Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/mpv-0.32.0/audio/aframe.c Examining data/mpv-0.32.0/audio/aframe.h Examining data/mpv-0.32.0/audio/audio_buffer.c Examining data/mpv-0.32.0/audio/audio_buffer.h Examining data/mpv-0.32.0/audio/chmap.c Examining data/mpv-0.32.0/audio/chmap.h Examining data/mpv-0.32.0/audio/chmap_sel.c Examining data/mpv-0.32.0/audio/chmap_sel.h Examining data/mpv-0.32.0/audio/decode/ad_lavc.c Examining data/mpv-0.32.0/audio/decode/ad_spdif.c Examining data/mpv-0.32.0/audio/filter/af_format.c Examining data/mpv-0.32.0/audio/filter/af_lavcac3enc.c Examining data/mpv-0.32.0/audio/filter/af_rubberband.c Examining data/mpv-0.32.0/audio/filter/af_scaletempo.c Examining data/mpv-0.32.0/audio/fmt-conversion.c Examining data/mpv-0.32.0/audio/fmt-conversion.h Examining data/mpv-0.32.0/audio/format.c Examining data/mpv-0.32.0/audio/format.h Examining data/mpv-0.32.0/audio/out/ao.c Examining data/mpv-0.32.0/audio/out/ao.h Examining data/mpv-0.32.0/audio/out/ao_alsa.c Examining data/mpv-0.32.0/audio/out/ao_audiotrack.c Examining data/mpv-0.32.0/audio/out/ao_coreaudio.c Examining data/mpv-0.32.0/audio/out/ao_coreaudio_chmap.c Examining data/mpv-0.32.0/audio/out/ao_coreaudio_chmap.h Examining data/mpv-0.32.0/audio/out/ao_coreaudio_exclusive.c Examining data/mpv-0.32.0/audio/out/ao_coreaudio_properties.c Examining data/mpv-0.32.0/audio/out/ao_coreaudio_properties.h Examining data/mpv-0.32.0/audio/out/ao_coreaudio_utils.c Examining data/mpv-0.32.0/audio/out/ao_coreaudio_utils.h Examining data/mpv-0.32.0/audio/out/ao_jack.c Examining data/mpv-0.32.0/audio/out/ao_lavc.c Examining data/mpv-0.32.0/audio/out/ao_null.c Examining data/mpv-0.32.0/audio/out/ao_openal.c Examining data/mpv-0.32.0/audio/out/ao_opensles.c Examining data/mpv-0.32.0/audio/out/ao_oss.c Examining data/mpv-0.32.0/audio/out/ao_pcm.c Examining data/mpv-0.32.0/audio/out/ao_pulse.c Examining data/mpv-0.32.0/audio/out/ao_rsound.c Examining data/mpv-0.32.0/audio/out/ao_sdl.c Examining data/mpv-0.32.0/audio/out/ao_sndio.c Examining data/mpv-0.32.0/audio/out/ao_wasapi.c Examining data/mpv-0.32.0/audio/out/ao_wasapi.h Examining data/mpv-0.32.0/audio/out/ao_wasapi_changenotify.c Examining data/mpv-0.32.0/audio/out/ao_wasapi_utils.c Examining data/mpv-0.32.0/audio/out/internal.h Examining data/mpv-0.32.0/audio/out/pull.c Examining data/mpv-0.32.0/audio/out/push.c Examining data/mpv-0.32.0/common/av_common.c Examining data/mpv-0.32.0/common/av_common.h Examining data/mpv-0.32.0/common/av_log.c Examining data/mpv-0.32.0/common/av_log.h Examining data/mpv-0.32.0/common/codecs.c Examining data/mpv-0.32.0/common/codecs.h Examining data/mpv-0.32.0/common/common.c Examining data/mpv-0.32.0/common/common.h Examining data/mpv-0.32.0/common/encode.h Examining data/mpv-0.32.0/common/encode_lavc.c Examining data/mpv-0.32.0/common/encode_lavc.h Examining data/mpv-0.32.0/common/global.h Examining data/mpv-0.32.0/common/msg.c Examining data/mpv-0.32.0/common/msg.h Examining data/mpv-0.32.0/common/msg_control.h Examining data/mpv-0.32.0/common/playlist.c Examining data/mpv-0.32.0/common/playlist.h Examining data/mpv-0.32.0/common/recorder.c Examining data/mpv-0.32.0/common/recorder.h Examining data/mpv-0.32.0/common/tags.c Examining data/mpv-0.32.0/common/tags.h Examining data/mpv-0.32.0/common/version.c Examining data/mpv-0.32.0/demux/cache.c Examining data/mpv-0.32.0/demux/cache.h Examining data/mpv-0.32.0/demux/codec_tags.c Examining data/mpv-0.32.0/demux/codec_tags.h Examining data/mpv-0.32.0/demux/cue.c Examining data/mpv-0.32.0/demux/cue.h Examining data/mpv-0.32.0/demux/demux.c Examining data/mpv-0.32.0/demux/demux.h Examining data/mpv-0.32.0/demux/demux_cue.c Examining data/mpv-0.32.0/demux/demux_disc.c Examining data/mpv-0.32.0/demux/demux_edl.c Examining data/mpv-0.32.0/demux/demux_lavf.c Examining data/mpv-0.32.0/demux/demux_libarchive.c Examining data/mpv-0.32.0/demux/demux_mf.c Examining data/mpv-0.32.0/demux/demux_mkv.c Examining data/mpv-0.32.0/demux/demux_mkv_timeline.c Examining data/mpv-0.32.0/demux/demux_null.c Examining data/mpv-0.32.0/demux/demux_playlist.c Examining data/mpv-0.32.0/demux/demux_raw.c Examining data/mpv-0.32.0/demux/demux_timeline.c Examining data/mpv-0.32.0/demux/ebml.c Examining data/mpv-0.32.0/demux/ebml.h Examining data/mpv-0.32.0/demux/matroska.h Examining data/mpv-0.32.0/demux/packet.c Examining data/mpv-0.32.0/demux/packet.h Examining data/mpv-0.32.0/demux/stheader.h Examining data/mpv-0.32.0/demux/timeline.c Examining data/mpv-0.32.0/demux/timeline.h Examining data/mpv-0.32.0/filters/f_auto_filters.c Examining data/mpv-0.32.0/filters/f_auto_filters.h Examining data/mpv-0.32.0/filters/f_autoconvert.c Examining data/mpv-0.32.0/filters/f_autoconvert.h Examining data/mpv-0.32.0/filters/f_decoder_wrapper.c Examining data/mpv-0.32.0/filters/f_decoder_wrapper.h Examining data/mpv-0.32.0/filters/f_demux_in.c Examining data/mpv-0.32.0/filters/f_demux_in.h Examining data/mpv-0.32.0/filters/f_hwtransfer.c Examining data/mpv-0.32.0/filters/f_hwtransfer.h Examining data/mpv-0.32.0/filters/f_lavfi.c Examining data/mpv-0.32.0/filters/f_lavfi.h Examining data/mpv-0.32.0/filters/f_output_chain.c Examining data/mpv-0.32.0/filters/f_output_chain.h Examining data/mpv-0.32.0/filters/f_swresample.c Examining data/mpv-0.32.0/filters/f_swresample.h Examining data/mpv-0.32.0/filters/f_swscale.c Examining data/mpv-0.32.0/filters/f_swscale.h Examining data/mpv-0.32.0/filters/f_utils.c Examining data/mpv-0.32.0/filters/f_utils.h Examining data/mpv-0.32.0/filters/filter.c Examining data/mpv-0.32.0/filters/filter.h Examining data/mpv-0.32.0/filters/filter_internal.h Examining data/mpv-0.32.0/filters/frame.c Examining data/mpv-0.32.0/filters/frame.h Examining data/mpv-0.32.0/filters/user_filters.c Examining data/mpv-0.32.0/filters/user_filters.h Examining data/mpv-0.32.0/input/cmd.c Examining data/mpv-0.32.0/input/cmd.h Examining data/mpv-0.32.0/input/event.c Examining data/mpv-0.32.0/input/event.h Examining data/mpv-0.32.0/input/input.c Examining data/mpv-0.32.0/input/input.h Examining data/mpv-0.32.0/input/ipc-dummy.c Examining data/mpv-0.32.0/input/ipc-unix.c Examining data/mpv-0.32.0/input/ipc-win.c Examining data/mpv-0.32.0/input/ipc.c Examining data/mpv-0.32.0/input/keycodes.c Examining data/mpv-0.32.0/input/keycodes.h Examining data/mpv-0.32.0/input/pipe-win32.c Examining data/mpv-0.32.0/input/sdl_gamepad.c Examining data/mpv-0.32.0/libmpv/client.h Examining data/mpv-0.32.0/libmpv/opengl_cb.h Examining data/mpv-0.32.0/libmpv/qthelper.hpp Examining data/mpv-0.32.0/libmpv/render.h Examining data/mpv-0.32.0/libmpv/render_gl.h Examining data/mpv-0.32.0/libmpv/stream_cb.h Examining data/mpv-0.32.0/misc/bstr.c Examining data/mpv-0.32.0/misc/bstr.h Examining data/mpv-0.32.0/misc/charset_conv.c Examining data/mpv-0.32.0/misc/charset_conv.h Examining data/mpv-0.32.0/misc/ctype.h Examining data/mpv-0.32.0/misc/dispatch.c Examining data/mpv-0.32.0/misc/dispatch.h Examining data/mpv-0.32.0/misc/jni.c Examining data/mpv-0.32.0/misc/jni.h Examining data/mpv-0.32.0/misc/json.c Examining data/mpv-0.32.0/misc/json.h Examining data/mpv-0.32.0/misc/linked_list.h Examining data/mpv-0.32.0/misc/natural_sort.c Examining data/mpv-0.32.0/misc/natural_sort.h Examining data/mpv-0.32.0/misc/node.c Examining data/mpv-0.32.0/misc/node.h Examining data/mpv-0.32.0/misc/rendezvous.c Examining data/mpv-0.32.0/misc/rendezvous.h Examining data/mpv-0.32.0/misc/ring.c Examining data/mpv-0.32.0/misc/ring.h Examining data/mpv-0.32.0/misc/thread_pool.c Examining data/mpv-0.32.0/misc/thread_pool.h Examining data/mpv-0.32.0/misc/thread_tools.c Examining data/mpv-0.32.0/misc/thread_tools.h Examining data/mpv-0.32.0/mpv_talloc.h Examining data/mpv-0.32.0/options/m_config.c Examining data/mpv-0.32.0/options/m_config.h Examining data/mpv-0.32.0/options/m_option.c Examining data/mpv-0.32.0/options/m_option.h Examining data/mpv-0.32.0/options/m_property.c Examining data/mpv-0.32.0/options/m_property.h Examining data/mpv-0.32.0/options/options.c Examining data/mpv-0.32.0/options/options.h Examining data/mpv-0.32.0/options/parse_commandline.c Examining data/mpv-0.32.0/options/parse_commandline.h Examining data/mpv-0.32.0/options/parse_configfile.c Examining data/mpv-0.32.0/options/parse_configfile.h Examining data/mpv-0.32.0/options/path.c Examining data/mpv-0.32.0/options/path.h Examining data/mpv-0.32.0/osdep/android/posix-spawn.c Examining data/mpv-0.32.0/osdep/android/posix-spawn.h Examining data/mpv-0.32.0/osdep/android/strnlen.c Examining data/mpv-0.32.0/osdep/android/strnlen.h Examining data/mpv-0.32.0/osdep/atomic.h Examining data/mpv-0.32.0/osdep/compiler.h Examining data/mpv-0.32.0/osdep/endian.h Examining data/mpv-0.32.0/osdep/getpid.h Examining data/mpv-0.32.0/osdep/glob-win.c Examining data/mpv-0.32.0/osdep/io.c Examining data/mpv-0.32.0/osdep/io.h Examining data/mpv-0.32.0/osdep/macOS_swift_bridge.h Examining data/mpv-0.32.0/osdep/macosx_application.h Examining data/mpv-0.32.0/osdep/macosx_application_objc.h Examining data/mpv-0.32.0/osdep/macosx_compat.h Examining data/mpv-0.32.0/osdep/macosx_events.h Examining data/mpv-0.32.0/osdep/macosx_events_objc.h Examining data/mpv-0.32.0/osdep/macosx_menubar.h Examining data/mpv-0.32.0/osdep/macosx_menubar_objc.h Examining data/mpv-0.32.0/osdep/macosx_touchbar.h Examining data/mpv-0.32.0/osdep/macosx_versions.h Examining data/mpv-0.32.0/osdep/main-fn-cocoa.c Examining data/mpv-0.32.0/osdep/main-fn-unix.c Examining data/mpv-0.32.0/osdep/main-fn-win.c Examining data/mpv-0.32.0/osdep/main-fn.h Examining data/mpv-0.32.0/osdep/path-unix.c Examining data/mpv-0.32.0/osdep/path-uwp.c Examining data/mpv-0.32.0/osdep/path-win.c Examining data/mpv-0.32.0/osdep/path.h Examining