Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libgsm-1.0.18/add-test/add_test.c Examining data/libgsm-1.0.18/inc/config.h Examining data/libgsm-1.0.18/inc/proto.h Examining data/libgsm-1.0.18/inc/unproto.h Examining data/libgsm-1.0.18/inc/private.h Examining data/libgsm-1.0.18/inc/gsm.h Examining data/libgsm-1.0.18/inc/toast.h Examining data/libgsm-1.0.18/src/decode.c Examining data/libgsm-1.0.18/src/gsm_create.c Examining data/libgsm-1.0.18/src/gsm_decode.c Examining data/libgsm-1.0.18/src/gsm_destroy.c Examining data/libgsm-1.0.18/src/gsm_encode.c Examining data/libgsm-1.0.18/src/gsm_print.c Examining data/libgsm-1.0.18/src/add.c Examining data/libgsm-1.0.18/src/code.c Examining data/libgsm-1.0.18/src/debug.c Examining data/libgsm-1.0.18/src/gsm_explode.c Examining data/libgsm-1.0.18/src/gsm_implode.c Examining data/libgsm-1.0.18/src/gsm_option.c Examining data/libgsm-1.0.18/src/long_term.c Examining data/libgsm-1.0.18/src/lpc.c Examining data/libgsm-1.0.18/src/preprocess.c Examining data/libgsm-1.0.18/src/rpe.c Examining data/libgsm-1.0.18/src/short_term.c Examining data/libgsm-1.0.18/src/table.c Examining data/libgsm-1.0.18/src/toast_alaw.c Examining data/libgsm-1.0.18/src/toast_audio.c Examining data/libgsm-1.0.18/src/toast_lin.c Examining data/libgsm-1.0.18/src/toast_ulaw.c Examining data/libgsm-1.0.18/src/toast.c Examining data/libgsm-1.0.18/tls/taste.c Examining data/libgsm-1.0.18/tls/bitter.c Examining data/libgsm-1.0.18/tls/ginger.c Examining data/libgsm-1.0.18/tls/sour.c Examining data/libgsm-1.0.18/tls/sweet.c Examining data/libgsm-1.0.18/tls/taste.h Examining data/libgsm-1.0.18/tst/cod2lin.c Examining data/libgsm-1.0.18/tst/cod2txt.c Examining data/libgsm-1.0.18/tst/gsm2cod.c Examining data/libgsm-1.0.18/tst/lin2cod.c Examining data/libgsm-1.0.18/tst/lin2txt.c FINAL RESULTS: data/libgsm-1.0.18/src/toast.c:330:17: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (outname && chmod(outname, instat.st_mode & 07777)) { data/libgsm-1.0.18/src/toast.c:346:8: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. (void)chown(outname, instat.st_uid, instat.st_gid); data/libgsm-1.0.18/inc/toast.h:74:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). extern char * strcpy P((char *, char *)); data/libgsm-1.0.18/inc/toast.h:75:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). extern char * strcat P((char *, char *)); data/libgsm-1.0.18/src/toast.c:271:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). p = strcpy(emalloc(maxlen), name); data/libgsm-1.0.18/src/toast.c:273:33: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if ((s = suffix(p, cut)) != 0) strcpy(s, want); data/libgsm-1.0.18/src/toast.c:274:38: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). else if (*want && !suffix(p, want)) strcat(p, want); data/libgsm-1.0.18/src/toast.c:480:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). inname = strcpy(emalloc(strlen(name)+1), name); data/libgsm-1.0.18/tls/bitter.c:32:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( (bits==8? "%s & 0x%lX;\n" : "(%s & 0x%lX);\n"), data/libgsm-1.0.18/src/toast.c:759:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(ac, av, "fcdpvhuaslVFC:")) != EOF) switch (opt) { data/libgsm-1.0.18/tst/cod2lin.c:84:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(ac, av, "vwF")) != EOF) switch (opt) { data/libgsm-1.0.18/tst/lin2cod.c:85:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(ac, av, "vwF")) != EOF) switch (opt) { data/libgsm-1.0.18/tst/lin2txt.c:76:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(ac, av, "v")) != EOF) switch (opt) { data/libgsm-1.0.18/add-test/add_test.c:181:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[299]; data/libgsm-1.0.18/add-test/add_test.c:195:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (!(in = fopen(av[1], "r"))) { data/libgsm-1.0.18/src/add.c:98:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char const bitoff[ 256 ] = { data/libgsm-1.0.18/src/code.c:16:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. extern char * memcpy P((char *, char *, int)); data/libgsm-1.0.18/src/code.c:95:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy( (char *)S->dp0, (char *)(S->dp0 + 160), data/libgsm-1.0.18/src/toast.c:482:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(in = fopen(inname, READ))) { data/libgsm-1.0.18/src/toast.c:510:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((outfd = open(o, O_WRITE_EXCL, 0666)) >= 0) data/libgsm-1.0.18/src/toast.c:513:36: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (ok_to_replace(o)) out = fopen(o, WRITE); data/libgsm-1.0.18/tls/taste.c:49:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. return memcpy(s, str, n); data/libgsm-1.0.18/tls/taste.c:102:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/libgsm-1.0.18/tst/cod2lin.c:96:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(f = fopen(*av, "r"))) perror(*av); data/libgsm-1.0.18/tst/cod2txt.c:86:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(f = fopen(*av, "r"))) perror(*av); data/libgsm-1.0.18/tst/gsm2cod.c:85:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(f = fopen(*av, "r"))) perror(*av); data/libgsm-1.0.18/tst/lin2cod.c:97:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(f = fopen(*av, "r"))) perror(*av); data/libgsm-1.0.18/tst/lin2txt.c:86:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(f = fopen(*av, "r"))) perror(*av); data/libgsm-1.0.18/inc/toast.h:73:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). extern int strlen P((char *)); data/libgsm-1.0.18/src/toast.c:133:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (l = strlen(av0)) >= 3 /* strlen("cat") */ data/libgsm-1.0.18/src/toast.c:189:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (max_filename_length > 0 && strlen(end) > max_filename_length) { data/libgsm-1.0.18/src/toast.c:205:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t nlen = strlen(name); data/libgsm-1.0.18/src/toast.c:206:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t slen = strlen(suf); data/libgsm-1.0.18/src/toast.c:270:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxlen = strlen(name) + 1 + strlen(want) + strlen(cut); data/libgsm-1.0.18/src/toast.c:270:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxlen = strlen(name) + 1 + strlen(want) + strlen(cut); data/libgsm-1.0.18/src/toast.c:270:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxlen = strlen(name) + 1 + strlen(want) + strlen(cut); data/libgsm-1.0.18/src/toast.c:311:19: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (c = reply = getchar(); c != '\n' && c != EOF; c = getchar()) ; data/libgsm-1.0.18/src/toast.c:311:57: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (c = reply = getchar(); c != '\n' && c != EOF; c = getchar()) ; data/libgsm-1.0.18/src/toast.c:480:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inname = strcpy(emalloc(strlen(name)+1), name); data/libgsm-1.0.18/src/toast_alaw.c:321:30: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (i = 0; i < 160 && (c = fgetc(in)) != EOF; i++) buf[i] = A2S( c ); data/libgsm-1.0.18/src/toast_audio.c:49:23: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ( (i = getc(f)) == EOF data/libgsm-1.0.18/src/toast_audio.c:50:45: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). || ((u = (unsigned char)i), (i = getc(f)) == EOF) data/libgsm-1.0.18/src/toast_audio.c:51:45: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). || ((u = (u<<8)|(unsigned char)i), (i = getc(f)) == EOF) data/libgsm-1.0.18/src/toast_audio.c:52:45: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). || ((u = (u<<8)|(unsigned char)i), (i = getc(f)) == EOF)) return -1; data/libgsm-1.0.18/src/toast_audio.c:61:8: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ( fgetc(in) != '.' data/libgsm-1.0.18/src/toast_audio.c:62:8: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). || fgetc(in) != 's' data/libgsm-1.0.18/src/toast_audio.c:63:8: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). || fgetc(in) != 'n' data/libgsm-1.0.18/src/toast_audio.c:64:8: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). || fgetc(in) != 'd' data/libgsm-1.0.18/src/toast_audio.c:88:7: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (getc(in) == EOF) { data/libgsm-1.0.18/src/toast_ulaw.c:608:30: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (i = 0; i < 160 && (c = fgetc(in)) != EOF; i++) buf[i] = U2S(c); data/libgsm-1.0.18/tls/taste.c:42:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int n = strlen(str) + 1; data/libgsm-1.0.18/tls/taste.c:46:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(str) + 1); ANALYSIS SUMMARY: Hits = 52 Lines analyzed = 8666 in approximately 0.44 seconds (19539 lines/second) Physical Source Lines of Code (SLOC) = 6253 Hits@level = [0] 120 [1] 24 [2] 15 [3] 4 [4] 7 [5] 2 Hits@level+ = [0+] 172 [1+] 52 [2+] 28 [3+] 13 [4+] 9 [5+] 2 Hits/KSLOC@level+ = [0+] 27.5068 [1+] 8.31601 [2+] 4.47785 [3+] 2.079 [4+] 1.43931 [5+] 0.319846 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.