Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libdiscid-0.6.2/test/test_read.c Examining data/libdiscid-0.6.2/test/test.h Examining data/libdiscid-0.6.2/test/test_read_full.c Examining data/libdiscid-0.6.2/test/test.c Examining data/libdiscid-0.6.2/test/test_core.c Examining data/libdiscid-0.6.2/test/test_put.c Examining data/libdiscid-0.6.2/examples/discisrc.c Examining data/libdiscid-0.6.2/examples/discid.c Examining data/libdiscid-0.6.2/examples/disc_metadata.c Examining data/libdiscid-0.6.2/include/discid/discid.h Examining data/libdiscid-0.6.2/include/discid/discid_private.h Examining data/libdiscid-0.6.2/src/base64.c Examining data/libdiscid-0.6.2/src/disc_solaris.c Examining data/libdiscid-0.6.2/src/unix.c Examining data/libdiscid-0.6.2/src/toc.c Examining data/libdiscid-0.6.2/src/unix.h Examining data/libdiscid-0.6.2/src/base64.h Examining data/libdiscid-0.6.2/src/disc_generic.c Examining data/libdiscid-0.6.2/src/disc_linux.c Examining data/libdiscid-0.6.2/src/disc_darwin.c Examining data/libdiscid-0.6.2/src/disc_bsd.c Examining data/libdiscid-0.6.2/src/disc.c Examining data/libdiscid-0.6.2/src/disc_win32.c Examining data/libdiscid-0.6.2/src/sha1.c Examining data/libdiscid-0.6.2/src/sha1.h Examining data/libdiscid-0.6.2/src/ntddcdrm.h FINAL RESULTS: data/libdiscid-0.6.2/examples/discid.c:26:11: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/libdiscid-0.6.2/examples/discid.c:26:20: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/libdiscid-0.6.2/src/disc.c:446:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(toc, "%d%s%d%s%d", data/libdiscid-0.6.2/src/disc.c:454:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s%d", sep, d->track_offsets[i]); data/libdiscid-0.6.2/src/disc.c:455:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(toc, tmp); data/libdiscid-0.6.2/src/disc.c:466:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, toc); data/libdiscid-0.6.2/src/disc.c:481:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, MB_SUBMISSION_URL); data/libdiscid-0.6.2/src/disc.c:484:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, discid_get_id((DiscId *) d)); data/libdiscid-0.6.2/src/disc.c:487:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, tmp); data/libdiscid-0.6.2/src/disc.c:500:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, MB_WEBSERVICE_URL); data/libdiscid-0.6.2/src/disc.c:503:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, discid_get_id((DiscId *) d)); data/libdiscid-0.6.2/src/disc_darwin.c:76:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(device_path, _PATH_DEV); data/libdiscid-0.6.2/src/disc_win32.c:26:11: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/libdiscid-0.6.2/src/disc_win32.c:26:20: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/libdiscid-0.6.2/src/toc.c:26:11: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/libdiscid-0.6.2/src/toc.c:26:20: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/libdiscid-0.6.2/examples/disc_metadata.c:140:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_msg[256]; data/libdiscid-0.6.2/examples/disc_metadata.c:142:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * param_values[2] = {"", "recordings"}; data/libdiscid-0.6.2/examples/disc_metadata.c:145:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. drive = (char *) argv[1]; data/libdiscid-0.6.2/examples/discid.c:81:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_str[14]; data/libdiscid-0.6.2/examples/discisrc.c:30:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *features[DISCID_FEATURE_LENGTH]; data/libdiscid-0.6.2/include/discid/discid.h:468:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *features[DISCID_FEATURE_LENGTH]); data/libdiscid-0.6.2/include/discid/discid_private.h:82:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[MB_DISC_ID_LENGTH+1]; data/libdiscid-0.6.2/include/discid/discid_private.h:83:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char freedb_id[FREEDB_DISC_ID_LENGTH+1]; data/libdiscid-0.6.2/include/discid/discid_private.h:84:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char submission_url[MB_MAX_URL_LENGTH+1]; data/libdiscid-0.6.2/include/discid/discid_private.h:85:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char webservice_url[MB_MAX_URL_LENGTH+1]; data/libdiscid-0.6.2/include/discid/discid_private.h:86:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char toc_string[MB_TOC_STRING_LENGTH+1]; data/libdiscid-0.6.2/include/discid/discid_private.h:87:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_msg[MB_ERROR_MSG_LENGTH+1]; data/libdiscid-0.6.2/include/discid/discid_private.h:88:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char