Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libdssialsacompat-1.0.8a/alsa/asoundef.h Examining data/libdssialsacompat-1.0.8a/alsa/asoundlib.h Examining data/libdssialsacompat-1.0.8a/alsa/seq.h Examining data/libdssialsacompat-1.0.8a/alsa/seq_event.h Examining data/libdssialsacompat-1.0.8a/alsa/seq_midi_event.h Examining data/libdssialsacompat-1.0.8a/alsa/sound/asequencer.h Examining data/libdssialsacompat-1.0.8a/dssi_alsa_compat.c FINAL RESULTS: data/libdssialsacompat-1.0.8a/alsa/seq_event.h:305:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char unused[3]; /**< reserved */ data/libdssialsacompat-1.0.8a/alsa/seq_event.h:312:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char d[12]; /**< 8 bit value */ data/libdssialsacompat-1.0.8a/alsa/seq_event.h:379:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char unused[3]; /**< reserved */ data/libdssialsacompat-1.0.8a/alsa/seq_event.h:388:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char raw8[8]; /**< raw 8-bit */ data/libdssialsacompat-1.0.8a/alsa/seq_event.h:414:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char unused[3]; /**< reserved */ data/libdssialsacompat-1.0.8a/alsa/seq_event.h:421:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char d8[8]; /**< any data */ data/libdssialsacompat-1.0.8a/dssi_alsa_compat.c:511:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, ev->data.ext.ptr, qlen); data/libdssialsacompat-1.0.8a/dssi_alsa_compat.c:514:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char xbuf[4]; data/libdssialsacompat-1.0.8a/dssi_alsa_compat.c:529:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, xbuf, qlen); data/libdssialsacompat-1.0.8a/dssi_alsa_compat.c:613:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cbytes_nrpn[4] = { MIDI_CTL_NONREG_PARM_NUM_MSB, data/libdssialsacompat-1.0.8a/dssi_alsa_compat.c:617:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cbytes_rpn[4] = { MIDI_CTL_REGIST_PARM_NUM_MSB, data/libdssialsacompat-1.0.8a/dssi_alsa_compat.c:621:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bytes[4]; data/libdssialsacompat-1.0.8a/dssi_alsa_compat.c:98:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t read; /* chars read */ data/libdssialsacompat-1.0.8a/dssi_alsa_compat.c:406:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dev->read >= dev->bufsize) { data/libdssialsacompat-1.0.8a/dssi_alsa_compat.c:410:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ev->data.ext.len = dev->read; ANALYSIS SUMMARY: Hits = 15 Lines analyzed = 1581 in approximately 0.07 seconds (22375 lines/second) Physical Source Lines of Code (SLOC) = 892 Hits@level = [0] 0 [1] 3 [2] 12 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 15 [1+] 15 [2+] 12 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 16.8161 [1+] 16.8161 [2+] 13.4529 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.