Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libvorbis-1.3.7/examples/seeking_example.c
Examining data/libvorbis-1.3.7/examples/encoder_example.c
Examining data/libvorbis-1.3.7/examples/decoder_example.c
Examining data/libvorbis-1.3.7/examples/vorbisfile_example.c
Examining data/libvorbis-1.3.7/examples/chaining_example.c
Examining data/libvorbis-1.3.7/lib/bitrate.c
Examining data/libvorbis-1.3.7/lib/codebook.c
Examining data/libvorbis-1.3.7/lib/codec_internal.h
Examining data/libvorbis-1.3.7/lib/lpc.h
Examining data/libvorbis-1.3.7/lib/misc.h
Examining data/libvorbis-1.3.7/lib/mdct.c
Examining data/libvorbis-1.3.7/lib/backends.h
Examining data/libvorbis-1.3.7/lib/lookup.h
Examining data/libvorbis-1.3.7/lib/smallft.c
Examining data/libvorbis-1.3.7/lib/registry.c
Examining data/libvorbis-1.3.7/lib/lsp.c
Examining data/libvorbis-1.3.7/lib/psytune.c
Examining data/libvorbis-1.3.7/lib/masking.h
Examining data/libvorbis-1.3.7/lib/bitrate.h
Examining data/libvorbis-1.3.7/lib/info.c
Examining data/libvorbis-1.3.7/lib/psy.h
Examining data/libvorbis-1.3.7/lib/registry.h
Examining data/libvorbis-1.3.7/lib/window.c
Examining data/libvorbis-1.3.7/lib/vorbisenc.c
Examining data/libvorbis-1.3.7/lib/lsp.h
Examining data/libvorbis-1.3.7/lib/synthesis.c
Examining data/libvorbis-1.3.7/lib/res0.c
Examining data/libvorbis-1.3.7/lib/window.h
Examining data/libvorbis-1.3.7/lib/os.h
Examining data/libvorbis-1.3.7/lib/barkmel.c
Examining data/libvorbis-1.3.7/lib/envelope.h
Examining data/libvorbis-1.3.7/lib/smallft.h
Examining data/libvorbis-1.3.7/lib/psy.c
Examining data/libvorbis-1.3.7/lib/lpc.c
Examining data/libvorbis-1.3.7/lib/codebook.h
Examining data/libvorbis-1.3.7/lib/tone.c
Examining data/libvorbis-1.3.7/lib/mapping0.c
Examining data/libvorbis-1.3.7/lib/sharedbook.c
Examining data/libvorbis-1.3.7/lib/modes/residue_44p51.h
Examining data/libvorbis-1.3.7/lib/modes/residue_44u.h
Examining data/libvorbis-1.3.7/lib/modes/residue_16.h
Examining data/libvorbis-1.3.7/lib/modes/setup_44.h
Examining data/libvorbis-1.3.7/lib/modes/residue_8.h
Examining data/libvorbis-1.3.7/lib/modes/psych_8.h
Examining data/libvorbis-1.3.7/lib/modes/setup_32.h
Examining data/libvorbis-1.3.7/lib/modes/psych_16.h
Examining data/libvorbis-1.3.7/lib/modes/setup_8.h
Examining data/libvorbis-1.3.7/lib/modes/psych_11.h
Examining data/libvorbis-1.3.7/lib/modes/setup_22.h
Examining data/libvorbis-1.3.7/lib/modes/setup_44u.h
Examining data/libvorbis-1.3.7/lib/modes/residue_44.h
Examining data/libvorbis-1.3.7/lib/modes/setup_44p51.h
Examining data/libvorbis-1.3.7/lib/modes/setup_11.h
Examining data/libvorbis-1.3.7/lib/modes/setup_X.h
Examining data/libvorbis-1.3.7/lib/modes/setup_16.h
Examining data/libvorbis-1.3.7/lib/modes/floor_all.h
Examining data/libvorbis-1.3.7/lib/modes/psych_44.h
Examining data/libvorbis-1.3.7/lib/envelope.c
Examining data/libvorbis-1.3.7/lib/analysis.c
Examining data/libvorbis-1.3.7/lib/lookup.c
Examining data/libvorbis-1.3.7/lib/scales.h
Examining data/libvorbis-1.3.7/lib/books/coupled/res_books_51.h
Examining data/libvorbis-1.3.7/lib/books/coupled/res_books_stereo.h
Examining data/libvorbis-1.3.7/lib/books/uncoupled/res_books_uncoupled.h
Examining data/libvorbis-1.3.7/lib/books/floor/floor_books.h
Examining data/libvorbis-1.3.7/lib/block.c
Examining data/libvorbis-1.3.7/lib/highlevel.h
Examining data/libvorbis-1.3.7/lib/mdct.h
Examining data/libvorbis-1.3.7/lib/lookup_data.h
Examining data/libvorbis-1.3.7/lib/floor1.c
Examining data/libvorbis-1.3.7/lib/floor0.c
Examining data/libvorbis-1.3.7/lib/vorbisfile.c
Examining data/libvorbis-1.3.7/symbian/config.h
Examining data/libvorbis-1.3.7/vq/latticebuild.c
Examining data/libvorbis-1.3.7/vq/huffbuild.c
Examining data/libvorbis-1.3.7/vq/vqgen.c
Examining data/libvorbis-1.3.7/vq/distribution.c
Examining data/libvorbis-1.3.7/vq/localcodebook.h
Examining data/libvorbis-1.3.7/vq/bookutil.c
Examining data/libvorbis-1.3.7/vq/bookutil.h
Examining data/libvorbis-1.3.7/vq/vqgen.h
Examining data/libvorbis-1.3.7/vq/metrics.c
Examining data/libvorbis-1.3.7/vq/latticetune.c
Examining data/libvorbis-1.3.7/include/vorbis/vorbisfile.h
Examining data/libvorbis-1.3.7/include/vorbis/codec.h
Examining data/libvorbis-1.3.7/include/vorbis/vorbisenc.h