data/mpv-0.32.0/osdep/polldev.c Examining data/mpv-0.32.0/osdep/polldev.h Examining data/mpv-0.32.0/osdep/posix-spawn.h Examining data/mpv-0.32.0/osdep/semaphore.h Examining data/mpv-0.32.0/osdep/semaphore_osx.c Examining data/mpv-0.32.0/osdep/strnlen.h Examining data/mpv-0.32.0/osdep/subprocess-dummy.c Examining data/mpv-0.32.0/osdep/subprocess-posix.c Examining data/mpv-0.32.0/osdep/subprocess-win.c Examining data/mpv-0.32.0/osdep/subprocess.c Examining data/mpv-0.32.0/osdep/subprocess.h Examining data/mpv-0.32.0/osdep/terminal-dummy.c Examining data/mpv-0.32.0/osdep/terminal-unix.c Examining data/mpv-0.32.0/osdep/terminal-win.c Examining data/mpv-0.32.0/osdep/terminal.h Examining data/mpv-0.32.0/osdep/threads.c Examining data/mpv-0.32.0/osdep/threads.h Examining data/mpv-0.32.0/osdep/timer-darwin.c Examining data/mpv-0.32.0/osdep/timer-linux.c Examining data/mpv-0.32.0/osdep/timer-win2.c Examining data/mpv-0.32.0/osdep/timer.c Examining data/mpv-0.32.0/osdep/timer.h Examining data/mpv-0.32.0/osdep/w32_keyboard.c Examining data/mpv-0.32.0/osdep/w32_keyboard.h Examining data/mpv-0.32.0/osdep/win32-console-wrapper.c Examining data/mpv-0.32.0/osdep/win32/include/pthread.h Examining data/mpv-0.32.0/osdep/win32/include/semaphore.h Examining data/mpv-0.32.0/osdep/win32/pthread.c Examining data/mpv-0.32.0/osdep/windows_utils.c Examining data/mpv-0.32.0/osdep/windows_utils.h Examining data/mpv-0.32.0/player/audio.c Examining data/mpv-0.32.0/player/client.c Examining data/mpv-0.32.0/player/client.h Examining data/mpv-0.32.0/player/command.c Examining data/mpv-0.32.0/player/command.h Examining data/mpv-0.32.0/player/configfiles.c Examining data/mpv-0.32.0/player/core.h Examining data/mpv-0.32.0/player/external_files.c Examining data/mpv-0.32.0/player/external_files.h Examining data/mpv-0.32.0/player/javascript.c Examining data/mpv-0.32.0/player/loadfile.c Examining data/mpv-0.32.0/player/misc.c Examining data/mpv-0.32.0/player/osd.c Examining data/mpv-0.32.0/player/playloop.c Examining data/mpv-0.32.0/player/screenshot.c Examining data/mpv-0.32.0/player/screenshot.h Examining data/mpv-0.32.0/player/scripting.c Examining data/mpv-0.32.0/player/sub.c Examining data/mpv-0.32.0/player/video.c Examining data/mpv-0.32.0/player/main.c Examining data/mpv-0.32.0/player/lua.c Examining data/mpv-0.32.0/stream/cookies.c Examining data/mpv-0.32.0/stream/cookies.h Examining data/mpv-0.32.0/stream/dvb_tune.c Examining data/mpv-0.32.0/stream/dvb_tune.h Examining data/mpv-0.32.0/stream/dvbin.h Examining data/mpv-0.32.0/stream/stream.c Examining data/mpv-0.32.0/stream/stream.h Examining data/mpv-0.32.0/stream/stream_avdevice.c Examining data/mpv-0.32.0/stream/stream_bluray.c Examining data/mpv-0.32.0/stream/stream_cb.c Examining data/mpv-0.32.0/stream/stream_cdda.c Examining data/mpv-0.32.0/stream/stream_concat.c Examining data/mpv-0.32.0/stream/stream_dvb.c Examining data/mpv-0.32.0/stream/stream_dvdnav.c Examining data/mpv-0.32.0/stream/stream_edl.c Examining data/mpv-0.32.0/stream/stream_file.c Examining data/mpv-0.32.0/stream/stream_lavf.c Examining data/mpv-0.32.0/stream/stream_libarchive.c Examining data/mpv-0.32.0/stream/stream_libarchive.h Examining data/mpv-0.32.0/stream/stream_memory.c Examining data/mpv-0.32.0/stream/stream_mf.c Examining data/mpv-0.32.0/stream/stream_null.c Examining data/mpv-0.32.0/stream/stream_smb.c Examining data/mpv-0.32.0/sub/ass_mp.c Examining data/mpv-0.32.0/sub/ass_mp.h Examining data/mpv-0.32.0/sub/dec_sub.c Examining data/mpv-0.32.0/sub/dec_sub.h Examining data/mpv-0.32.0/sub/draw_bmp.c Examining data/mpv-0.32.0/sub/draw_bmp.h Examining data/mpv-0.32.0/sub/filter_sdh.c Examining data/mpv-0.32.0/sub/img_convert.c Examining data/mpv-0.32.0/sub/img_convert.h Examining data/mpv-0.32.0/sub/lavc_conv.c Examining data/mpv-0.32.0/sub/osd.c Examining data/mpv-0.32.0/sub/osd.h Examining data/mpv-0.32.0/sub/osd_dummy.c Examining data/mpv-0.32.0/sub/osd_libass.c Examining data/mpv-0.32.0/sub/osd_state.h Examining data/mpv-0.32.0/sub/sd.h Examining data/mpv-0.32.0/sub/sd_ass.c Examining data/mpv-0.32.0/sub/sd_lavc.c Examining data/mpv-0.32.0/ta/ta.c Examining data/mpv-0.32.0/ta/ta.h Examining data/mpv-0.32.0/ta/ta_talloc.c Examining data/mpv-0.32.0/ta/ta_talloc.h Examining data/mpv-0.32.0/ta/ta_utils.c Examining data/mpv-0.32.0/test/chmap.c Examining data/mpv-0.32.0/test/gl_video.c Examining data/mpv-0.32.0/test/img_format.c Examining data/mpv-0.32.0/test/json.c Examining data/mpv-0.32.0/test/linked_list.c Examining data/mpv-0.32.0/test/scale_sws.c Examining data/mpv-0.32.0/test/scale_test.c Examining data/mpv-0.32.0/test/scale_test.h Examining data/mpv-0.32.0/test/scale_zimg.c Examining data/mpv-0.32.0/test/tests.c Examining data/mpv-0.32.0/test/tests.h Examining data/mpv-0.32.0/video/csputils.c Examining data/mpv-0.32.0/video/csputils.h Examining data/mpv-0.32.0/video/cuda.c Examining data/mpv-0.32.0/video/d3d.c Examining data/mpv-0.32.0/video/d3d.h Examining data/mpv-0.32.0/video/decode/vd_lavc.c Examining data/mpv-0.32.0/video/filter/refqueue.c Examining data/mpv-0.32.0/video/filter/refqueue.h Examining data/mpv-0.32.0/video/filter/vf_d3d11vpp.c Examining data/mpv-0.32.0/video/filter/vf_fingerprint.c Examining data/mpv-0.32.0/video/filter/vf_format.c Examining data/mpv-0.32.0/video/filter/vf_gpu.c Examining data/mpv-0.32.0/video/filter/vf_sub.c Examining data/mpv-0.32.0/video/filter/vf_vapoursynth.c Examining data/mpv-0.32.0/video/filter/vf_vavpp.c Examining data/mpv-0.32.0/video/filter/vf_vdpaupp.c Examining data/mpv-0.32.0/video/fmt-conversion.c Examining data/mpv-0.32.0/video/fmt-conversion.h Examining data/mpv-0.32.0/video/hwdec.c Examining data/mpv-0.32.0/video/hwdec.h Examining data/mpv-0.32.0/video/image_loader.c Examining data/mpv-0.32.0/video/image_loader.h Examining data/mpv-0.32.0/video/image_writer.c Examining data/mpv-0.32.0/video/image_writer.h Examining data/mpv-0.32.0/video/img_format.c Examining data/mpv-0.32.0/video/img_format.h Examining data/mpv-0.32.0/video/mp_image.c Examining data/mpv-0.32.0/video/mp_image.h Examining data/mpv-0.32.0/video/mp_image_pool.c Examining data/mpv-0.32.0/video/mp_image_pool.h Examining data/mpv-0.32.0/video/out/android_common.c Examining data/mpv-0.32.0/video/out/android_common.h Examining data/mpv-0.32.0/video/out/aspect.c Examining data/mpv-0.32.0/video/out/aspect.h Examining data/mpv-0.32.0/video/out/bitmap_packer.c Examining data/mpv-0.32.0/video/out/bitmap_packer.h Examining data/mpv-0.32.0/video/out/cocoa/events_view.h Examining data/mpv-0.32.0/video/out/cocoa/mpvadapter.h Examining data/mpv-0.32.0/video/out/cocoa/video_view.h Examining data/mpv-0.32.0/video/out/cocoa/window.h Examining data/mpv-0.32.0/video/out/cocoa_common.h Examining data/mpv-0.32.0/video/out/d3d11/context.c Examining data/mpv-0.32.0/video/out/d3d11/hwdec_d3d11va.c Examining data/mpv-0.32.0/video/out/d3d11/hwdec_dxva2dxgi.c Examining data/mpv-0.32.0/video/out/d3d11/ra_d3d11.c Examining data/mpv-0.32.0/video/out/d3d11/ra_d3d11.h Examining data/mpv-0.32.0/video/out/d3d_shader_420p.h Examining data/mpv-0.32.0/video/out/dither.c Examining data/mpv-0.32.0/video/out/dither.h Examining data/mpv-0.32.0/video/out/dr_helper.c Examining data/mpv-0.32.0/video/out/dr_helper.h Examining data/mpv-0.32.0/video/out/drm_atomic.c Examining data/mpv-0.32.0/video/out/drm_atomic.h Examining data/mpv-0.32.0/video/out/drm_common.c Examining data/mpv-0.32.0/video/out/drm_common.h Examining data/mpv-0.32.0/video/out/drm_prime.c Examining data/mpv-0.32.0/video/out/drm_prime.h Examining data/mpv-0.32.0/video/out/filter_kernels.c Examining data/mpv-0.32.0/video/out/filter_kernels.h Examining data/mpv-0.32.0/video/out/gpu/context.c Examining data/mpv-0.32.0/video/out/gpu/context.h Examining data/mpv-0.32.0/video/out/gpu/d3d11_helpers.c Examining data/mpv-0.32.0/video/out/gpu/d3d11_helpers.h Examining data/mpv-0.32.0/video/out/gpu/error_diffusion.c Examining data/mpv-0.32.0/video/out/gpu/error_diffusion.h Examining data/mpv-0.32.0/video/out/gpu/hwdec.c Examining data/mpv-0.32.0/video/out/gpu/hwdec.h Examining data/mpv-0.32.0/video/out/gpu/lcms.c Examining data/mpv-0.32.0/video/out/gpu/lcms.h Examining data/mpv-0.32.0/video/out/gpu/libmpv_gpu.c Examining data/mpv-0.32.0/video/out/gpu/libmpv_gpu.h Examining data/mpv-0.32.0/video/out/gpu/osd.c Examining data/mpv-0.32.0/video/out/gpu/osd.h Examining data/mpv-0.32.0/video/out/gpu/ra.c Examining data/mpv-0.32.0/video/out/gpu/ra.h Examining data/mpv-0.32.0/video/out/gpu/shader_cache.c Examining data/mpv-0.32.0/video/out/gpu/shader_cache.h Examining data/mpv-0.32.0/video/out/gpu/spirv.c Examining data/mpv-0.32.0/video/out/gpu/spirv.h Examining data/mpv-0.32.0/video/out/gpu/spirv_shaderc.c Examining data/mpv-0.32.0/video/out/gpu/user_shaders.c Examining data/mpv-0.32.0/video/out/gpu/user_shaders.h Examining data/mpv-0.32.0/video/out/gpu/utils.c Examining data/mpv-0.32.0/video/out/gpu/utils.h Examining data/mpv-0.32.0/video/out/gpu/video.c Examining data/mpv-0.32.0/video/out/gpu/video.h Examining data/mpv-0.32.0/video/out/gpu/video_shaders.c Examining data/mpv-0.32.0/video/out/gpu/video_shaders.h Examining data/mpv-0.32.0/video/out/hwdec/hwdec_cuda.c Examining data/mpv-0.32.0/video/out/hwdec/hwdec_cuda.h Examining data/mpv-0.32.0/video/out/hwdec/hwdec_cuda_gl.c Examining data/mpv-0.32.0/video/out/hwdec/hwdec_cuda_vk.c Examining data/mpv-0.32.0/video/out/hwdec/hwdec_vaapi.c Examining data/mpv-0.32.0/video/out/hwdec/hwdec_vaapi.h Examining data/mpv-0.32.0/video/out/hwdec/hwdec_vaapi_gl.c Examining data/mpv-0.32.0/video/out/hwdec/hwdec_vaapi_vk.c Examining data/mpv-0.32.0/video/out/libmpv.h Examining data/mpv-0.32.0/video/out/opengl/angle_dynamic.c Examining data/mpv-0.32.0/video/out/opengl/angle_dynamic.h Examining data/mpv-0.32.0/video/out/opengl/common.c