Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libfishsound-1.0.0/symbian/config.h
Examining data/libfishsound-1.0.0/win32/config.h
Examining data/libfishsound-1.0.0/include/fishsound/fishsound.h
Examining data/libfishsound-1.0.0/include/fishsound/decode.h
Examining data/libfishsound-1.0.0/include/fishsound/encode.h
Examining data/libfishsound-1.0.0/include/fishsound/comments.h
Examining data/libfishsound-1.0.0/include/fishsound/constants.h
Examining data/libfishsound-1.0.0/include/fishsound/deprecated.h
Examining data/libfishsound-1.0.0/src/libfishsound/debug.h
Examining data/libfishsound-1.0.0/src/libfishsound/private.h
Examining data/libfishsound-1.0.0/src/libfishsound/convert.h
Examining data/libfishsound-1.0.0/src/libfishsound/fs_compat.h
Examining data/libfishsound-1.0.0/src/libfishsound/fs_vector.h
Examining data/libfishsound-1.0.0/src/libfishsound/fishsound.c
Examining data/libfishsound-1.0.0/src/libfishsound/decode.c
Examining data/libfishsound-1.0.0/src/libfishsound/encode.c
Examining data/libfishsound-1.0.0/src/libfishsound/comments.c
Examining data/libfishsound-1.0.0/src/libfishsound/speex.c
Examining data/libfishsound-1.0.0/src/libfishsound/vorbis.c
Examining data/libfishsound-1.0.0/src/libfishsound/fs_vector.c
Examining data/libfishsound-1.0.0/src/libfishsound/flac.c
Examining data/libfishsound-1.0.0/src/examples/fishsound-decenc.c
Examining data/libfishsound-1.0.0/src/examples/fishsound-decode.c
Examining data/libfishsound-1.0.0/src/examples/fishsound-encdec.c
Examining data/libfishsound-1.0.0/src/examples/fishsound-encode.c
Examining data/libfishsound-1.0.0/src/examples/fishsound-identify.c
Examining data/libfishsound-1.0.0/src/examples/fishsound-info.c
Examining data/libfishsound-1.0.0/src/tests/fs_tests.h
Examining data/libfishsound-1.0.0/src/tests/comment-test.c
Examining data/libfishsound-1.0.0/src/tests/encdec-audio.c
Examining data/libfishsound-1.0.0/src/tests/encdec-comments.c
Examining data/libfishsound-1.0.0/src/tests/noop.c
FINAL RESULTS:
data/libfishsound-1.0.0/src/libfishsound/comments.c:71:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy (ret, s);
data/libfishsound-1.0.0/src/libfishsound/debug.h:66:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf (buf+n, DEBUG_MAXLINE-n, fmt, ap);
data/libfishsound-1.0.0/src/libfishsound/flac.c:492:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)entry, comment->name);
data/libfishsound-1.0.0/src/libfishsound/flac.c:496:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)&entry[name_len+1], comment->value);
data/libfishsound-1.0.0/src/libfishsound/fs_compat.h:40:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libfishsound-1.0.0/src/libfishsound/fs_compat.h:40:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libfishsound-1.0.0/src/libfishsound/speex.c:420:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (vendor_string, 128, VENDOR_FORMAT, header.speex_version);
data/libfishsound-1.0.0/src/libfishsound/comments.c:619:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (c, fsound->vendor, MIN (field_length, remaining));
data/libfishsound-1.0.0/src/libfishsound/comments.c:642:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (c, comment->name, MIN (field_length, remaining));
data/libfishsound-1.0.0/src/libfishsound/comments.c:653:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (c, comment->value, MIN (field_length, remaining));
data/libfishsound-1.0.0/src/libfishsound/debug.h:54:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[DEBUG_MAXLINE];
data/libfishsound-1.0.0/src/libfishsound/fishsound.c:189:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (fsinfo, &fsound->info, sizeof (FishSoundInfo));
data/libfishsound-1.0.0/src/libfishsound/flac.c:130:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, fi->buffer, fi->bufferlength);
data/libfishsound-1.0.0/src/libfishsound/flac.c:291:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fi->buffer, buf+9, bytes-9);
data/libfishsound-1.0.0/src/libfishsound/flac.c:316:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, fi->buffer, fi->bufferlength);
data/libfishsound-1.0.0/src/libfishsound/flac.c:317:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp+fi->bufferlength, buf, bytes);
data/libfishsound-1.0.0/src/libfishsound/flac.c:389:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (fi->buffer+9, buffer, bytes); /* fLaC header ++ STREAMINFO */
data/libfishsound-1.0.0/src/libfishsound/flac.c:402:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tmp, fi->buffer, fi->bufferlength);
data/libfishsound-1.0.0/src/libfishsound/flac.c:403:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tmp+fi->bufferlength, buffer, bytes);
data/libfishsound-1.0.0/src/libfishsound/flac.c:536:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
comments[i].length = strlen((char *)comments[i].entry);
data/libfishsound-1.0.0/src/libfishsound/speex.c:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbits[MAX_FRAME_BYTES];
data/libfishsound-1.0.0/src/libfishsound/speex.c:411:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor_string[128];
data/libfishsound-1.0.0/src/libfishsound/speex.c:729:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&fss->stereo, &stereo_init, sizeof (SpeexStereoState));
data/libfishsound-1.0.0/src/libfishsound/vorbis.c:363:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (vpcm[i], pcm[i], sizeof (float) * len);
data/libfishsound-1.0.0/src/tests/encdec-audio.c:206:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[128];
data/libfishsound-1.0.0/src/tests/encdec-audio.c:282:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iter = atoi (argv[i]);
data/libfishsound-1.0.0/src/libfishsound/comments.c:60:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (s);
data/libfishsound-1.0.0/src/libfishsound/comments.c:83:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strncpy (ret, s, len) == NULL) {
data/libfishsound-1.0.0/src/libfishsound/debug.h:63:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (buf);
data/libfishsound-1.0.0/src/libfishsound/debug.h:67:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (buf);
data/libfishsound-1.0.0/src/libfishsound/flac.c:479:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(comment->name);
data/libfishsound-1.0.0/src/libfishsound/flac.c:483:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value_len = strlen (comment->value);
data/libfishsound-1.0.0/src/libfishsound/flac.c:536:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
comments[i].length = strlen((char *)comments[i].entry);
ANALYSIS SUMMARY:
Hits = 33
Lines analyzed = 7483 in approximately 0.25 seconds (29937 lines/second)
Physical Source Lines of Code (SLOC) = 4106
Hits@level = [0] 77 [1] 7 [2] 19 [3] 0 [4] 7 [5] 0
Hits@level+ = [0+] 110 [1+] 33 [2+] 26 [3+] 7 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 26.7901 [1+] 8.03702 [2+] 6.3322 [3+] 1.70482 [4+] 1.70482 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.