaa-0.9.2/source/mainwin.cc:847:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf (s, "%2.1f dB", _p_val);
data/jaaa-0.9.2/source/mainwin.cc:859:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  s [16]; 
data/jaaa-0.9.2/source/mainwin.cc:926:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  s [16]; 
data/jaaa-0.9.2/source/mainwin.cc:951:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf (s, "%1.0f", a);
data/jaaa-0.9.2/source/mainwin.cc:1070:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  s [64];
data/jaaa-0.9.2/source/mainwin.cc:1080:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf (s, "BW = %4.2lf Hz = %5.2lf dBHz, VA = %d, Ptot = %5.2lf", 
data/jaaa-0.9.2/source/mainwin.cc:1093:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
         sprintf (s, "Mk1 = %8.1lf Hz, %7.2lf dB/Hz", Z->_mk1f, v1);
data/jaaa-0.9.2/source/mainwin.cc:1098:14:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
         k = sprintf (s, "Mk1 = %8.1lf Hz, %7.2lf dB", Z->_mk1f, v1);
data/jaaa-0.9.2/source/mainwin.cc:1109:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf (s, "Mk2 = %8.1lf Hz, %7.2lf dB/Hz", Z->_mk2f, v2);
data/jaaa-0.9.2/source/mainwin.cc:1114:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  	     sprintf (s, "Del = %8.1lf Hz, %7.2lf dB", Z->_mk2f - Z->_mk1f, v2 - v1);
data/jaaa-0.9.2/source/mainwin.cc:1118:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  	     sprintf (s, "Del = %8.1lf Hz, %7.2lf dB/Hz", Z->_mk2f - Z->_mk1f, v2 - v1);
data/jaaa-0.9.2/source/mainwin.cc:1126:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          k = sprintf (s, "Mk2 = %8.1lf Hz, %7.2lf dB", Z->_mk2f, v2);
data/jaaa-0.9.2/source/mainwin.cc:1132:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  	     sprintf (s, "Del = %8.1lf Hz, %7.2lf dBHz", Z->_mk2f - Z->_mk1f, v2 - v1);
data/jaaa-0.9.2/source/mainwin.cc:1136:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  	     sprintf (s, "Del = %8.1lf Hz, %7.2lf dB, (%5.3lf)", Z->_mk2f - Z->_mk1f, v2 - v1, Z->_mk2f / Z->_mk1f);
data/jaaa-0.9.2/source/mainwin.cc:1168:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s [256];
data/jaaa-0.9.2/source/mainwin.cc:1195:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy (_ipbuf + INP_MAX, _ipbuf, k * sizeof (float));
data/jaaa-0.9.2/source/mainwin.cc:1198:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (_fftbuf, _ipbuf + k - _fftlen, _fftlen * sizeof (float));
data/jaaa-0.9.2/source/mainwin.h:203:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const static char *_formats [9];
data/jaaa-0.9.2/source/mainwin.h:204:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const static char *_notes [12];
data/jaaa-0.9.2/source/rngen.cc:50:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open ("/dev/urandom", O_RDONLY);
data/jaaa-0.9.2/source/rngen.cc:54:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        k = read (fd, p, n);

ANALYSIS SUMMARY:

Hits = 36
Lines analyzed = 2827 in approximately 0.09 seconds (31317 lines/second)
Physical Source Lines of Code (SLOC) = 2210
Hits@level = [0]  27 [1]   1 [2]  32 [3]   0 [4]   3 [5]   0
Hits@level+ = [0+]  63 [1+]  36 [2+]  35 [3+]   3 [4+]   3 [5+]   0
Hits/KSLOC@level+ = [0+] 28.5068 [1+] 16.2896 [2+] 15.8371 [3+] 1.35747 [4+] 1.35747 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.