Examining data/libvorbis-1.3.7/test/write_read.c
Examining data/libvorbis-1.3.7/test/write_read.h
Examining data/libvorbis-1.3.7/test/util.h
Examining data/libvorbis-1.3.7/test/test.c
Examining data/libvorbis-1.3.7/test/util.c
FINAL RESULTS:
data/libvorbis-1.3.7/lib/analysis.c:74:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s_%d.m",base,i);
data/libvorbis-1.3.7/lib/info.c:64:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vc->user_comments[vc->comments], comment);
data/libvorbis-1.3.7/lib/info.c:72:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comment, tag);
data/libvorbis-1.3.7/lib/info.c:74:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, contents);
data/libvorbis-1.3.7/lib/info.c:97:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fulltag, tag);
data/libvorbis-1.3.7/lib/info.c:119:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fulltag,tag);
data/libvorbis-1.3.7/lib/psytune.c:203:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s_%d.m",base,i);
data/libvorbis-1.3.7/vq/huffbuild.c:153:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer,base);
data/libvorbis-1.3.7/vq/latticebuild.c:78:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename,argv[1]);
data/libvorbis-1.3.7/vq/metrics.c:157:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s-%d-mse.m",basename,book);
data/libvorbis-1.3.7/vq/metrics.c:173:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s-%d-me.m",basename,book);
data/libvorbis-1.3.7/vq/metrics.c:189:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s-%d-worst.m",basename,book);
data/libvorbis-1.3.7/examples/decoder_example.c:252:47: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int val=mono[j]*32767.f+drand48()-0.5f;
data/libvorbis-1.3.7/examples/encoder_example.c:146:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/libvorbis-1.3.7/examples/encoder_example.c:39:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char readbuffer[READ*4+44]; /* out of the data segment, not the stack */
data/libvorbis-1.3.7/examples/seeking_example.c:34:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/libvorbis-1.3.7/examples/seeking_example.c:73:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen("a.m","w");
data/libvorbis-1.3.7/examples/seeking_example.c:76:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen("b.m","w");
data/libvorbis-1.3.7/examples/vorbisfile_example.c:32:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pcmout[4096]; /* take 4k out of the data segment, not the stack */
data/libvorbis-1.3.7/lib/analysis.c:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/libvorbis-1.3.7/lib/analysis.c:75:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
of=fopen(buffer,"w");
data/libvorbis-1.3.7/lib/block.c:625:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vbi->pcmdelay[i],v->pcm[i],(vb->pcmend+beginW)*sizeof(*vbi->pcmdelay[i]));
data/libvorbis-1.3.7/lib/envelope.c:295:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/libvorbis-1.3.7/lib/envelope.c:296:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"delL%d",m);
data/libvorbis-1.3.7/lib/envelope.c:302:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/libvorbis-1.3.7/lib/envelope.c:303:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"delR%d",m);
data/libvorbis-1.3.7/lib/floor1.c:886:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/libvorbis-1.3.7/lib/floor1.c:887:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"line_%dx%ld_class%d.vqd",
data/libvorbis-1.3.7/lib/floor1.c:889:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
of=fopen(buffer,"a");
data/libvorbis-1.3.7/lib/floor1.c:910:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/libvorbis-1.3.7/lib/floor1.c:911:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"line_%dx%ld_%dsub%d.vqd",
data/libvorbis-1.3.7/lib/floor1.c:913:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
of=fopen(buffer,"a");
data/libvorbis-1.3.7/lib/info.c:354:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[6];
data/libvorbis-1.3.7/lib/info.c:390:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[6];
data/libvorbis-1.3.7/lib/info.c:577:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op->packet, opb.buffer, oggpack_bytes(&opb));
