Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libfec-1.0+20161003/ccsds.h
Examining data/libfec-1.0+20161003/char.h
Examining data/libfec-1.0+20161003/cpu_mode_ppc.c
Examining data/libfec-1.0+20161003/cpu_mode_unknown.c
Examining data/libfec-1.0+20161003/cpu_mode_x86.c
Examining data/libfec-1.0+20161003/decode_rs.c
Examining data/libfec-1.0+20161003/decode_rs.h
Examining data/libfec-1.0+20161003/decode_rs_8.c
Examining data/libfec-1.0+20161003/decode_rs_ccsds.c
Examining data/libfec-1.0+20161003/decode_rs_char.c
Examining data/libfec-1.0+20161003/decode_rs_int.c
Examining data/libfec-1.0+20161003/dotprod.c
Examining data/libfec-1.0+20161003/dotprod.h
Examining data/libfec-1.0+20161003/dotprod_av.c
Examining data/libfec-1.0+20161003/dotprod_mmx.c
Examining data/libfec-1.0+20161003/dotprod_port.c
Examining data/libfec-1.0+20161003/dotprod_sse2.c
Examining data/libfec-1.0+20161003/dtest.c
Examining data/libfec-1.0+20161003/encode_rs.c
Examining data/libfec-1.0+20161003/encode_rs.h
Examining data/libfec-1.0+20161003/encode_rs_8.c
Examining data/libfec-1.0+20161003/encode_rs_av.c
Examining data/libfec-1.0+20161003/encode_rs_ccsds.c
Examining data/libfec-1.0+20161003/encode_rs_char.c
Examining data/libfec-1.0+20161003/encode_rs_int.c
Examining data/libfec-1.0+20161003/exercise.c
Examining data/libfec-1.0+20161003/fec.c
Examining data/libfec-1.0+20161003/fec.h
Examining data/libfec-1.0+20161003/fixed.h
Examining data/libfec-1.0+20161003/gen_ccsds.c
Examining data/libfec-1.0+20161003/gen_ccsds_tal.c
Examining data/libfec-1.0+20161003/init_rs.c
Examining data/libfec-1.0+20161003/init_rs.h
Examining data/libfec-1.0+20161003/init_rs_char.c
Examining data/libfec-1.0+20161003/init_rs_char_local.c
Examining data/libfec-1.0+20161003/init_rs_int.c
Examining data/libfec-1.0+20161003/int.h
Examining data/libfec-1.0+20161003/peaktest.c
Examining data/libfec-1.0+20161003/peakval.c
Examining data/libfec-1.0+20161003/peakval_av.c
Examining data/libfec-1.0+20161003/peakval_mmx.c
Examining data/libfec-1.0+20161003/peakval_port.c
Examining data/libfec-1.0+20161003/peakval_sse.c
Examining data/libfec-1.0+20161003/peakval_sse2.c
Examining data/libfec-1.0+20161003/rs-common.h
Examining data/libfec-1.0+20161003/rs_speedtest.c
Examining data/libfec-1.0+20161003/rstest.c
Examining data/libfec-1.0+20161003/sim.c
Examining data/libfec-1.0+20161003/sqtest.c
Examining data/libfec-1.0+20161003/sumsq.c
Examining data/libfec-1.0+20161003/sumsq_av.c
Examining data/libfec-1.0+20161003/sumsq_mmx.c
Examining data/libfec-1.0+20161003/sumsq_port.c
Examining data/libfec-1.0+20161003/sumsq_sse2.c
Examining data/libfec-1.0+20161003/sumsq_test.c
Examining data/libfec-1.0+20161003/viterbi27.c
Examining data/libfec-1.0+20161003/viterbi27_av.c
Examining data/libfec-1.0+20161003/viterbi27_mmx.c
Examining data/libfec-1.0+20161003/viterbi27_port.c
Examining data/libfec-1.0+20161003/viterbi27_sse.c
Examining data/libfec-1.0+20161003/viterbi27_sse2.c
Examining data/libfec-1.0+20161003/viterbi29.c
Examining data/libfec-1.0+20161003/viterbi29_av.c
Examining data/libfec-1.0+20161003/viterbi29_mmx.c
Examining data/libfec-1.0+20161003/viterbi29_port.c
Examining data/libfec-1.0+20161003/viterbi29_sse.c
Examining data/libfec-1.0+20161003/viterbi29_sse2.c
Examining data/libfec-1.0+20161003/viterbi39.c
Examining data/libfec-1.0+20161003/viterbi39_av.c
Examining data/libfec-1.0+20161003/viterbi39_mmx.c
Examining data/libfec-1.0+20161003/viterbi39_port.c
Examining data/libfec-1.0+20161003/viterbi39_sse.c
Examining data/libfec-1.0+20161003/viterbi39_sse2.c
Examining data/libfec-1.0+20161003/viterbi615.c
Examining data/libfec-1.0+20161003/viterbi615_av.c
Examining data/libfec-1.0+20161003/viterbi615_mmx.c
Examining data/libfec-1.0+20161003/viterbi615_port.c
Examining data/libfec-1.0+20161003/viterbi615_sse.c
Examining data/libfec-1.0+20161003/viterbi615_sse2.c
Examining data/libfec-1.0+20161003/vtest27.c
Examining data/libfec-1.0+20161003/vtest29.c
Examining data/libfec-1.0+20161003/vtest39.c