isrc[100][ISRC_STR_LENGTH+1]; data/libdiscid-0.6.2/include/discid/discid_private.h:89:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mcn[MCN_STR_LENGTH+1]; data/libdiscid-0.6.2/src/disc.c:120:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(disc->toc_string, toc, strlen(toc) + 1); data/libdiscid-0.6.2/src/disc.c:195:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(disc->error_msg, "Illegal track limits"); data/libdiscid-0.6.2/src/disc.c:199:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(disc->error_msg, "No offsets given"); data/libdiscid-0.6.2/src/disc.c:204:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(disc->error_msg, "Disc too long"); data/libdiscid-0.6.2/src/disc.c:209:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(disc->error_msg, "Invalid offset"); data/libdiscid-0.6.2/src/disc.c:213:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(disc->error_msg, "Invalid order"); data/libdiscid-0.6.2/src/disc.c:221:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(disc->track_offsets, offsets, sizeof(int) * (last+1)); data/libdiscid-0.6.2/src/disc.c:323:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void discid_get_feature_list(char *features[DISCID_FEATURE_LENGTH]) { data/libdiscid-0.6.2/src/disc.c:365:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char digest[20], *base64; data/libdiscid-0.6.2/src/disc.c:367:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[17]; /* for 8 hex digits (16 to avoid trouble) */ data/libdiscid-0.6.2/src/disc.c:375:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%02X", d->first_track_num); data/libdiscid-0.6.2/src/disc.c:378:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%02X", d->last_track_num); data/libdiscid-0.6.2/src/disc.c:382:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%08X", d->track_offsets[i]); data/libdiscid-0.6.2/src/disc.c:390:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, base64, size); data/libdiscid-0.6.2/src/disc.c:416:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%08x", ((n % 0xff) << 24 | t << 8 | d->last_track_num)); data/libdiscid-0.6.2/src/disc.c:428:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[16]; data/libdiscid-0.6.2/src/disc.c:465:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "&toc="); data/libdiscid-0.6.2/src/disc.c:476:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[16]; data/libdiscid-0.6.2/src/disc.c:483:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "?id="); data/libdiscid-0.6.2/src/disc.c:486:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "&tracks=%d", d->last_track_num); data/libdiscid-0.6.2/src/disc.c:502:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "?type=xml&discid="); data/libdiscid-0.6.2/src/disc_bsd.c:169:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char device_name[MAX_DEV_LEN] = ""; data/libdiscid-0.6.2/src/disc_bsd.c:188:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char result[MAX_DEV_LEN + 1]; data/libdiscid-0.6.2/src/disc_darwin.c:227:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char device_name[MAXPATHLEN] = "\0"; data/libdiscid-0.6.2/src/disc_linux.c:60:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static THREAD_LOCAL char default_device[MAX_DEV_LEN] = ""; data/libdiscid-0.6.2/src/disc_linux.c:72:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). proc_file = fopen("/proc/sys/dev/cdrom/info", "r"); data/libdiscid-0.6.2/src/disc_linux.c:176:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sense_buffer[SG_MAX_SENSE]; /* for "error situations" */ data/libdiscid-0.6.2/src/disc_linux.c:204:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cmd[10]; data/libdiscid-0.6.2/src/disc_linux.c:205:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[24]; data/libdiscid-0.6.2/src/disc_linux.c:206:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[ISRC_STR_LENGTH+1]; data/libdiscid-0.6.2/src/disc_linux.c:257:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char device_name[MAX_DEV_LEN] = ""; data/libdiscid-0.6.2/src/disc_solaris.c:44:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *device_candidates[NUM_CANDIDATES] = {"/vol/dev/aliases/cdrom0", data/libdiscid-0.6.2/src/disc_win32.c:57:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static THREAD_LOCAL char default_device[MAX_DEV_LEN] = "\0"; data/libdiscid-0.6.2/src/disc_win32.c:65:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[128]; data/libdiscid-0.6.2/src/disc_win32.c:69:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(filename, "\\\\.