Examining data/mpv-0.32.0/video/out/opengl/common.h Examining data/mpv-0.32.0/video/out/opengl/context.c Examining data/mpv-0.32.0/video/out/opengl/context.h Examining data/mpv-0.32.0/video/out/opengl/context_android.c Examining data/mpv-0.32.0/video/out/opengl/context_angle.c Examining data/mpv-0.32.0/video/out/opengl/context_cocoa.c Examining data/mpv-0.32.0/video/out/opengl/context_drm_egl.c Examining data/mpv-0.32.0/video/out/opengl/context_dxinterop.c Examining data/mpv-0.32.0/video/out/opengl/context_glx.c Examining data/mpv-0.32.0/video/out/opengl/context_rpi.c Examining data/mpv-0.32.0/video/out/opengl/context_wayland.c Examining data/mpv-0.32.0/video/out/opengl/context_win.c Examining data/mpv-0.32.0/video/out/opengl/context_x11egl.c Examining data/mpv-0.32.0/video/out/opengl/egl_helpers.c Examining data/mpv-0.32.0/video/out/opengl/egl_helpers.h Examining data/mpv-0.32.0/video/out/opengl/formats.c Examining data/mpv-0.32.0/video/out/opengl/formats.h Examining data/mpv-0.32.0/video/out/opengl/gl_headers.h Examining data/mpv-0.32.0/video/out/opengl/hwdec_d3d11egl.c Examining data/mpv-0.32.0/video/out/opengl/hwdec_drmprime_drm.c Examining data/mpv-0.32.0/video/out/opengl/hwdec_dxva2egl.c Examining data/mpv-0.32.0/video/out/opengl/hwdec_dxva2gldx.c Examining data/mpv-0.32.0/video/out/opengl/hwdec_osx.c Examining data/mpv-0.32.0/video/out/opengl/hwdec_rpi.c Examining data/mpv-0.32.0/video/out/opengl/hwdec_vdpau.c Examining data/mpv-0.32.0/video/out/opengl/libmpv_gl.c Examining data/mpv-0.32.0/video/out/opengl/oml_sync.c Examining data/mpv-0.32.0/video/out/opengl/oml_sync.h Examining data/mpv-0.32.0/video/out/opengl/ra_gl.c Examining data/mpv-0.32.0/video/out/opengl/ra_gl.h Examining data/mpv-0.32.0/video/out/opengl/utils.c Examining data/mpv-0.32.0/video/out/opengl/utils.h Examining data/mpv-0.32.0/video/out/placebo/ra_pl.c Examining data/mpv-0.32.0/video/out/placebo/ra_pl.h Examining data/mpv-0.32.0/video/out/placebo/utils.c Examining data/mpv-0.32.0/video/out/placebo/utils.h Examining data/mpv-0.32.0/video/out/vo.c Examining data/mpv-0.32.0/video/out/vo.h Examining data/mpv-0.32.0/video/out/vo_caca.c Examining data/mpv-0.32.0/video/out/vo_direct3d.c Examining data/mpv-0.32.0/video/out/vo_drm.c Examining data/mpv-0.32.0/video/out/vo_gpu.c Examining data/mpv-0.32.0/video/out/vo_image.c Examining data/mpv-0.32.0/video/out/vo_lavc.c Examining data/mpv-0.32.0/video/out/vo_libmpv.c Examining data/mpv-0.32.0/video/out/vo_mediacodec_embed.c Examining data/mpv-0.32.0/video/out/vo_null.c Examining data/mpv-0.32.0/video/out/vo_rpi.c Examining data/mpv-0.32.0/video/out/vo_sdl.c Examining data/mpv-0.32.0/video/out/vo_tct.c Examining data/mpv-0.32.0/video/out/vo_vaapi.c Examining data/mpv-0.32.0/video/out/vo_vdpau.c Examining data/mpv-0.32.0/video/out/vo_wlshm.c Examining data/mpv-0.32.0/video/out/vo_x11.c Examining data/mpv-0.32.0/video/out/vo_xv.c Examining data/mpv-0.32.0/video/out/vulkan/common.h Examining data/mpv-0.32.0/video/out/vulkan/context.c Examining data/mpv-0.32.0/video/out/vulkan/context.h Examining data/mpv-0.32.0/video/out/vulkan/context_android.c Examining data/mpv-0.32.0/video/out/vulkan/context_wayland.c Examining data/mpv-0.32.0/video/out/vulkan/context_win.c Examining data/mpv-0.32.0/video/out/vulkan/context_xlib.c Examining data/mpv-0.32.0/video/out/vulkan/utils.c Examining data/mpv-0.32.0/video/out/vulkan/utils.h Examining data/mpv-0.32.0/video/out/w32_common.c Examining data/mpv-0.32.0/video/out/w32_common.h Examining data/mpv-0.32.0/video/out/wayland_common.c Examining data/mpv-0.32.0/video/out/wayland_common.h Examining data/mpv-0.32.0/video/out/win32/displayconfig.c Examining data/mpv-0.32.0/video/out/win32/displayconfig.h Examining data/mpv-0.32.0/video/out/win32/droptarget.c Examining data/mpv-0.32.0/video/out/win32/droptarget.h Examining data/mpv-0.32.0/video/out/win_state.c Examining data/mpv-0.32.0/video/out/win_state.h Examining data/mpv-0.32.0/video/out/x11_common.c Examining data/mpv-0.32.0/video/out/x11_common.h Examining data/mpv-0.32.0/video/sws_utils.c Examining data/mpv-0.32.0/video/sws_utils.h Examining data/mpv-0.32.0/video/vaapi.c Examining data/mpv-0.32.0/video/vaapi.h Examining data/mpv-0.32.0/video/vdpau.c Examining data/mpv-0.32.0/video/vdpau.h Examining data/mpv-0.32.0/video/vdpau_mixer.c Examining data/mpv-0.32.0/video/vdpau_mixer.h Examining data/mpv-0.32.0/video/zimg.c Examining data/mpv-0.32.0/video/zimg.h Examining data/mpv-0.32.0/waftools/fragments/audiounit.c Examining data/mpv-0.32.0/waftools/fragments/coreaudio.c Examining data/mpv-0.32.0/waftools/fragments/gl_x11.c Examining data/mpv-0.32.0/waftools/fragments/iconv.c Examining data/mpv-0.32.0/waftools/fragments/pthreads.c Examining data/mpv-0.32.0/waftools/fragments/sse.c Examining data/mpv-0.32.0/waftools/fragments/wasapi.c FINAL RESULTS: data/mpv-0.32.0/audio/out/ao_alsa.c:716:64: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. err = snd_pcm_hw_params_set_access(p->alsa, alsa_hwparams, access); data/mpv-0.32.0/audio/out/ao_alsa.c:720:68: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. err = snd_pcm_hw_params_set_access(p->alsa, alsa_hwparams, access); data/mpv-0.32.0/audio/out/ao_wasapi_utils.c:124:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf + guid_len, buf_size - guid_len, ",%"PRIu32, data/mpv-0.32.0/common/av_log.c:126:9: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, vl); data/mpv-0.32.0/common/av_log.c:141:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buffer + pos, sizeof(buffer) - pos, fmt, vl); data/mpv-0.32.0/common/common.c:147:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. r = vsnprintf(str + len, size - len, format, ap); data/mpv-0.32.0/common/common.c:306:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, buf_size, format, ap); data/mpv-0.32.0/demux/demux_mf.c:128:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fname, filename); data/mpv-0.32.0/demux/demux_mf.c:154:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(fname, filename, count++); data/mpv-0.32.0/misc/bstr.c:241:15: [4] (buffer) vsscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. int ret = vsscanf(ptr, format, va); data/mpv-0.32.0/misc/bstr.c:393:12: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. size = vsnprintf(dest, MPMAX(avail, 1), fmt, copy); data/mpv-0.32.0/misc/bstr.c:401:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(s->start + s->len, size + 1, fmt, ap); data/mpv-0.32.0/options/m_option.c:686:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), "%" PRId64, src->u.int64); data/mpv-0.32.0/osdep/compiler.h:7:57: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define PRINTF_ATTRIBUTE(a1, a2) __attribute__ ((format(printf, a1, a2))) data/mpv-0.32.0/osdep/io.c:303:12: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. return vfprintf(stream, format, args); data/mpv-0.32.0/osdep/io.c:343:22: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. size_t len = vsnprintf(NULL, 0, format, args) + 1; data/mpv-0.32.0/osdep/io.c:347:20: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. done = vsnprintf(buf, len, format, args); data/mpv-0.32.0/osdep/io.c:352:16: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. done = vfprintf(stream, format, args); data/mpv-0.32.0/osdep/io.c:449:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. access |= DELETE; data/mpv-0.32.0/osdep/io.c:461:35: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. HANDLE h = CreateFileW(wpath, access, share, NULL, disposition, flags, NULL); data/mpv-0.32.0/osdep/io.c:749:34: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. void *p = MapViewOfFile(map, access, o_high, o_low, length); data/mpv-0.32.0/osdep/io.h:153:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printf(...) mp_printf(__VA_ARGS__) data/mpv-0.32.0/osdep/io.h:154:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define fprintf(...) mp_fprintf(__VA_ARGS__) data/mpv-0.32.0/osdep/subprocess-win.c:116:5: [4] (format) swprintf: Potential format string problem (CWE-134). Make format string constant. swprintf(buf, MP_ARRAY_SIZE(buf), L"\\\\.\\pipe\\mpv-anon-%08x-%08lx", data/mpv-0.32.0/stream/stream_dvb.c:352:18: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. fields = sscanf(&line[k], vdr_conf, data/mpv-0.32.0/stream/stream_dvb.c:443:26: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. fields = sscanf(&line[k], ter_conf, data/mpv-0.32.0/stream/stream_dvb.c:452:26: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. fields = sscanf(&line[k], cbl_conf, data/mpv-0.32.0/stream/stream_dvb.c:464:26: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. fields = sscanf(&line[k], atsc_conf, data/mpv-0.32.0/stream/stream_dvb.c:473:26: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. fields = sscanf(&line[k], sat_conf, data/mpv-0.32.0/ta/ta.h:24:47: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define TA_PRF(a1, a2) __attribute__ ((format(printf, a1, a2))) data/mpv-0.32.0/ta/ta_utils.c:196:12: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. size = vsnprintf(&c, 1, fmt, copy); data/mpv-0.32.0/ta/ta_utils.c:208:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(*str + at, size + 1, fmt, ap); data/mpv-0.32.0/test/img_format.c:162:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(f, " AVD: name=%s chroma=%d:%d flags=0x%"PRIx64, avd->name, data/mpv-0.32.0/video/out/drm_common.c:496:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(card_path, sizeof(card_path), DRM_DEV_NAME, DRM_DIR_NAME, card_no); data/mpv-0.32.0/video/out/opengl/common.h:228:42: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. GLuint name, GLenum type, GLenum access); data/mpv-0.32.0/video/out/vo_direct3d.c:83:24: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. IDirect3DTexture9 *system; data/mpv-0.32.0/video/out/vo_direct3d.c:326:14: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (tex->system) data/mpv-0.32.0/video/out/vo_direct3d.c:327:40: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. IDirect3DTexture9_Release(tex->system); data/mpv-0.32.0/video/out/vo_direct3d.c:358:47: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. D3DUSAGE_DYNAMIC, fmt, memtype, &tex->system, NULL))) data/mpv-0.32.0/video/out/vo_direct3d.c:386:71: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return (IDirect3DBaseTexture9 *)(tex->device ? tex->device : tex->system); data/mpv-0.32.0/video/out/vo_direct3d.c:395:50: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. (IDirect3DBaseTexture9 *)tex->system, data/mpv-0.32.0/video/out/vo_direct3d.c:412:68: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (FAILED(IDirect3DTexture9_UnlockRect(plane->texture.system, 0))) data/mpv-0.32.0/video/out/vo_direct3d.c:470:33: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (!plane->texture.system) { data/mpv-0.32.0/video/out/vo_direct3d.c:517:66: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (FAILED(IDirect3DTexture9_LockRect(plane->texture.system, 0, data/mpv-0.32.0/video/out/vo_direct3d.c:1546:27: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (!osd->texture.system) data/mpv-0.32.0/video/out/vo_direct3d.c:1554:56: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (FAILED(IDirect3DTexture9_LockRect(osd->texture.system, 0, &locked_rect, data/mpv-0.32.0/video/out/vo_direct3d.c:1565:58: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (FAILED(IDirect3DTexture9_UnlockRect(osd->texture.system, 0))) { data/mpv-0.32.0/video/out/vo_tct.c:127:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ESC_GOTOXY, ty + y, tx); data/mpv-0.32.0/video/out/vo_tct.c:133:17: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ESC_COLOR256_BG, rgb_to_x256(r, g, b)); data/mpv-0.32.0/video/out/vo_tct.c:135:17: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ESC_COLOR_BG, r, g, b); data/mpv-0.32.0/video/out/vo_tct.c:139:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ESC_CLEAR_COLORS); data/mpv-0.32.0/video/out/vo_tct.c:156:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ESC_GOTOXY, ty + y / 2, tx); data/mpv-0.32.0/video/out/vo_tct.c:165:17: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ESC_COLOR256_BG, rgb_to_x256(r_up, g_up, b_up)); data/mpv-0.32.0/video/out/vo_tct.c:166:17: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ESC_COLOR256_FG, rgb_to_x256(r_down, g_down, b_down)); data/mpv-0.32.0/video/out/vo_tct.c:168:17: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ESC_COLOR_BG, r_up, g_up, b_up); data/mpv-0.32.0/video/out/vo_tct.c:169:17: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ESC_COLOR_FG, r_down, g_down, b_down); data/mpv-0.32.0/video/out/vo_tct.c:173:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ESC_CLEAR_COLORS); data/mpv-0.32.0/video/out/vo_tct.c:227:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ESC_HIDE_CURSOR); data/mpv-0.32.0/video/out/vo_tct.c:228:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ESC_CLEAR_SCREEN); data/mpv-0.32.0/video/out/vo_tct.c:261:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ESC_RESTORE_CURSOR); data/mpv-0.32.0/video/out/vo_tct.c:262:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ESC_CLEAR_SCREEN); data/mpv-0.32.0/video/out/vo_tct.c:263:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ESC_GOTOXY, 0, 0); data/mpv-0.32.0/options/path.c:69:35: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *force_configdir = getenv("MPV_HOME"); data/mpv-0.32.0/options/path.c:185:30: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *home = getenv("HOME"); data/mpv-0.32.0/options/path.c:187:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. home = getenv("USERPROFILE"); data/mpv-0.32.0/options/path.c:294:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *e_wd = getenv("PWD"); data/mpv-0.32.0/osdep/io.h:163:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. #define getenv(...) mp_getenv(__VA_ARGS__) data/mpv-0.32.0/osdep/path-unix.c:33:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *home = getenv("HOME"); data/mpv-0.32.0/osdep/path-unix.c:34:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *xdg_dir = getenv("XDG_CONFIG_HOME"); data/mpv-0.32.0/osdep/path-unix.c:64:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. return getenv("HOME"); data/mpv-0.32.0/osdep/timer.c:36:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(mp_raw_time_us()); data/mpv-0.32.0/osdep/win32/pthread.c:49:9: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection(&mutex->lock.cs); data/mpv-0.32.0/osdep/win32/pthread.c:59:9: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&mutex->lock.cs); data/mpv-0.32.0/player/configfiles.c:205:21: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. av_md5_sum(md5, realpath, strlen(realpath)); data/mpv-0.32.0/player/configfiles.c:205:38: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. av_md5_sum(md5, realpath, strlen(realpath)); data/mpv-0.32.0/player/javascript.c:932:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *v = getenv(js_tostring(J, 1)); data/mpv-0.32.0/player/javascript.c:1248:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. FN_ENTRY(getenv, 1), data/mpv-0.32.0/player/main.c:269:27: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *enable_talloc = getenv("MPV_LEAK_REPORT"); data/mpv-0.32.0/player/main.c:321:25: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *verbose_env = getenv("MPV_VERBOSE"); data/mpv-0.32.0/video/d3d.c:49:17: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. d3d11_dll = LoadLibrary(L"d3d11.dll"); data/mpv-0.32.0/video/d3d.c:50:17: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. d3d9_dll = LoadLibrary(L"d3d9.dll"); data/mpv-0.32.0/video/d3d.c:51:17: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. dxva2_dll = LoadLibrary(L"dxva2.dll"); data/mpv-0.32.0/video/out/gpu/video_shaders.c:861:37: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. GLSL(vec3 _m = vec3(HOOKED_pos, random) + vec3(1.0);) data/mpv-0.32.0/video/out/wayland_common.c:79:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *size_str = getenv("XCURSOR_SIZE"); data/mpv-0.32.0/video/out/wayland_common.c:1108:39: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *xdg_current_desktop = getenv("XDG_CURRENT_DESKTOP"); data/mpv-0.32.0/audio/aframe.c:398:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch[128]; data/mpv-0.32.0/audio/aframe.c:503:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d[n] + dst_offset * sstride, s[n] + src_offset * sstride, data/mpv-0.32.0/audio/aframe.c:555:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[16]; data/mpv-0.32.0/audio/aframe.c:558:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, s2, bps); data/mpv-0.32.0/audio/aframe.c:559:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s2, s1, bps); data/mpv-0.32.0/audio/aframe.c:560:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s1, tmp, bps); data/mpv-0.32.0/audio/audio_buffer.c:94:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. memmove((char *)dst[n] + dst_offset * ab->sstride, data/mpv-0.32.0/audio/audio_buffer.c:95:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char *)src[n] + src_offset * ab->sstride, data/mpv-0.32.0/audio/chmap.c:29:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *const speaker_names[MP_SPEAKER_ID_COUNT][2] = { data/mpv-0.32.0/audio/chmap.c:369:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sp_buf[10]; data/mpv-0.32.0/audio/decode/ad_spdif.c:65:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ctx->out_buffer[ctx->out_buffer_len], buf, buf_size); data/mpv-0.32.0/audio/decode/ad_spdif.c:328:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data[0], spdif_ctx->out_buffer, spdif_ctx->out_buffer_len); data/mpv-0.32.0/audio/decode/ad_spdif.c:387:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[80]; data/mpv-0.32.0/audio/filter/af_lavcac3enc.c:221:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hdr[8]; data/mpv-0.32.0/audio/filter/af_lavcac3enc.c:244:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, hdr, header_len); data/mpv-0.32.0/audio/filter/af_lavcac3enc.c:245:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + header_len, pkt.data, pkt.size); data/mpv-0.32.0/audio/filter/af_scaletempo.c:125:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s->buf_queue + s->bytes_queued, planes[0] + offset, bytes_copy); data/mpv-0.32.0/audio/filter/af_scaletempo.c:312:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pout + out_offset + s->bytes_overlap, data/mpv-0.32.0/audio/filter/af_scaletempo.c:318:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s->buf_overlap, data/mpv-0.32.0/audio/filter/af_scaletempo.c:328:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pout + out_offset, s->buf_queue, s->bytes_queued); data/mpv-0.32.0/audio/out/ao.c:226:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char redirect[80], rdevice[80]; data/mpv-0.32.0/audio/out/ao.c:634:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80]; data/mpv-0.32.0/audio/out/ao_alsa.c:393:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char aname[128]; data/mpv-0.32.0/audio/out/ao_alsa.c:473:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[128]; data/mpv-0.32.0/audio/out/ao_alsa.c:494:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[128]; data/mpv-0.32.0/audio/out/ao_alsa.c:1235:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desc2[1024]; data/mpv-0.32.0/audio/out/ao_jack.c:176:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pname[30]; data/mpv-0.32.0/audio/out/ao_lavc.c:275:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(padded[n], data[n], bytelen); data/mpv-0.32.0/audio/out/ao_lavc.c:276:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. af_fill_silence((char *)padded[n] + bytelen, extralen, ao->format); data/mpv-0.32.0/audio/out/ao_lavc.c:308:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. start[n] = (char *)data[n] + bufpos * ao->sstride; data/mpv-0.32.0/audio/out/ao_openal.c:145:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char enum_name[32]; data/mpv-0.32.0/audio/out/ao_oss.c:82:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *const mixer_channels[SOUND_MIXER_NRDEVICES] = SOUND_DEVICE_NAMES; data/mpv-0.32.0/audio/out/ao_oss.c:187:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(p->oss_mixer_device, O_RDONLY)) != -1) { data/mpv-0.32.0/audio/out/ao_oss.c:281:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). p->audio_fd = open(device, O_WRONLY | O_NONBLOCK); data/mpv-0.32.0/audio/out/ao_oss.c:283:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). p->audio_fd = open(device, O_WRONLY); data/mpv-0.32.0/audio/out/ao_oss.c:422:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(p->oss_mixer_device, O_RDONLY)) == -1) { data/mpv-0.32.0/audio/out/ao_pcm.c:155:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). priv->fp = fopen(priv->outputfilename, priv->append ? "ab" : "wb"); data/mpv-0.32.0/audio/out/ao_sndio.c:40:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char silence[SILENCE_NMAX]; data/mpv-0.32.0/audio/out/ao_wasapi_utils.c:528:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t path[MAX_PATH+12] = {0}; data/mpv-0.32.0/audio/out/ao_wasapi_utils.c:530:5: [2] (buffer) wcscat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Risk is low because the source is a constant string. wcscat(path, L",-IDI_ICON1"); data/mpv-0.32.0/audio/out/pull.c:185:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. af_fill_silence((char *)data[n] + bytes, full_bytes - bytes, ao->format); data/mpv-0.32.0/audio/out/pull.c:227:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data[n], ndata[n], dst_plane_size); data/mpv-0.32.0/audio/out/push.c:541:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p_fds, fds, num_fds * sizeof(p_fds[0])); data/mpv-0.32.0/audio/out/push.c:552:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fds, p_fds, num_fds * sizeof(fds[0])); data/mpv-0.32.0/common/av_common.c:51:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(avctx->extradata, ptr, size); data/mpv-0.32.0/common/av_common.c:88:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(avp->extradata, c->extradata, avp->extradata_size); data/mpv-0.32.0/common/av_common.c:372:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[80]; data/mpv-0.32.0/common/av_log.c:133:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096] = ""; data/mpv-0.32.0/common/common.c:157:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[8]; data/mpv-0.32.0/common/encode_lavc.c:68:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[80]; data/mpv-0.32.0/common/encode_lavc.c:513:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char optbuf[32]; data/mpv-0.32.0/common/msg.c:402:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(log->partial, text, size); data/mpv-0.32.0/common/msg.c:501:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). *file = fopen(new_path, "wb"); data/mpv-0.32.0/common/msg.c:724:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *const mp_log_levels[MSGL_MAX + 1] = { data/mpv-0.32.0/common/msg_control.h:38:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char *const mp_log_levels[MSGL_MAX + 1]; data/mpv-0.32.0/common/recorder.c:154:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version[200]; data/mpv-0.32.0/common/tags.c:122:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char skey[320]; data/mpv-0.32.0/demux/codec_tags.c:54:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char guid_ext_base[16] = data/mpv-0.32.0/demux/codec_tags.c:107:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char codec[64] = "pcm_"; data/mpv-0.32.0/demux/demux.c:3242:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int ret = demuxer->desc->open(in->d_thread, check); data/mpv-0.32.0/demux/demux.h:105:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int (*open)(struct demuxer *demuxer, enum demux_check check); data/mpv-0.32.0/demux/demux.h:134:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char segment[16]; data/mpv-0.32.0/demux/demux_cue.c:272:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char probe[PROBE_SIZE]; data/mpv-0.32.0/demux/demux_edl.c:462:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[sizeof(HEADER) - 1]; data/mpv-0.32.0/demux/demux_lavf.c:727:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sh->codec->extradata, codec->extradata, codec->extradata_size); data/mpv-0.32.0/demux/demux_lavf.c:1287:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[180]; data/mpv-0.32.0/demux/demux_mf.c:73:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/mpv-0.32.0/demux/demux_mf.c:216:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dp->buffer, data.start, data.len); data/mpv-0.32.0/demux/demux_mkv.c:60:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char sipr_swaps[38][2] = { data/mpv-0.32.0/demux/demux_mkv.c:386:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, enc->comp_settings, enc->comp_settings_len); data/mpv-0.32.0/demux/demux_mkv.c:387:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest + enc->comp_settings_len, src, size); data/mpv-0.32.0/demux/demux_mkv.c:442:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(demuxer->matroska_data.uid.segment, info.segment_uid.start, data/mpv-0.32.0/demux/demux_mkv.c:493:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e.comp_settings, z->content_comp_settings.start, sz); data/mpv-0.32.0/demux/demux_mkv.c:530:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ce + i, &e, sizeof(e)); data/mpv-0.32.0/demux/demux_mkv.c:717:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(track->private_data, entry->codec_private.start, len); data/mpv-0.32.0/demux/demux_mkv.c:995:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(chapter.uid.segment, ca->chapter_segment_uid.start, data/mpv-0.32.0/demux/demux_mkv.c:1502:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char smask[80]; data/mpv-0.32.0/demux/demux_mkv.c:1743:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(extradata, "fLaC", 4); data/mpv-0.32.0/demux/demux_mkv.c:1752:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + 4, "alac", 4); data/mpv-0.32.0/demux/demux_mkv.c:1754:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + 12, track->private_data, track->private_size); data/mpv-0.32.0/demux/demux_mkv.c:1762:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + 0, "TTA1", 4); data/mpv-0.32.0/demux/demux_mkv.c:2233:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(track->audio_buf + dst_offset, buffer + src_offset, cfs); data/mpv-0.32.0/demux/demux_mkv.c:2244:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(track->audio_buf + dst_offset, buffer + src_offset, sps); data/mpv-0.32.0/demux/demux_mkv.c:2249:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(track->audio_buf + spc * w, buffer, w); data/mpv-0.32.0/demux/demux_mkv.c:2398:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dst + offset + 32, src, blocksize); // block data data/mpv-0.32.0/demux/demux_mkv.c:2443:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->buffer + 8, dp->buffer, dp->len); data/mpv-0.32.0/demux/demux_playlist.c:53:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512 * 1024]; data/mpv-0.32.0/demux/demux_playlist.c:101:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, buf, len); data/mpv-0.32.0/demux/demux_playlist.c:181:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char probe[PROBE_SIZE]; data/mpv-0.32.0/demux/demux_playlist.c:442:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char probe[PROBE_SIZE]; data/mpv-0.32.0/demux/ebml.c:420:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *, num_elems[i]); data/mpv-0.32.0/demux/packet.c:229:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sd + 8, data, size); data/mpv-0.32.0/filters/f_lavfi.c:178:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[80]; data/mpv-0.32.0/filters/f_lavfi.c:409:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/mpv-0.32.0/filters/f_lavfi.c:500:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/mpv-0.32.0/filters/f_swresample.c:194:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(map, nmap, sizeof(nmap)); data/mpv-0.32.0/input/cmd.c:78:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nname[80]; data/mpv-0.32.0/input/cmd.c:497:48: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. .u = {.string = (char *)argv[n]}}; data/mpv-0.32.0/input/cmd.c:626:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, opt->type->size); data/mpv-0.32.0/input/input.c:1181:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bind->keys, keys, num_keys * sizeof(bind->keys[0])); data/mpv-0.32.0/input/input.c:1478:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bind->keys, &key, 1 * sizeof(bind->keys[0])); data/mpv-0.32.0/input/input.c:1556:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[80]; data/mpv-0.32.0/input/input.c:1676:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(in->cmd_buffer + in->cmd_buffer_size, buf, copy); data/mpv-0.32.0/input/ipc-unix.c:167:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/mpv-0.32.0/input/ipc-unix.c:280:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). client_fd = open(path, mode); data/mpv-0.32.0/input/ipc-win.c:208:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/mpv-0.32.0/input/pipe-win32.c:73:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). p->fd = open(filename, O_RDONLY); data/mpv-0.32.0/input/pipe-win32.c:95:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/mpv-0.32.0/libmpv/qthelper.hpp:139:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(r, b.data(), b.size() + 1); data/mpv-0.32.0/misc/bstr.c:169:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[51]; data/mpv-0.32.0/misc/bstr.c:171:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, str.start, len); data/mpv-0.32.0/misc/bstr.c:183:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[101]; data/mpv-0.32.0/misc/bstr.c:185:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, str.start, len); data/mpv-0.32.0/misc/bstr.c:368:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s->start + s->len, append.start, append.len); data/mpv-0.32.0/misc/charset_conv.c:54:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *const utf_bom[3] = {"\xEF\xBB\xBF", "\xFF\xFE", "\xFE\xFF"}; data/mpv-0.32.0/misc/charset_conv.c:55:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *const utf_enc[3] = {"utf-8", "utf-16le", "utf-16be"}; data/mpv-0.32.0/misc/ring.c:70:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, buffer->buffer + read_ptr, len1); data/mpv-0.32.0/misc/ring.c:71:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest + len1, buffer->buffer, len2); data/mpv-0.32.0/misc/ring.c:94:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer->buffer + write_ptr, src, len1); data/mpv-0.32.0/misc/ring.c:95:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer->buffer, src + len1, len2); data/mpv-0.32.0/options/m_config.c:181:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_OPT_NAME_LEN]; data/mpv-0.32.0/options/m_config.c:195:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_buf[MAX_OPT_NAME_LEN]; data/mpv-0.32.0/options/m_config.c:309:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, &src, sizeof(src)); data/mpv-0.32.0/options/m_config.c:320:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&temp, src, opt->type->size); data/mpv-0.32.0/options/m_config.c:324:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, opt->type->size); data/mpv-0.32.0/options/m_config.c:348:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gdata->udata, opts->defaults, opts->size); data/mpv-0.32.0/options/m_config.c:545:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d, desc->priv_defaults, desc->priv_size); data/mpv-0.32.0/options/m_config.c:1245:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char min[50], max[50]; data/mpv-0.32.0/options/m_option.c:109:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, opt->type->size); data/mpv-0.32.0/options/m_option.c:683:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80]; data/mpv-0.32.0/options/m_option.c:1297:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lst, add, n * sizeof(char *)); data/mpv-0.32.0/options/m_option.c:1299:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lst[ln], add, n * sizeof(char *)); data/mpv-0.32.0/options/m_option.c:3055:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[80]; data/mpv-0.32.0/options/m_option.c:3185:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[80]; data/mpv-0.32.0/options/m_option.c:3380:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char sep[2] = {OPTION_LIST_SEPARATOR, 0}; data/mpv-0.32.0/options/m_option.h:147:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *aliases[5][2]; data/mpv-0.32.0/options/m_property.c:82:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char base[128]; data/mpv-0.32.0/options/m_property.c:241:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name0[64]; data/mpv-0.32.0/options/m_property.c:252:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*s + *len, append.start, append.len); data/mpv-0.32.0/options/options.h:224:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *osd_msg[3]; data/mpv-0.32.0/options/options.h:248:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **stream_lang[STREAM_TYPE_COUNT]; data/mpv-0.32.0/options/parse_configfile.c:59:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char loc[512]; data/mpv-0.32.0/options/parse_configfile.c:96:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char term[2] = {line.start[0], 0}; data/mpv-0.32.0/options/parse_configfile.c:162:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(filename, "rb"); data/mpv-0.32.0/options/path.c:106:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *res = (char *)mp_get_platform_path(tmp, global, config_dirs[0]); data/mpv-0.32.0/options/path.c:191:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[80]; data/mpv-0.32.0/osdep/glob-win.c:147:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(path, pattern, dirlen); data/mpv-0.32.0/osdep/io.c:107:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/mpv-0.32.0/osdep/io.c:124:17: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). int count = MultiByteToWideChar(CP_UTF8, 0, s, -1, NULL, 0); data/mpv-0.32.0/osdep/io.c:128:5: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_UTF8, 0, s, -1, ret, count); data/mpv-0.32.0/osdep/io.c:192:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ino, &ii.FileId, sizeof(*ino)); data/mpv-0.32.0/osdep/io.c:558:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char space[MP_PATH_MAX]; data/mpv-0.32.0/osdep/io.c:630:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, t, st + 1); data/mpv-0.32.0/osdep/io.c:802:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char crap[7] = ""; data/mpv-0.32.0/osdep/io.c:804:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t, crap, 6); data/mpv-0.32.0/osdep/io.c:806:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int res = open(template, O_RDWR | O_CREAT | O_EXCL | flags, 0600); data/mpv-0.32.0/osdep/io.h:155:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define open(...) mp_open(__VA_ARGS__) data/mpv-0.32.0/osdep/io.h:157:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define fopen(...) mp_fopen(__VA_ARGS__) data/mpv-0.32.0/osdep/path-unix.c:28:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char mpv_home[512]; data/mpv-0.32.0/osdep/path-unix.c:29:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char old_home[512]; data/mpv-0.32.0/osdep/path-uwp.c:30:9: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t homeDir[_MAX_PATH]; data/mpv-0.32.0/osdep/path-win.c:35:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t w_exedir[MAX_PATH + 1] = {0}; data/mpv-0.32.0/osdep/semaphore_osx.c:55:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/mpv-0.32.0/osdep/subprocess-posix.c:78:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). devnull = open("/dev/null", O_RDONLY | O_CLOEXEC); data/mpv-0.32.0/osdep/subprocess-posix.c:116:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/mpv-0.32.0/osdep/subprocess-win.c:115:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t buf[36]; data/mpv-0.32.0/osdep/subprocess-win.c:226:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/mpv-0.32.0/osdep/terminal-unix.c:158:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char b[BUF_LEN]; data/mpv-0.32.0/osdep/terminal-unix.c:238:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf.b, match->replace, rep); data/mpv-0.32.0/osdep/terminal-unix.c:489:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tty_in = tty_out = open("/dev/tty", O_RDWR | O_CLOEXEC); data/mpv-0.32.0/osdep/terminal-win.c:44:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char ansi2win32[8] = { data/mpv-0.32.0/osdep/terminal-win.c:270:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t console_env[4] = { 0 }; data/mpv-0.32.0/osdep/threads.c:39:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tname[80]; data/mpv-0.32.0/osdep/win32-console-wrapper.c:78:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t exe[MAX_PATH]; data/mpv-0.32.0/osdep/win32-console-wrapper.c:82:5: [2] (buffer) wcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. Risk is low because the source is a constant string. wcscpy(wcsrchr(exe, '.') + 1, L"exe"); data/mpv-0.32.0/osdep/win32/pthread.c:264:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wname[80]; data/mpv-0.32.0/osdep/win32/pthread.c:265:14: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). int wc = MultiByteToWideChar(CP_UTF8, 0, name, -1, wname, data/mpv-0.32.0/player/audio.c:253:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch[128]; data/mpv-0.32.0/player/audio.c:411:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[192]; data/mpv-0.32.0/player/client.c:109:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAX_CLIENT_NAME]; data/mpv-0.32.0/player/client.c:246:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nname[MAX_CLIENT_NAME]; data/mpv-0.32.0/player/client.c:951:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, &src->u, type->type->size); data/mpv-0.32.0/player/client.c:982:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp.u, data, type->type->size); data/mpv-0.32.0/player/client.c:1241:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp.u, req->data, type->type->size); data/mpv-0.32.0/player/client.c:1403:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prop->data, &xdata, type->type->size); data/mpv-0.32.0/player/client.c:1642:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&prop->value, &val, type->type->size); data/mpv-0.32.0/player/command.c:1525:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outstr[6]; data/mpv-0.32.0/player/command.c:2499:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[20]; data/mpv-0.32.0/player/command.c:3127:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&def, def_ptr, opt->type->size); data/mpv-0.32.0/player/command.c:3826:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *const filter_opt[STREAM_TYPE_COUNT] = { data/mpv-0.32.0/player/command.c:3867:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char optname[20]; data/mpv-0.32.0/player/command.c:4047:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(file, O_RDONLY | O_BINARY | O_CLOEXEC); data/mpv-0.32.0/player/command.c:5323:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char space[MAX_CLIENT_NAME]; data/mpv-0.32.0/player/command.c:5329:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state[3] = {'p', incmd->is_mouse_button ? 