Examining data/libfec-1.0+20161003/vtest615.c
FINAL RESULTS:
data/libfec-1.0+20161003/dtest.c:32:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((d = getopt_long(argc,argv,"apmstn:",Options,NULL)) != EOF){
data/libfec-1.0+20161003/dtest.c:34:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((d = getopt(argc,argv,"apmstn:")) != EOF){
data/libfec-1.0+20161003/dtest.c:87:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
input[i] = random();
data/libfec-1.0+20161003/dtest.c:89:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
offset = random() & 511;
data/libfec-1.0+20161003/exercise.c:61:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
block[i] = random() & NN;
data/libfec-1.0+20161003/exercise.c:76:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
errval = random() & NN;
data/libfec-1.0+20161003/exercise.c:80:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
errloc = random() % NN;
data/libfec-1.0+20161003/exercise.c:86:5: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if(random() & 1) /* 50-50 chance */
data/libfec-1.0+20161003/peaktest.c:20:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(time(NULL));
data/libfec-1.0+20161003/peaktest.c:24:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
s = random() & 0x0fff;
data/libfec-1.0+20161003/rstest.c:49:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(time(NULL));
data/libfec-1.0+20161003/rstest.c:87:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
block[i] = random() & nn;
data/libfec-1.0+20161003/rstest.c:98:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
errval = random() & nn;
data/libfec-1.0+20161003/rstest.c:102:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
errloc = random() % nn;
data/libfec-1.0+20161003/rstest.c:108:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if(random() & 1) /* 50-50 chance */
data/libfec-1.0+20161003/rstest.c:167:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
block[i] = random() & nn;
data/libfec-1.0+20161003/rstest.c:178:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
errval = random() & nn;
data/libfec-1.0+20161003/rstest.c:182:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
errloc = random() % nn;
data/libfec-1.0+20161003/rstest.c:188:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if(random() & 1) /* 50-50 chance */
data/libfec-1.0+20161003/rstest.c:245:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
block[i] = random() & nn;
data/libfec-1.0+20161003/rstest.c:256:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
errval = random() & nn;
data/libfec-1.0+20161003/rstest.c:260:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
errloc = random() % nn;
data/libfec-1.0+20161003/rstest.c:266:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if(random() & 1) /* 50-50 chance */
data/libfec-1.0+20161003/sim.c:23:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
v1 = 2.0 * (double)random() / MAX_RANDOM - 1;
data/libfec-1.0+20161003/sim.c:24:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
v2 = 2.0 * (double)random() / MAX_RANDOM - 1;
data/libfec-1.0+20161003/sqtest.c:18:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(time(NULL));
data/libfec-1.0+20161003/sqtest.c:21:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
samples[i] = random() & 0xffff;
data/libfec-1.0+20161003/sumsq_test.c:37:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(t);
data/libfec-1.0+20161003/sumsq_test.c:40:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((d = getopt_long(argc,argv,"vapmstl:n:T",Options,NULL)) != EOF){
data/libfec-1.0+20161003/sumsq_test.c:42:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((d = getopt(argc,argv,"vapmstl:n:T")) != EOF){
data/libfec-1.0+20161003/sumsq_test.c:84:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
offset = random() & 7;
data/libfec-1.0+20161003/sumsq_test.c:85:17: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
length = (random() % bufsize) - offset;
data/libfec-1.0+20161003/sumsq_test.c:89:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