\\"); data/libdiscid-0.6.2/src/disc_win32.c:131:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpDevice[MAX_DEV_LEN]; data/libdiscid-0.6.2/src/disc_win32.c:204:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpDevice[MAX_DEV_LEN]; data/libdiscid-0.6.2/src/sha1.c:220:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(((SHA_BYTE *) sha_info->data) + sha_info->local, buffer, i); data/libdiscid-0.6.2/src/sha1.c:231:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sha_info->data, buffer, SHA_BLOCKSIZE); data/libdiscid-0.6.2/src/sha1.c:236:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sha_info->data, buffer, count); data/libdiscid-0.6.2/src/sha1.c:242:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sha_final(unsigned char digest[20], SHA_INFO *sha_info) data/libdiscid-0.6.2/src/sha1.c:294:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sha_stream(unsigned char digest[20], SHA_INFO *sha_info, FILE *fin) data/libdiscid-0.6.2/src/sha1.c:308:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sha_print(unsigned char digest[20]) data/libdiscid-0.6.2/src/unix.c:38:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(device, O_RDONLY | O_NONBLOCK); data/libdiscid-0.6.2/src/unix.c:67:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(device, O_RDONLY | O_NONBLOCK); data/libdiscid-0.6.2/test/test.c:28:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char details[DETAIL_LENGTH] = "\0"; data/libdiscid-0.6.2/test/test.h:24:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char details[DETAIL_LENGTH]; data/libdiscid-0.6.2/test/test_core.c:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *features[DISCID_FEATURE_LENGTH]; data/libdiscid-0.6.2/examples/disc_metadata.c:43:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buffer) > 0) data/libdiscid-0.6.2/examples/disc_metadata.c:166:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(error_msg) > 0) { data/libdiscid-0.6.2/src/disc.c:88:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(disc->id) == 0) data/libdiscid-0.6.2/src/disc.c:103:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(disc->freedb_id) == 0) data/libdiscid-0.6.2/src/disc.c:117:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(disc->toc_string) == 0 ) { data/libdiscid-0.6.2/src/disc.c:120:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(disc->toc_string, toc, strlen(toc) + 1); data/libdiscid-0.6.2/src/disc.c:136:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(disc->submission_url) == 0) data/libdiscid-0.6.2/src/disc.c:150:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(disc->webservice_url) == 0) data/libdiscid-0.6.2/src/disc.c:376:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sha_update(&sha, (unsigned char *) tmp, strlen(tmp)); data/libdiscid-0.6.2/src/disc.c:379:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sha_update(&sha, (unsigned char *) tmp, strlen(tmp)); data/libdiscid-0.6.2/src/disc.c:383:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sha_update(&sha, (unsigned char *) tmp, strlen(tmp)); data/libdiscid-0.6.2/src/disc.c:439:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size *= (6 + strlen(sep)); data/libdiscid-0.6.2/src/disc_bsd.c:124:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( disc->mcn, data/libdiscid-0.6.2/src/disc_bsd.c:148:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( disc->isrc[track_num], data/libdiscid-0.6.2/src/disc_darwin.c:79:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(device_path, "r"); data/libdiscid-0.6.2/src/disc_darwin.c:80:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dev_path_len = strlen(device_path); data/libdiscid-0.6.2/src/disc_darwin.c:127:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( disc->mcn, cd_read_mcn.mcn, MCN_STR_LENGTH ); data/libdiscid-0.6.2/src/disc_darwin.c:141:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( disc->isrc[track], cd_read_isrc.isrc, ISRC_STR_LENGTH ); data/libdiscid-0.6.2/src/disc_linux.c:83:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(lineptr); i++) { data/libdiscid-0.6.2/src/disc_linux.c:104:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (return_value && device[strlen(device)-1] == '\n') { data/libdiscid-0.6.2/src/disc_linux.c:105:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). device[strlen(device)-1] = '\0'; data/libdiscid-0.6.2/src/disc_linux.c:167:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( disc->mcn, data/libdiscid-0.6.2/src/disc_linux.c:239:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(disc->isrc[track_num], buffer, ISRC_STR_LENGTH); data/libdiscid-0.6.2/src/disc_win32.c:70:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(device); data/libdiscid-0.6.2/src/disc_win32.c:75:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(filename, device, len > 120 ? 