Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libfishsound-1.0.0/symbian/config.h Examining data/libfishsound-1.0.0/win32/config.h Examining data/libfishsound-1.0.0/include/fishsound/fishsound.h Examining data/libfishsound-1.0.0/include/fishsound/decode.h Examining data/libfishsound-1.0.0/include/fishsound/encode.h Examining data/libfishsound-1.0.0/include/fishsound/comments.h Examining data/libfishsound-1.0.0/include/fishsound/constants.h Examining data/libfishsound-1.0.0/include/fishsound/deprecated.h Examining data/libfishsound-1.0.0/src/libfishsound/debug.h Examining data/libfishsound-1.0.0/src/libfishsound/private.h Examining data/libfishsound-1.0.0/src/libfishsound/convert.h Examining data/libfishsound-1.0.0/src/libfishsound/fs_compat.h Examining data/libfishsound-1.0.0/src/libfishsound/fs_vector.h Examining data/libfishsound-1.0.0/src/libfishsound/fishsound.c Examining data/libfishsound-1.0.0/src/libfishsound/decode.c Examining data/libfishsound-1.0.0/src/libfishsound/encode.c Examining data/libfishsound-1.0.0/src/libfishsound/comments.c Examining data/libfishsound-1.0.0/src/libfishsound/speex.c Examining data/libfishsound-1.0.0/src/libfishsound/vorbis.c Examining data/libfishsound-1.0.0/src/libfishsound/fs_vector.c Examining data/libfishsound-1.0.0/src/libfishsound/flac.c Examining data/libfishsound-1.0.0/src/examples/fishsound-decenc.c Examining data/libfishsound-1.0.0/src/examples/fishsound-decode.c Examining data/libfishsound-1.0.0/src/examples/fishsound-encdec.c Examining data/libfishsound-1.0.0/src/examples/fishsound-encode.c Examining data/libfishsound-1.0.0/src/examples/fishsound-identify.c Examining data/libfishsound-1.0.0/src/examples/fishsound-info.c Examining data/libfishsound-1.0.0/src/tests/fs_tests.h Examining data/libfishsound-1.0.0/src/tests/comment-test.c Examining data/libfishsound-1.0.0/src/tests/encdec-audio.c Examining data/libfishsound-1.0.0/src/tests/encdec-comments.c Examining data/libfishsound-1.0.0/src/tests/noop.c FINAL RESULTS: data/libfishsound-1.0.0/src/libfishsound/comments.c:71:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return strcpy (ret, s); data/libfishsound-1.0.0/src/libfishsound/debug.h:66:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf (buf+n, DEBUG_MAXLINE-n, fmt, ap); data/libfishsound-1.0.0/src/libfishsound/flac.c:492:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ((char *)entry, comment->name); data/libfishsound-1.0.0/src/libfishsound/flac.c:496:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ((char *)&entry[name_len+1], comment->value); data/libfishsound-1.0.0/src/libfishsound/fs_compat.h:40:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/libfishsound-1.0.0/src/libfishsound/fs_compat.h:40:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/libfishsound-1.0.0/src/libfishsound/speex.c:420:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf (vendor_string, 128, VENDOR_FORMAT, header.speex_version); data/libfishsound-1.0.0/src/libfishsound/comments.c:619:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (c, fsound->vendor, MIN (field_length, remaining)); data/libfishsound-1.0.0/src/libfishsound/comments.c:642:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (c, comment->name, MIN (field_length, remaining)); data/libfishsound-1.0.0/src/libfishsound/comments.c:653:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (c, comment->value, MIN (field_length, remaining)); data/libfishsound-1.0.0/src/libfishsound/debug.h:54:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[DEBUG_MAXLINE]; data/libfishsound-1.0.0/src/libfishsound/fishsound.c:189:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (fsinfo, &fsound->info, sizeof (FishSoundInfo)); data/libfishsound-1.0.0/src/libfishsound/flac.c:130:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, fi->buffer, fi->bufferlength); data/libfishsound-1.0.0/src/libfishsound/flac.c:291:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fi->buffer, buf+9, bytes-9); data/libfishsound-1.0.0/src/libfishsound/flac.c:316:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, fi->buffer, fi->bufferlength); data/libfishsound-1.0.0/src/libfishsound/flac.c:317:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp+fi->bufferlength, buf, bytes); data/libfishsound-1.0.0/src/libfishsound/flac.c:389:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (fi->buffer+9, buffer, bytes); /* fLaC header ++ STREAMINFO */ data/libfishsound-1.0.0/src/libfishsound/flac.c:402:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (tmp, fi->buffer, fi->bufferlength); data/libfishsound-1.0.0/src/libfishsound/flac.c:403:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (tmp+fi->bufferlength, buffer, bytes); data/libfishsound-1.0.0/src/libfishsound/flac.c:536:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. comments[i].length = strlen((char *)comments[i].entry); data/libfishsound-1.0.0/src/libfishsound/speex.c:79:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbits[MAX_FRAME_BYTES]; data/libfishsound-1.0.0/src/libfishsound/speex.c:411:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vendor_string[128]; data/libfishsound-1.0.0/src/libfishsound/speex.c:729:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&fss->stereo, &stereo_init, sizeof (SpeexStereoState)); data/libfishsound-1.0.0/src/libfishsound/vorbis.c:363:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (vpcm[i], pcm[i], sizeof (float) * len); data/libfishsound-1.0.0/src/tests/encdec-audio.c:206:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/libfishsound-1.0.0/src/tests/encdec-audio.c:282:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). iter = atoi (argv[i]); data/libfishsound-1.0.0/src/libfishsound/comments.c:60:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (s); data/libfishsound-1.0.0/src/libfishsound/comments.c:83:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (strncpy (ret, s, len) == NULL) { data/libfishsound-1.0.0/src/libfishsound/debug.h:63:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen (buf); data/libfishsound-1.0.0/src/libfishsound/debug.h:67:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen (buf); data/libfishsound-1.0.0/src/libfishsound/flac.c:479:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_len = strlen(comment->name); data/libfishsound-1.0.0/src/libfishsound/flac.c:483:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). value_len = strlen (comment->value); data/libfishsound-1.0.0/src/libfishsound/flac.c:536:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). comments[i].length = strlen((char *)comments[i].entry); ANALYSIS SUMMARY: Hits = 33 Lines analyzed = 7483 in approximately 0.25 seconds (29937 lines/second) Physical Source Lines of Code (SLOC) = 4106 Hits@level = [0] 77 [1] 7 [2] 19 [3] 0 [4] 7 [5] 0 Hits@level+ = [0+] 110 [1+] 33 [2+] 26 [3+] 7 [4+] 7 [5+] 0 Hits/KSLOC@level+ = [0+] 26.7901 [1+] 8.03702 [2+] 6.3322 [3+] 1.70482 [4+] 1.70482 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.