buf[i] = random();
data/libfec-1.0+20161003/vtest27.c:55:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(t);
data/libfec-1.0+20161003/vtest27.c:58:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((d = getopt_long(argc,argv,"l:n:te:g:vapmst",Options,NULL)) != EOF){
data/libfec-1.0+20161003/vtest27.c:60:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((d = getopt(argc,argv,"l:n:te:g:vapmst")) != EOF){
data/libfec-1.0+20161003/vtest27.c:116:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int bit = (i < framebits) ? (random() & 1) : 0;
data/libfec-1.0+20161003/vtest29.c:55:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(t);
data/libfec-1.0+20161003/vtest29.c:58:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((d = getopt_long(argc,argv,"l:n:te:g:vapmst",Options,NULL)) != EOF){
data/libfec-1.0+20161003/vtest29.c:60:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((d = getopt(argc,argv,"l:n:te:g:vapmst")) != EOF){
data/libfec-1.0+20161003/vtest29.c:116:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int bit = (i < framebits) ? (random() & 1) : 0;
data/libfec-1.0+20161003/vtest39.c:55:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(t);
data/libfec-1.0+20161003/vtest39.c:58:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((d = getopt_long(argc,argv,"l:n:te:g:vapmst",Options,NULL)) != EOF){
data/libfec-1.0+20161003/vtest39.c:60:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((d = getopt(argc,argv,"l:n:te:g:vapmst")) != EOF){
data/libfec-1.0+20161003/vtest39.c:116:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int bit = (i < framebits) ? (random() & 1) : 0;
data/libfec-1.0+20161003/vtest615.c:57:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(t);
data/libfec-1.0+20161003/vtest615.c:60:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((d = getopt_long(argc,argv,"l:n:te:g:vapmst",Options,NULL)) != EOF){
data/libfec-1.0+20161003/vtest615.c:62:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((d = getopt(argc,argv,"l:n:te:g:vapmst")) != EOF){
data/libfec-1.0+20161003/vtest615.c:118:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int bit = (i < framebits) ? (random() & 1) : 0;
data/libfec-1.0+20161003/decode_rs.c:168:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lambda,t,(NROOTS+1)*sizeof(t[0]));
data/libfec-1.0+20161003/decode_rs.c:180:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(®[1],&lambda[1],NROOTS*sizeof(reg[0]));
data/libfec-1.0+20161003/decode_rs.h:204:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lambda,t,(NROOTS+1)*sizeof(t[0]));
data/libfec-1.0+20161003/decode_rs.h:216:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(®[1],&lambda[1],NROOTS*sizeof(reg[0]));
data/libfec-1.0+20161003/dtest.c:53:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trials = atoi(optarg);
data/libfec-1.0+20161003/encode_rs_8.c:77:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern static union { vector unsigned char v; unsigned char c[16]; } table[256];
data/libfec-1.0+20161003/encode_rs_8.c:80:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { vector unsigned char v[2]; unsigned char c[32]; } shift_register;
data/libfec-1.0+20161003/encode_rs_8.c:80:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { vector unsigned char v[2]; unsigned char c[32]; } shift_register;
data/libfec-1.0+20161003/encode_rs_av.c:13:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static union { vector unsigned char v; unsigned char c[16]; } table[256];
data/libfec-1.0+20161003/encode_rs_av.c:40:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { vector unsigned char v[2]; unsigned char c[32]; } shift_register;
data/libfec-1.0+20161003/encode_rs_av.c:40:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { vector unsigned char v[2]; unsigned char c[32]; } shift_register;
data/libfec-1.0+20161003/fec.c:8:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Partab[256];
