Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libgsm-1.0.18/add-test/add_test.c
Examining data/libgsm-1.0.18/inc/config.h
Examining data/libgsm-1.0.18/inc/proto.h
Examining data/libgsm-1.0.18/inc/unproto.h
Examining data/libgsm-1.0.18/inc/private.h
Examining data/libgsm-1.0.18/inc/gsm.h
Examining data/libgsm-1.0.18/inc/toast.h
Examining data/libgsm-1.0.18/src/decode.c
Examining data/libgsm-1.0.18/src/gsm_create.c
Examining data/libgsm-1.0.18/src/gsm_decode.c
Examining data/libgsm-1.0.18/src/gsm_destroy.c
Examining data/libgsm-1.0.18/src/gsm_encode.c
Examining data/libgsm-1.0.18/src/gsm_print.c
Examining data/libgsm-1.0.18/src/add.c
Examining data/libgsm-1.0.18/src/code.c
Examining data/libgsm-1.0.18/src/debug.c
Examining data/libgsm-1.0.18/src/gsm_explode.c
Examining data/libgsm-1.0.18/src/gsm_implode.c
Examining data/libgsm-1.0.18/src/gsm_option.c
Examining data/libgsm-1.0.18/src/long_term.c
Examining data/libgsm-1.0.18/src/lpc.c
Examining data/libgsm-1.0.18/src/preprocess.c
Examining data/libgsm-1.0.18/src/rpe.c
Examining data/libgsm-1.0.18/src/short_term.c
Examining data/libgsm-1.0.18/src/table.c
Examining data/libgsm-1.0.18/src/toast_alaw.c
Examining data/libgsm-1.0.18/src/toast_audio.c
Examining data/libgsm-1.0.18/src/toast_lin.c
Examining data/libgsm-1.0.18/src/toast_ulaw.c
Examining data/libgsm-1.0.18/src/toast.c
Examining data/libgsm-1.0.18/tls/taste.c
Examining data/libgsm-1.0.18/tls/bitter.c
Examining data/libgsm-1.0.18/tls/ginger.c
Examining data/libgsm-1.0.18/tls/sour.c
Examining data/libgsm-1.0.18/tls/sweet.c
Examining data/libgsm-1.0.18/tls/taste.h
Examining data/libgsm-1.0.18/tst/cod2lin.c
Examining data/libgsm-1.0.18/tst/cod2txt.c
Examining data/libgsm-1.0.18/tst/gsm2cod.c
Examining data/libgsm-1.0.18/tst/lin2cod.c
Examining data/libgsm-1.0.18/tst/lin2txt.c
FINAL RESULTS:
data/libgsm-1.0.18/src/toast.c:330:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (outname && chmod(outname, instat.st_mode & 07777)) {
data/libgsm-1.0.18/src/toast.c:346:8: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
(void)chown(outname, instat.st_uid, instat.st_gid);
data/libgsm-1.0.18/inc/toast.h:74:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
extern char * strcpy P((char *, char *));
data/libgsm-1.0.18/inc/toast.h:75:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
extern char * strcat P((char *, char *));
data/libgsm-1.0.18/src/toast.c:271:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
p = strcpy(emalloc(maxlen), name);
data/libgsm-1.0.18/src/toast.c:273:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if ((s = suffix(p, cut)) != 0) strcpy(s, want);
data/libgsm-1.0.18/src/toast.c:274:38: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
else if (*want && !suffix(p, want)) strcat(p, want);
data/libgsm-1.0.18/src/toast.c:480:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
inname = strcpy(emalloc(strlen(name)+1), name);
data/libgsm-1.0.18/tls/bitter.c:32:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( (bits==8? "%s & 0x%lX;\n" : "(%s & 0x%lX);\n"),
data/libgsm-1.0.18/src/toast.c:759:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(ac, av, "fcdpvhuaslVFC:")) != EOF) switch (opt) {
data/libgsm-1.0.18/tst/cod2lin.c:84:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(ac, av, "vwF")) != EOF) switch (opt) {
data/libgsm-1.0.18/tst/lin2cod.c:85:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(ac, av, "vwF")) != EOF) switch (opt) {
data/libgsm-1.0.18/tst/lin2txt.c:76:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(ac, av, "v")) != EOF) switch (opt) {
data/libgsm-1.0.18/add-test/add_test.c:181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[299];
data/libgsm-1.0.18/add-test/add_test.c:195:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (!(in = fopen(av[1], "r"))) {
data/libgsm-1.0.18/src/add.c:98:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const bitoff[ 256 ] = {
data/libgsm-1.0.18/src/code.c:16:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
extern char * memcpy P((char *, char *, int));
data/libgsm-1.0.18/src/code.c:95:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy( (char *)S->dp0, (char *)(S->dp0 + 160),
data/libgsm-1.0.18/src/toast.c:482:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(in = fopen(inname, READ))) {
data/libgsm-1.0.18/src/toast.c:510:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((outfd = open(o, O_WRITE_EXCL, 0666)) >= 0)