data/libvorbis-1.3.7/lib/info.c:613:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->header,opb.buffer,oggpack_bytes(&opb));
data/libvorbis-1.3.7/lib/info.c:628:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->header1,opb.buffer,oggpack_bytes(&opb));
data/libvorbis-1.3.7/lib/info.c:643:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->header2,opb.buffer,oggpack_bytes(&opb));
data/libvorbis-1.3.7/lib/mapping0.c:622:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/libvorbis-1.3.7/lib/mapping0.c:623:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"maskI%c%d",i?'R':'L',k);
data/libvorbis-1.3.7/lib/mapping0.c:650:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/libvorbis-1.3.7/lib/mapping0.c:651:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"res%c%d",i?'R':'L',k);
data/libvorbis-1.3.7/lib/psy.c:119:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(workc[i][j+2],tonemasks[i][j],EHMER_MAX*sizeof(*tonemasks[i][j]));
data/libvorbis-1.3.7/lib/psy.c:120:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(workc[i][0],tonemasks[i][0],EHMER_MAX*sizeof(*tonemasks[i][0]));
data/libvorbis-1.3.7/lib/psy.c:121:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(workc[i][1],tonemasks[i][0],EHMER_MAX*sizeof(*tonemasks[i][0]));
data/libvorbis-1.3.7/lib/psy.c:137:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(athc[j],ath,EHMER_MAX*sizeof(**athc));
data/libvorbis-1.3.7/lib/psy.c:1073:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nz,nonzero,sizeof(*nz)*ch);
data/libvorbis-1.3.7/lib/psytune.c:202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/libvorbis-1.3.7/lib/psytune.c:204:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
of=fopen(buffer,"w");
data/libvorbis-1.3.7/lib/psytune.c:268:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
framesize=atoi(argv[0]);
data/libvorbis-1.3.7/lib/res0.c:86:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/libvorbis-1.3.7/lib/res0.c:91:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"res_sub%d_part%d_pass%d.vqd",look->submap,j,k);
data/libvorbis-1.3.7/lib/res0.c:92:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
of=fopen(buffer,"a");
data/libvorbis-1.3.7/lib/res0.c:453:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/libvorbis-1.3.7/lib/res0.c:456:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"resaux_%d.vqd",look->train_seq);
data/libvorbis-1.3.7/lib/res0.c:457:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
of=fopen(buffer,"a");
data/libvorbis-1.3.7/lib/res0.c:489:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/libvorbis-1.3.7/lib/res0.c:515:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"resaux_%d.vqd",look->train_seq);
data/libvorbis-1.3.7/lib/res0.c:516:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
of=fopen(buffer,"a");
data/libvorbis-1.3.7/lib/vorbisenc.c:197:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(f,in+x[is],sizeof(*f));
data/libvorbis-1.3.7/lib/vorbisenc.c:235:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g,in+(int)x[is],sizeof(*g));
data/libvorbis-1.3.7/lib/vorbisenc.c:264:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g->coupling_prepointamp,p[is].pre,sizeof(*p[is].pre)*PACKETBLOBS);
data/libvorbis-1.3.7/lib/vorbisenc.c:265:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g->coupling_postpointamp,p[is].post,sizeof(*p[is].post)*PACKETBLOBS);
data/libvorbis-1.3.7/lib/vorbisenc.c:320:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p,&_psy_info_template,sizeof(*p));
data/libvorbis-1.3.7/lib/vorbisenc.c:465:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r,res->res,sizeof(*r));
data/libvorbis-1.3.7/lib/vorbisenc.c:604:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ci->mode_param[i],mode+i,sizeof(*_mode_template));
data/libvorbis-1.3.7/lib/vorbisenc.c:608:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ci->map_param[i],map+i,sizeof(*map));
data/libvorbis-1.3.7/lib/vorbisfile.c:900:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer,initial,ibytes);
data/libvorbis-1.3.7/lib/vorbisfile.c:926:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vf->serialnos+2,serialno_list,serialno_list_size*sizeof(*vf->serialnos));