data/libfec-1.0+20161003/fec.h:274:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char Partab[256];
data/libfec-1.0+20161003/gen_ccsds_tal.c:16:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define DTYPE unsigned char
data/libfec-1.0+20161003/peakval_av.c:14:84: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { vector signed char cv; vector signed short hv; signed short s[8]; signed char c[16];} s;
data/libfec-1.0+20161003/rs_speedtest.c:10:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[255];
data/libfec-1.0+20161003/rstest.c:69:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[nn],tblock[nn];
data/libfec-1.0+20161003/rstest.c:88:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tblock,block,sizeof(block));
data/libfec-1.0+20161003/rstest.c:92:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tblock,block,sizeof(block));
data/libfec-1.0+20161003/rstest.c:141:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[nn],tblock[nn];
data/libfec-1.0+20161003/rstest.c:168:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tblock,block,sizeof(block));
data/libfec-1.0+20161003/rstest.c:172:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tblock,block,sizeof(block));
data/libfec-1.0+20161003/rstest.c:246:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tblock,block,sizeof(block));
data/libfec-1.0+20161003/rstest.c:250:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tblock,block,sizeof(block));
data/libfec-1.0+20161003/sumsq_av.c:18:88: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { vector unsigned char cv; vector unsigned int iv; unsigned int w[4]; unsigned char c[16];} s;
data/libfec-1.0+20161003/sumsq_test.c:61:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bufsize = atoi(optarg);
data/libfec-1.0+20161003/sumsq_test.c:64:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trials = atoi(optarg);
data/libfec-1.0+20161003/viterbi27_av.c:9:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { long long p; unsigned char c[64]; vector bool char v[4]; } decision_t;
data/libfec-1.0+20161003/viterbi27_av.c:9:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { long long p; unsigned char c[64]; vector bool char v[4]; } decision_t;
data/libfec-1.0+20161003/viterbi27_av.c:10:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { long long p; unsigned char c[64]; vector unsigned char v[4]; } metric_t;
data/libfec-1.0+20161003/viterbi27_av.c:10:67: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { long long p; unsigned char c[64]; vector unsigned char v[4]; } metric_t;
data/libfec-1.0+20161003/viterbi27_av.c:12:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static union branchtab27 { unsigned char c[32]; vector unsigned char v[2];} Branchtab27[2];
data/libfec-1.0+20161003/viterbi27_av.c:12:65: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static union branchtab27 { unsigned char c[32]; vector unsigned char v[2];} Branchtab27[2];
data/libfec-1.0+20161003/viterbi27_mmx.c:10:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { char c[64]; __m64 v[8];} decision_t;
data/libfec-1.0+20161003/viterbi27_mmx.c:11:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { unsigned char c[64]; __m64 v[8];} metric_t;
data/libfec-1.0+20161003/viterbi27_mmx.c:13:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Mettab27_1[256][32] __attribute__ ((aligned(16)));
data/libfec-1.0+20161003/viterbi27_mmx.c:14:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Mettab27_2[256][32] __attribute__ ((aligned(16)));
data/libfec-1.0+20161003/viterbi27_port.c:14:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static union branchtab27 { unsigned char c[32]; } Branchtab27[2] __attribute__ ((aligned(16)));
data/libfec-1.0+20161003/viterbi27_sse.c:10:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { unsigned char c[64]; } metric_t;
data/libfec-1.0+20161003/viterbi27_sse.c:11:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { unsigned long w[2]; unsigned char c[8]; __m64 v[1];} decision_t;