data/libgsm-1.0.18/src/toast.c:513:36: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (ok_to_replace(o)) out = fopen(o, WRITE);
data/libgsm-1.0.18/tls/taste.c:49:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(s, str, n);
data/libgsm-1.0.18/tls/taste.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/libgsm-1.0.18/tst/cod2lin.c:96:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f = fopen(*av, "r"))) perror(*av);
data/libgsm-1.0.18/tst/cod2txt.c:86:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f = fopen(*av, "r"))) perror(*av);
data/libgsm-1.0.18/tst/gsm2cod.c:85:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f = fopen(*av, "r"))) perror(*av);
data/libgsm-1.0.18/tst/lin2cod.c:97:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f = fopen(*av, "r"))) perror(*av);
data/libgsm-1.0.18/tst/lin2txt.c:86:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f = fopen(*av, "r"))) perror(*av);
data/libgsm-1.0.18/inc/toast.h:73:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extern int strlen P((char *));
data/libgsm-1.0.18/src/toast.c:133:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (l = strlen(av0)) >= 3 /* strlen("cat") */
data/libgsm-1.0.18/src/toast.c:189:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (max_filename_length > 0 && strlen(end) > max_filename_length) {
data/libgsm-1.0.18/src/toast.c:205:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nlen = strlen(name);
data/libgsm-1.0.18/src/toast.c:206:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = strlen(suf);
data/libgsm-1.0.18/src/toast.c:270:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxlen = strlen(name) + 1 + strlen(want) + strlen(cut);
data/libgsm-1.0.18/src/toast.c:270:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxlen = strlen(name) + 1 + strlen(want) + strlen(cut);
data/libgsm-1.0.18/src/toast.c:270:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxlen = strlen(name) + 1 + strlen(want) + strlen(cut);
data/libgsm-1.0.18/src/toast.c:311:19: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (c = reply = getchar(); c != '\n' && c != EOF; c = getchar()) ;
data/libgsm-1.0.18/src/toast.c:311:57: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (c = reply = getchar(); c != '\n' && c != EOF; c = getchar()) ;
data/libgsm-1.0.18/src/toast.c:480:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inname = strcpy(emalloc(strlen(name)+1), name);
data/libgsm-1.0.18/src/toast_alaw.c:321:30: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (i = 0; i < 160 && (c = fgetc(in)) != EOF; i++) buf[i] = A2S( c );
data/libgsm-1.0.18/src/toast_audio.c:49:23: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( (i = getc(f)) == EOF
data/libgsm-1.0.18/src/toast_audio.c:50:45: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| ((u = (unsigned char)i), (i = getc(f)) == EOF)
data/libgsm-1.0.18/src/toast_audio.c:51:45: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| ((u = (u<<8)|(unsigned char)i), (i = getc(f)) == EOF)
data/libgsm-1.0.18/src/toast_audio.c:52:45: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| ((u = (u<<8)|(unsigned char)i), (i = getc(f)) == EOF)) return -1;
data/libgsm-1.0.18/src/toast_audio.c:61:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( fgetc(in) != '.'
data/libgsm-1.0.18/src/toast_audio.c:62:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| fgetc(in) != 's'
data/libgsm-1.0.18/src/toast_audio.c:63:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| fgetc(in) != 'n'
data/libgsm-1.0.18/src/toast_audio.c:64:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| fgetc(in) != 'd'
data/libgsm-1.0.18/src/toast_audio.c:88:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (getc(in) == EOF) {
data/libgsm-1.0.18/src/toast_ulaw.c:608:30: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (i = 0; i < 160 && (c = fgetc(in)) != EOF; i++) buf[i] = U2S(c);
data/libgsm-1.0.18/tls/taste.c:42:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(str) + 1;
data/libgsm-1.0.18/tls/taste.c:46:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(str) + 1);
ANALYSIS SUMMARY:
Hits = 52
Lines analyzed = 8666 in approximately 0.44 seconds (19539 lines/second)
Physical Source Lines of Code (SLOC) = 6253
Hits@level = [0] 120 [1] 24 [2] 15 [3] 4 [4] 7 [5] 2
Hits@level+ = [0+] 172 [1+] 52 [2+] 28 [3+] 13 [4+] 9 [5+] 2
Hits/KSLOC@level+ = [0+] 27.5068 [1+] 8.31601 [2+] 4.47785 [3+] 2.079 [4+] 1.43931 [5+] 0.319846
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.