'm' : '-'}; data/mpv-0.32.0/player/command.c:5999:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->properties, mp_properties_base, sizeof(mp_properties_base)); data/mpv-0.32.0/player/configfiles.c:105:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cfg[512]; data/mpv-0.32.0/player/configfiles.c:139:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t[512]; data/mpv-0.32.0/player/configfiles.c:304:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char write_name[1024] = {0}; data/mpv-0.32.0/player/configfiles.c:315:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *file = fopen(conffile, "wb"); data/mpv-0.32.0/player/configfiles.c:347:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *file = fopen(conffile, "wb"); data/mpv-0.32.0/player/configfiles.c:407:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[4096]; data/mpv-0.32.0/player/javascript.c:330:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(filename, "rb"); data/mpv-0.32.0/player/javascript.c:579:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *argv[MP_CMD_MAX_ARGS + 1]; data/mpv-0.32.0/player/javascript.c:918:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(fname, "wb"); data/mpv-0.32.0/player/loadfile.c:260:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[2048] = {0}; data/mpv-0.32.0/player/loadfile.c:313:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[128] = {0}; data/mpv-0.32.0/player/loadfile.c:1261:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[32]; data/mpv-0.32.0/player/lua.c:210:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dispname[80]; data/mpv-0.32.0/player/lua.c:231:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80]; data/mpv-0.32.0/player/lua.c:630:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *args[50]; data/mpv-0.32.0/player/main.c:323:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mpctx->opts->verbose = atoi(verbose_env); data/mpv-0.32.0/player/misc.c:249:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *dest = fopen(opts->stream_dump, "wb"); data/mpv-0.32.0/player/osd.c:74:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *parts[3] = {0}; data/mpv-0.32.0/player/osd.c:202:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lavcbuf[80]; data/mpv-0.32.0/player/osd.c:427:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sym[10]; data/mpv-0.32.0/player/screenshot.c:233:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[80]; data/mpv-0.32.0/player/scripting.c:90:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[90]; data/mpv-0.32.0/player/video.c:1090:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extra[20] = {0}; data/mpv-0.32.0/player/video.c:1096:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sfmt[20] = {0}; data/mpv-0.32.0/stream/cookies.c:62:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static int parse_line(char **ptr, char *cols[7]) data/mpv-0.32.0/stream/cookies.c:62:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static int parse_line(char **ptr, char *cols[7]) data/mpv-0.32.0/stream/cookies.c:88:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_RDONLY | O_CLOEXEC); data/mpv-0.32.0/stream/cookies.c:142:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *cols[7]; data/mpv-0.32.0/stream/dvb_tune.c:178:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char frontend_dev[PATH_MAX], dvr_dev[PATH_MAX], demux_dev[PATH_MAX]; data/mpv-0.32.0/stream/dvb_tune.c:185:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). state->fe_fd = open(frontend_dev, O_RDWR | O_NONBLOCK | O_CLOEXEC); data/mpv-0.32.0/stream/dvb_tune.c:194:31: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). state->demux_fds[i] = open(demux_dev, O_RDWR | O_NONBLOCK | O_CLOEXEC); data/mpv-0.32.0/stream/dvb_tune.c:205:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). state->dvr_fd = open(dvr_dev, O_RDONLY | O_NONBLOCK | O_CLOEXEC); data/mpv-0.32.0/stream/dvb_tune.c:218:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char demux_dev[PATH_MAX]; data/mpv-0.32.0/stream/dvb_tune.c:233:35: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). state->demux_fds[i] = open(demux_dev, data/mpv-0.32.0/stream/dvb_tune.c:282:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char demux_dev[PATH_MAX]; data/mpv-0.32.0/stream/dvb_tune.c:295:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((pat_fd = open(demux_dev, O_RDWR)) < 0) { data/mpv-0.32.0/stream/dvb_tune.c:308:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buft[4096]; data/mpv-0.32.0/stream/stream.c:248:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, &s->buffer[pos], copy); data/mpv-0.32.0/stream/stream.c:255:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)dst + copied, &s->buffer[pos & s->buffer_mask], len); data/mpv-0.32.0/stream/stream.c:377:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). r = (sinfo->open)(s); data/mpv-0.32.0/stream/stream.c:749:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *const bom[3] = {"\xEF\xBB\xBF", "\xFF\xFE", "\xFE\xFF"}; data/mpv-0.32.0/stream/stream.c:754:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4]; data/mpv-0.32.0/stream/stream.h:87:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[50]; data/mpv-0.32.0/stream/stream.h:107:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int (*open)(struct stream *st); data/mpv-0.32.0/stream/stream_bluray.c:530:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *temp = fopen(path, "rb"); data/mpv-0.32.0/stream/stream_bluray.c:534:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[50] = {0}; data/mpv-0.32.0/stream/stream_cdda.c:174:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, buf, CDIO_CD_FRAMESIZE_RAW); data/mpv-0.32.0/stream/stream_dvb.c:263:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[CHANNEL_LINE_LEN], *colon; data/mpv-0.32.0/stream/stream_dvb.c:271:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_lcr[256], tmp_hier[256], inv[256], bw[256], cr[256], mod[256], data/mpv-0.32.0/stream/stream_dvb.c:287:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen(filename, "r")) == NULL) { data/mpv-0.32.0/stream/stream_dvb.c:704:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(list->channels[list->NUM_CHANNELS]), ptr, sizeof(dvb_channel_t)); data/mpv-0.32.0/stream/stream_dvb.c:785:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/mpv-0.32.0/stream/stream_dvb.c:1156:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX], *conf_file; data/mpv-0.32.0/stream/stream_dvb.c:1175:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(filename, O_RDONLY | O_NONBLOCK | O_CLOEXEC); data/mpv-0.32.0/stream/stream_dvb.c:1259:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&state->adapters[state->adapters_count].delsys_mask, data/mpv-0.32.0/stream/stream_dvdnav.c:101:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[28]; data/mpv-0.32.0/stream/stream_dvdnav.c:102:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cmd[12]; data/mpv-0.32.0/stream/stream_dvdnav.c:153:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(device, O_RDWR | O_NONBLOCK | O_CLOEXEC); data/mpv-0.32.0/stream/stream_dvdnav.c:174:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *temp = fopen(path, "rb"); data/mpv-0.32.0/stream/stream_dvdnav.c:180:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[50]; data/mpv-0.32.0/stream/stream_dvdnav.c:333:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(priv->spu_clut, buf, 16 * sizeof(uint32_t)); data/mpv-0.32.0/stream/stream_file.c:291:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). p->fd = open(filename, m | O_BINARY, openmode); data/mpv-0.32.0/stream/stream_lavf.c:229:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80]; data/mpv-0.32.0/stream/stream_libarchive.c:410:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/mpv-0.32.0/stream/stream_libarchive.c:509:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/mpv-0.32.0/stream/stream_libarchive.h:16:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/mpv-0.32.0/stream/stream_memory.c:32:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, data.start + s->pos, len); data/mpv-0.32.0/sub/lavc_conv.c:194:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pkt->data, text, text_len); data/mpv-0.32.0/sub/lavc_conv.c:204:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, id, id_len); data/mpv-0.32.0/sub/lavc_conv.c:215:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, settings, settings_len); data/mpv-0.32.0/sub/osd.c:223:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(osd_obj->progbar_state.stops, s->stops, data/mpv-0.32.0/sub/sd_ass.c:49:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_text[500]; data/mpv-0.32.0/sub/sd_ass.c:483:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->bs, res->parts, sizeof(ctx->bs[0]) * res->num_parts); data/mpv-0.32.0/sub/sd_lavc.c:258:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pal, data[1], r->nb_colors * 4); data/mpv-0.32.0/sub/sd_lavc.c:314:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char page[4]; data/mpv-0.32.0/ta/ta.c:54:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char align_min[(sizeof(struct ta_header) + MIN_ALIGN - 1) & ~(MIN_ALIGN - 