data/libfec-1.0+20161003/viterbi27_sse.c:12:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union branchtab27 { unsigned char c[32]; __m64 v[4];} Branchtab27_sse[2];
data/libfec-1.0+20161003/viterbi27_sse2.c:10:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { unsigned char c[64]; __m128i v[4]; } metric_t;
data/libfec-1.0+20161003/viterbi27_sse2.c:11:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { unsigned long w[2]; unsigned char c[8]; unsigned short s[4]; __m64 v[1];} decision_t;
data/libfec-1.0+20161003/viterbi27_sse2.c:12:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union branchtab27 { unsigned char c[32]; __m128i v[2];} Branchtab27_sse2[2];
data/libfec-1.0+20161003/viterbi29_av.c:11:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { unsigned char c[256]; vector bool char v[16]; } decision_t;
data/libfec-1.0+20161003/viterbi29_av.c:11:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { unsigned char c[256]; vector bool char v[16]; } decision_t;
data/libfec-1.0+20161003/viterbi29_av.c:12:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { unsigned char c[256]; vector unsigned char v[16]; } metric_t;
data/libfec-1.0+20161003/viterbi29_av.c:12:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { unsigned char c[256]; vector unsigned char v[16]; } metric_t;
data/libfec-1.0+20161003/viterbi29_av.c:14:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static union branchtab29 { unsigned char c[128]; vector unsigned char v[8]; } Branchtab29[2];
data/libfec-1.0+20161003/viterbi29_av.c:14:66: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static union branchtab29 { unsigned char c[128]; vector unsigned char v[8]; } Branchtab29[2];
data/libfec-1.0+20161003/viterbi29_mmx.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { char c[256]; __m64 v[32];} decision_t;
data/libfec-1.0+20161003/viterbi29_mmx.c:12:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { unsigned char c[256]; __m64 v[32];} metric_t;
data/libfec-1.0+20161003/viterbi29_mmx.c:14:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Mettab29_1[256][128] __attribute__ ((aligned(8)));
data/libfec-1.0+20161003/viterbi29_mmx.c:15:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Mettab29_2[256][128] __attribute__ ((aligned(8)));
data/libfec-1.0+20161003/viterbi29_port.c:13:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static union { unsigned char c[128]; } Branchtab29[2];
data/libfec-1.0+20161003/viterbi29_sse.c:11:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { unsigned char w[256]; __m64 v[32];} metric_t;
data/libfec-1.0+20161003/viterbi29_sse.c:12:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { unsigned long w[8]; unsigned char c[32]; __m64 v[4];} decision_t;
data/libfec-1.0+20161003/viterbi29_sse.c:14:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union branchtab29 { unsigned char c[128]; } Branchtab29_sse[2];
data/libfec-1.0+20161003/viterbi29_sse2.c:11:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { unsigned char c[256]; __m128i v[16];} metric_t;
data/libfec-1.0+20161003/viterbi29_sse2.c:12:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { unsigned long w[8]; unsigned char c[32];} decision_t;
data/libfec-1.0+20161003/viterbi29_sse2.c:14:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union branchtab29 { unsigned char c[128]; } Branchtab29_sse2[2];
data/libfec-1.0+20161003/viterbi39_av.c:12:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { unsigned char c[2][16]; vector unsigned char v[2]; } decision_t;
data/libfec-1.0+20161003/viterbi39_av.c:12:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { unsigned char c[2][16]; vector unsigned char v[2]; } decision_t;
data/libfec-1.0+20161003/viterbi39_mmx.c:11:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { unsigned char c[256]; __m64 v[32];} decision_t;
data/libfec-1.0+20161003/viterbi39_port.c:13:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static union { unsigned char c[128]; } Branchtab39[3];
data/libfec-1.0+20161003/viterbi39_sse.c:12:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { unsigned long w[8]; unsigned char c[32];} decision_t;