data/libvorbis-1.3.7/lib/vorbisfile.c:1015:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(path,"rb");
data/libvorbis-1.3.7/lib/vorbisfile.c:2230:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lappcm[i]+lapcount,pcm[i],sizeof(**pcm)*samples);
data/libvorbis-1.3.7/lib/vorbisfile.c:2251:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lappcm[i]+lapcount,pcm[i],sizeof(**pcm)*samples);
data/libvorbis-1.3.7/test/test.c:49:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename [64] ;
data/libvorbis-1.3.7/test/write_read.c:44:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((file = fopen (filename, "wb")) == NULL) {
data/libvorbis-1.3.7/test/write_read.c:93:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer [i], data, count * sizeof (float)) ;
data/libvorbis-1.3.7/test/write_read.c:151:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((file = fopen (filename, "rb")) == NULL) {
data/libvorbis-1.3.7/test/write_read.c:263:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data + read_total, pcm[0], bout * sizeof (float)) ;
data/libvorbis-1.3.7/vq/bookutil.c:236:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *in=fopen(filename,"r");
data/libvorbis-1.3.7/vq/bookutil.c:341:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(histsave,hist,vals*sizeof(long));
data/libvorbis-1.3.7/vq/distribution.c:48:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bins=atoi(argv[2])-1;
data/libvorbis-1.3.7/vq/distribution.c:50:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in=fopen(argv[1],"r");
data/libvorbis-1.3.7/vq/distribution.c:165:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/libvorbis-1.3.7/vq/distribution.c:168:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"getting min/max (%.2f::%.2f). lines...",min,max);
data/libvorbis-1.3.7/vq/huffbuild.c:81:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
loval=atoi(argv[2]);
data/libvorbis-1.3.7/vq/huffbuild.c:82:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxval=atoi(dpos+1);
data/libvorbis-1.3.7/vq/huffbuild.c:86:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
begin=atoi(argv[2]);
data/libvorbis-1.3.7/vq/huffbuild.c:90:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n=atoi(pos+1);
data/libvorbis-1.3.7/vq/huffbuild.c:95:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
subn=atoi(pos+1);
data/libvorbis-1.3.7/vq/huffbuild.c:104:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file=fopen(infile,"r");
data/libvorbis-1.3.7/vq/huffbuild.c:154:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer,".vqh");
data/libvorbis-1.3.7/vq/huffbuild.c:155:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file=fopen(buffer,"w");
data/libvorbis-1.3.7/vq/latticebuild.c:79:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in=fopen(filename,"r");
data/libvorbis-1.3.7/vq/latticetune.c:87:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in=fopen(argv[2],"r");
data/libvorbis-1.3.7/vq/latticetune.c:120:19: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long code=atol(line);
data/libvorbis-1.3.7/vq/latticetune.c:121:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long val=atol(pos+1);
data/libvorbis-1.3.7/vq/metrics.c:158:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out=fopen(buffer,"w");
data/libvorbis-1.3.7/vq/metrics.c:174:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out=fopen(buffer,"w");
data/libvorbis-1.3.7/vq/metrics.c:190:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out=fopen(buffer,"w");
data/libvorbis-1.3.7/vq/vqgen.c:78:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_now(v,i),_point(v,i),sizeof(float)*v->elements);
data/libvorbis-1.3.7/vq/vqgen.c:94:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[80];
data/libvorbis-1.3.7/vq/vqgen.c:98:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff,"cellspace%d.m",v->it);
data/libvorbis-1.3.7/vq/vqgen.c:99:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cells=fopen(buff,"w");
data/libvorbis-1.3.7/vq/vqgen.c:265:18: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
v->asciipoints=tmpfile();
data/libvorbis-1.3.7/vq/vqgen.c:282:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_point(v,v->points),p,sizeof(float)*v->elements);