120 : len); data/libdiscid-0.6.2/src/disc_win32.c:104:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(disc->mcn, (char *) data.MediaCatalog.MediaCatalog, data/libdiscid-0.6.2/src/disc_win32.c:124:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(disc->isrc[track], (char *) data.TrackIsrc.TrackIsrc, data/libdiscid-0.6.2/src/disc_win32.c:140:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(device, tmpDevice, device_length); data/libdiscid-0.6.2/test/test.c:43:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(details)) { data/libdiscid-0.6.2/test/test_core.c:49:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). evaluate(strlen(discid_get_version_string()) > 0); data/libdiscid-0.6.2/test/test_core.c:70:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). evaluate(strlen(discid_get_default_device()) > 0); data/libdiscid-0.6.2/test/test_core.c:83:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). evaluate(strlen(discid_get_error_msg(d)) == 0); data/libdiscid-0.6.2/test/test_core.c:85:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). evaluate(strlen(discid_get_error_msg(d)) > 0); data/libdiscid-0.6.2/test/test_put.c:76:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strlen(discid_get_error_msg(d)) > 0 data/libdiscid-0.6.2/test/test_put.c:78:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strlen(discid_get_error_msg(d)) > 0 data/libdiscid-0.6.2/test/test_put.c:80:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strlen(discid_get_error_msg(d)) > 0); data/libdiscid-0.6.2/test/test_put.c:85:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strlen(discid_get_error_msg(d)) == 0); data/libdiscid-0.6.2/test/test_put.c:107:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). evaluate(strlen(discid_get_error_msg(d)) == 0); data/libdiscid-0.6.2/test/test_read.c:60:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). evaluate(strlen(error_msg) > 0); data/libdiscid-0.6.2/test/test_read.c:71:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). evaluate(strlen(discid_get_default_device()) > 0); data/libdiscid-0.6.2/test/test_read.c:74:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). evaluate(equal_int(strlen(discid_get_id(d)), 28)); data/libdiscid-0.6.2/test/test_read.c:77:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). evaluate(equal_int(strlen(discid_get_freedb_id(d)), 8)); data/libdiscid-0.6.2/test/test_read.c:80:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). evaluate(strlen(discid_get_toc_string(d)) > 0); data/libdiscid-0.6.2/test/test_read.c:83:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). evaluate(strlen(discid_get_submission_url(d)) > 0); data/libdiscid-0.6.2/test/test_read.c:115:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). evaluate(strlen(discid_get_mcn(d)) == 0); data/libdiscid-0.6.2/test/test_read.c:120:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(discid_get_track_isrc(d, i)) == 0) { data/libdiscid-0.6.2/test/test_read.c:143:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). evaluate(strlen(discid_get_error_msg(d)) == 0); data/libdiscid-0.6.2/test/test_read_full.c:59:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). evaluate(strlen(error_msg) > 0); data/libdiscid-0.6.2/test/test_read_full.c:70:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). evaluate(equal_int(strlen(discid_get_id(d)), 28)); data/libdiscid-0.6.2/test/test_read_full.c:73:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). evaluate(strlen(discid_get_toc_string(d)) > 0); data/libdiscid-0.6.2/test/test_read_full.c:76:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). evaluate(strlen(discid_get_submission_url(d)) > 0); data/libdiscid-0.6.2/test/test_read_full.c:85:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). evaluate(strlen(mcn) == 0 || strlen(mcn) == 13); data/libdiscid-0.6.2/test/test_read_full.c:85:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). evaluate(strlen(mcn) == 0 || strlen(mcn) == 13); data/libdiscid-0.6.2/test/test_read_full.c:87:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). evaluate(strlen(mcn) == 0); data/libdiscid-0.6.2/test/test_read_full.c:96:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(isrc) == 12) { data/libdiscid-0.6.2/test/test_read_full.c:98:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (strlen(isrc) != 0) { data/libdiscid-0.6.2/test/test_read_full.c:110:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). evaluate(strlen(discid_get_error_msg(d)) == 0); ANALYSIS SUMMARY: Hits = 135 Lines analyzed = 4509 in approximately 0.15 seconds (29703 lines/second) Physical Source Lines of Code (SLOC) = 2547 Hits@level = [0] 73 [1] 57 [2] 62 [3] 0 [4] 16 [5] 0 Hits@level+ = [0+] 208 [1+] 135 [2+] 78 [3+] 16 [4+] 16 [5+] 0 Hits/KSLOC@level+ = [0+] 81.6647 [1+] 53.0035 [2+] 30.6243 [3+] 6.2819 [4+] 6.2819 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.