data/libfec-1.0+20161003/viterbi615_av.c:12:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { unsigned char c[128][16]; vector unsigned char v[128]; } decision_t;
data/libfec-1.0+20161003/viterbi615_av.c:12:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { unsigned char c[128][16]; vector unsigned char v[128]; } decision_t;
data/libfec-1.0+20161003/viterbi615_mmx.c:11:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { unsigned char c[16384]; __m64 v[2048];} decision_t;
data/libfec-1.0+20161003/viterbi615_port.c:11:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { unsigned long w[512]; unsigned char c[2048];} decision_t;
data/libfec-1.0+20161003/viterbi615_sse.c:12:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { unsigned long w[512]; unsigned char c[2048];} decision_t;
data/libfec-1.0+20161003/vtest27.c:42:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bits[MAXBYTES];
data/libfec-1.0+20161003/vtest27.c:43:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[MAXBYTES];
data/libfec-1.0+20161003/vtest27.c:44:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char xordata[MAXBYTES];
data/libfec-1.0+20161003/vtest27.c:45:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char symbols[8*2*(MAXBYTES+6)];
data/libfec-1.0+20161003/vtest27.c:79:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
framebits = atoi(optarg);
data/libfec-1.0+20161003/vtest27.c:82:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trials = atoi(optarg);
data/libfec-1.0+20161003/vtest29.c:42:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bits[MAXBYTES];
data/libfec-1.0+20161003/vtest29.c:43:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[MAXBYTES];
data/libfec-1.0+20161003/vtest29.c:44:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char xordata[MAXBYTES];
data/libfec-1.0+20161003/vtest29.c:45:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char symbols[8*2*(MAXBYTES+8)];
data/libfec-1.0+20161003/vtest29.c:79:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
framebits = atoi(optarg);
data/libfec-1.0+20161003/vtest29.c:82:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trials = atoi(optarg);
data/libfec-1.0+20161003/vtest39.c:42:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bits[MAXBYTES];
data/libfec-1.0+20161003/vtest39.c:43:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[MAXBYTES];
data/libfec-1.0+20161003/vtest39.c:44:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char xordata[MAXBYTES];
data/libfec-1.0+20161003/vtest39.c:45:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char symbols[8*3*(MAXBYTES+8)];
data/libfec-1.0+20161003/vtest39.c:79:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
framebits = atoi(optarg);
data/libfec-1.0+20161003/vtest39.c:82:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trials = atoi(optarg);
data/libfec-1.0+20161003/vtest615.c:44:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bits[MAXBYTES];
data/libfec-1.0+20161003/vtest615.c:45:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[MAXBYTES];
data/libfec-1.0+20161003/vtest615.c:46:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char xordata[MAXBYTES];
data/libfec-1.0+20161003/vtest615.c:47:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char symbols[8*6*(MAXBYTES+14)];
data/libfec-1.0+20161003/vtest615.c:81:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
framebits = atoi(optarg);
data/libfec-1.0+20161003/vtest615.c:84:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trials = atoi(optarg);
ANALYSIS SUMMARY:
Hits = 144
Lines analyzed = 8466 in approximately 0.36 seconds (23597 lines/second)
Physical Source Lines of Code (SLOC) = 6105
Hits@level = [0] 124 [1] 0 [2] 95 [3] 49 [4] 0 [5] 0
Hits@level+ = [0+] 268 [1+] 144 [2+] 144 [3+] 49 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 43.8984 [1+] 23.5872 [2+] 23.5872 [3+] 8.02621 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.