data/libvorbis-1.3.7/vq/vqgen.c:283:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(v->aux)memcpy(_point(v,v->points)+v->elements,a,sizeof(float)*v->aux);
data/libvorbis-1.3.7/vq/vqgen.c:317:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(i>march)memcpy(_point(v,march),_point(v,i),sortsize);
data/libvorbis-1.3.7/vq/vqgen.c:346:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[80];
data/libvorbis-1.3.7/vq/vqgen.c:350:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff,"cells%d.m",v->it);
data/libvorbis-1.3.7/vq/vqgen.c:351:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cells=fopen(buff,"w");
data/libvorbis-1.3.7/vq/vqgen.c:352:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff,"assig%d.m",v->it);
data/libvorbis-1.3.7/vq/vqgen.c:353:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
assig=fopen(buff,"w");
data/libvorbis-1.3.7/vq/vqgen.c:354:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff,"bias%d.m",v->it);
data/libvorbis-1.3.7/vq/vqgen.c:355:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bias=fopen(buff,"w");
data/libvorbis-1.3.7/lib/codebook.c:320:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
lok = oggpack_look(b, read);
data/libvorbis-1.3.7/lib/codebook.c:322:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(lok<0 && read>1)
data/libvorbis-1.3.7/lib/codebook.c:323:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
lok = oggpack_look(b, --read);
data/libvorbis-1.3.7/lib/codebook.c:337:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(book->dec_codelengths[lo]<=read){
data/libvorbis-1.3.7/lib/codebook.c:343:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
oggpack_adv(b, read);
data/libvorbis-1.3.7/lib/info.c:62:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vc->comment_lengths[vc->comments]=strlen(comment);
data/libvorbis-1.3.7/lib/info.c:71:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *comment=_ogg_malloc(strlen(tag)+strlen(contents)+2);
data/libvorbis-1.3.7/lib/info.c:71:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *comment=_ogg_malloc(strlen(tag)+strlen(contents)+2);
data/libvorbis-1.3.7/lib/info.c:73:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(comment, "=");
data/libvorbis-1.3.7/lib/info.c:94:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int taglen = strlen(tag)+1; /* +1 for the = we append */
data/libvorbis-1.3.7/lib/info.c:98:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(fulltag, "=");
data/libvorbis-1.3.7/lib/info.c:117:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int taglen = strlen(tag)+1; /* +1 for the = we append */
data/libvorbis-1.3.7/lib/info.c:120:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(fulltag, "=");
data/libvorbis-1.3.7/lib/info.c:480:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bytes = strlen(ENCODE_VENDOR_STRING);
data/libvorbis-1.3.7/vq/bookutil.c:102:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
long c=fgetc(in);
data/libvorbis-1.3.7/vq/huffbuild.c:152:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *buffer=alloca(strlen(base)+5);
data/libvorbis-1.3.7/vq/latticebuild.c:76:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *filename=_ogg_calloc(strlen(argv[1])+4,1);
data/libvorbis-1.3.7/vq/latticetune.c:26:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return(strncmp(s+strlen(s)-strlen(cmp),cmp,strlen(cmp)));
data/libvorbis-1.3.7/vq/latticetune.c:26:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return(strncmp(s+strlen(s)-strlen(cmp),cmp,strlen(cmp)));
data/libvorbis-1.3.7/vq/latticetune.c:26:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return(strncmp(s+strlen(s)-strlen(cmp),cmp,strlen(cmp)));
data/libvorbis-1.3.7/vq/metrics.c:126:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *buffer=alloca(strlen(basename)+80);
ANALYSIS SUMMARY:
Hits = 134
Lines analyzed = 65111 in approximately 3.02 seconds (21572 lines/second)
Physical Source Lines of Code (SLOC) = 54738
Hits@level = [0] 283 [1] 21 [2] 99 [3] 2 [4] 12 [5] 0
Hits@level+ = [0+] 417 [1+] 134 [2+] 113 [3+] 14 [4+] 12 [5+] 0
Hits/KSLOC@level+ = [0+] 7.61811 [1+] 2.44803 [2+] 2.06438 [3+] 0.255764 [4+] 0.219226 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.