Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libdssialsacompat-1.0.8a/alsa/asoundef.h
Examining data/libdssialsacompat-1.0.8a/alsa/asoundlib.h
Examining data/libdssialsacompat-1.0.8a/alsa/seq.h
Examining data/libdssialsacompat-1.0.8a/alsa/seq_event.h
Examining data/libdssialsacompat-1.0.8a/alsa/seq_midi_event.h
Examining data/libdssialsacompat-1.0.8a/alsa/sound/asequencer.h
Examining data/libdssialsacompat-1.0.8a/dssi_alsa_compat.c
FINAL RESULTS:
data/libdssialsacompat-1.0.8a/alsa/seq_event.h:305:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char unused[3]; /**< reserved */
data/libdssialsacompat-1.0.8a/alsa/seq_event.h:312:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char d[12]; /**< 8 bit value */
data/libdssialsacompat-1.0.8a/alsa/seq_event.h:379:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char unused[3]; /**< reserved */
data/libdssialsacompat-1.0.8a/alsa/seq_event.h:388:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char raw8[8]; /**< raw 8-bit */
data/libdssialsacompat-1.0.8a/alsa/seq_event.h:414:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char unused[3]; /**< reserved */
data/libdssialsacompat-1.0.8a/alsa/seq_event.h:421:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char d8[8]; /**< any data */
data/libdssialsacompat-1.0.8a/dssi_alsa_compat.c:511:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ev->data.ext.ptr, qlen);
data/libdssialsacompat-1.0.8a/dssi_alsa_compat.c:514:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char xbuf[4];
data/libdssialsacompat-1.0.8a/dssi_alsa_compat.c:529:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, xbuf, qlen);
data/libdssialsacompat-1.0.8a/dssi_alsa_compat.c:613:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cbytes_nrpn[4] = { MIDI_CTL_NONREG_PARM_NUM_MSB,
data/libdssialsacompat-1.0.8a/dssi_alsa_compat.c:617:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cbytes_rpn[4] = { MIDI_CTL_REGIST_PARM_NUM_MSB,
data/libdssialsacompat-1.0.8a/dssi_alsa_compat.c:621:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[4];
data/libdssialsacompat-1.0.8a/dssi_alsa_compat.c:98:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t read; /* chars read */
data/libdssialsacompat-1.0.8a/dssi_alsa_compat.c:406:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dev->read >= dev->bufsize) {
data/libdssialsacompat-1.0.8a/dssi_alsa_compat.c:410:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ev->data.ext.len = dev->read;
ANALYSIS SUMMARY:
Hits = 15
Lines analyzed = 1581 in approximately 0.07 seconds (22375 lines/second)
Physical Source Lines of Code (SLOC) = 892
Hits@level = [0] 0 [1] 3 [2] 12 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 15 [1+] 15 [2+] 12 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 16.8161 [1+] 16.8161 [2+] 13.4529 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.