1)]; data/mpv-0.32.0/ta/ta.c:376:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[30] = {0}; data/mpv-0.32.0/ta/ta_utils.c:87:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res, ptr, size); data/mpv-0.32.0/ta/ta_utils.c:113:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*str + at, append, append_len); data/mpv-0.32.0/test/tests.c:104:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(path, "wb"); data/mpv-0.32.0/video/decode/vd_lavc.c:150:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/mpv-0.32.0/video/decode/vd_lavc.c:151:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char method_name[24]; // non-unique name describing the hwdec method data/mpv-0.32.0/video/filter/vf_vapoursynth.c:497:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[180]; data/mpv-0.32.0/video/image_loader.c:27:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pkt->data, buffer, buffer_size); data/mpv-0.32.0/video/image_writer.c:409:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(filename, "wb"); data/mpv-0.32.0/video/mp_image.c:465:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, srcStride * (height - 1) + bytesPerLine); data/mpv-0.32.0/video/mp_image.c:468:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, bytesPerLine); data/mpv-0.32.0/video/mp_image.c:487:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->planes[1], src->planes[1], AVPALETTE_SIZE); data/mpv-0.32.0/video/mp_image.c:526:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->planes[1], src->planes[1], AVPALETTE_SIZE); data/mpv-0.32.0/video/out/d3d11/ra_d3d11.c:720:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cdst + y * params->stride, csrc + y * lock.RowPitch, data/mpv-0.32.0/video/out/d3d11/ra_d3d11.c:832:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cdata + offset, data, size); data/mpv-0.32.0/video/out/d3d11/ra_d3d11.c:1467:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cdata + offset, data, size); data/mpv-0.32.0/video/out/d3d11/ra_d3d11.c:1475:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char cache_magic[4] = "RD11"; data/mpv-0.32.0/video/out/d3d11/ra_d3d11.c:1479:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[sizeof(cache_magic)]; data/mpv-0.32.0/video/out/d3d11/ra_d3d11.c:1481:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char compiler[SPIRV_NAME_MAX_LEN]; data/mpv-0.32.0/video/out/drm_common.c:136:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ret[MAX_CONNECTOR_NAME_LEN]) data/mpv-0.32.0/video/out/drm_common.c:155:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char other_connector_name[MAX_CONNECTOR_NAME_LEN]; data/mpv-0.32.0/video/out/drm_common.c:495:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char card_path[128]; data/mpv-0.32.0/video/out/drm_common.c:497:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return open(card_path, O_RDWR | O_CLOEXEC); data/mpv-0.32.0/video/out/drm_common.c:511:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *card_no = atoi(connector_spec); data/mpv-0.32.0/video/out/drm_common.c:682:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char other_connector_name[MAX_CONNECTOR_NAME_LEN]; data/mpv-0.32.0/video/out/drm_common.c:703:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char other_connector_name[MAX_CONNECTOR_NAME_LEN]; data/mpv-0.32.0/video/out/drm_common.c:808:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s->tty_fd = open("/dev/tty", O_RDWR | O_CLOEXEC); data/mpv-0.32.0/video/out/gpu/lcms.c:73:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[20]; data/mpv-0.32.0/video/out/gpu/lcms.c:418:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output, cachedata.start, cachedata.len); data/mpv-0.32.0/video/out/gpu/lcms.c:469:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *out = fopen(cache_file, "wb"); data/mpv-0.32.0/video/out/gpu/osd.c:202:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(osd->subparts, imgs->parts, data/mpv-0.32.0/video/out/gpu/ra.c:347:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cl[40] = ""; data/mpv-0.32.0/video/out/gpu/ra.c:370:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pl[80] = ""; data/mpv-0.32.0/video/out/gpu/ra.c:371:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pf[80] = ""; data/mpv-0.32.0/video/out/gpu/ra.c:377:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t[5] = {0}; data/mpv-0.32.0/video/out/gpu/shader_cache.c:383:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void gl_sc_uniform_vec2(struct gl_shader_cache *sc, char *name, float f[2]) data/mpv-0.32.0/video/out/gpu/shader_cache.c:394:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void gl_sc_uniform_vec3(struct gl_shader_cache *sc, char *name, float f[3]) data/mpv-0.32.0/video/out/gpu/shader_cache.c:495:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)dst, (void *)src, src_layout.stride); data/mpv-0.32.0/video/out/gpu/shader_cache.c:571:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hashstr[256 / 8 * 2 + 1]; data/mpv-0.32.0/video/out/gpu/shader_cache.c:628:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *out = fopen(cache_filename, "wb"); data/mpv-0.32.0/video/out/gpu/shader_cache.c:800:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char loc[32] = {0}; data/mpv-0.32.0/video/out/gpu/shader_cache.h:40:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void gl_sc_uniform_vec2(struct gl_shader_cache *sc, char *name, float f[2]); data/mpv-0.32.0/video/out/gpu/shader_cache.h:41:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void gl_sc_uniform_vec3(struct gl_shader_cache *sc, char *name, float f[3]); data/mpv-0.32.0/video/out/gpu/spirv.h:16:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[SPIRV_NAME_MAX_LEN]; data/mpv-0.32.0/video/out/gpu/video.c:123:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *hook_tex[SHADER_MAX_HOOKS]; data/mpv-0.32.0/video/out/gpu/video.c:124:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *bind_tex[SHADER_MAX_BINDS]; data/mpv-0.32.0/video/out/gpu/video.c:190:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char color_swizzle[5]; data/mpv-0.32.0/video/out/gpu/video.c:879:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. gl_sc_enable_extension(p->sc, (char *)exts[n]); data/mpv-0.32.0/video/out/gpu/video.c:1327:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src[5] = {0}; data/mpv-0.32.0/video/out/gpu/video.c:1328:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst[5] = {0}; data/mpv-0.32.0/video/out/gpu/video.c:1373:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char crap[5] = ""; data/mpv-0.32.0/video/out/gpu/video.c:4046:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[20] = {0}; data/mpv-0.32.0/video/out/gpu/video.c:4076:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[20] = {0}; data/mpv-0.32.0/video/out/gpu/video.c:4099:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[20] = {0}; data/mpv-0.32.0/video/out/opengl/context_drm_egl.c:829:35: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). p->drm_params.render_fd = open(rendernode_path, O_RDWR | O_CLOEXEC); data/mpv-0.32.0/video/out/vo.h:159:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *desc[VO_PASS_PERF_MAX]; data/mpv-0.32.0/video/out/vo_vdpau.c:416:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char data[4] = {0}; data/mpv-0.32.0/video/out/w32_common.c:282:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t buf[10]; data/mpv-0.32.0/video/out/w32_common.c:300:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t buf[10] = { 0 }; data/mpv-0.32.0/video/out/w32_common.c:509:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wname[MAX_PATH + 1]; data/mpv-0.32.0/video/out/wayland_common.c:522:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[128]; data/mpv-0.32.0/video/out/x11_common.c:211:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, ptr, dst_size); data/mpv-0.32.0/video/out/x11_common.c:219:57: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void x11_send_ewmh_msg(struct vo_x11_state *x11, char *message_type, data/mpv-0.32.0/video/out/x11_common.c:297:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[60]; data/mpv-0.32.0/video/out/x11_common.c:1131:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/mpv-0.32.0/video/out/x11_common.c:1929:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prop[80]; data/mpv-0.32.0/video/out/x11_common.c:2087:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[50]; data/mpv-0.32.0/video/out/x11_common.c:2088:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "_NET_WM_CM_S%d", x11->screen); data/mpv-0.32.0/video/vaapi.c:222:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int drm_fd = open(path, O_RDWR); data/mpv-0.32.0/video/zimg.c:241:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a, b, size); data/mpv-0.32.0/video/zimg.c:243:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b, a, size); data/mpv-0.32.0/video/zimg.c:399:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a, b, size); data/mpv-0.32.0/video/zimg.c:401:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b, a, size); data/mpv-0.32.0/video/zimg.c:790:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[128] = {0}; data/mpv-0.32.0/waftools/fragments/iconv.c:7:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inbuffer[INBUFSIZE]; data/mpv-0.32.0/waftools/fragments/iconv.c:8:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outbuffer[OUTBUFSIZE]; data/mpv-0.32.0/audio/out/ao.c:316:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (ao_num && strlen(ao_list[ao_num - 1].name) == 0) { data/mpv-0.32.0/audio/out/ao_alsa.c:583:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(device); data/mpv-0.32.0/audio/out/ao_alsa.c:1211:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l = strlen(crap[i]); data/mpv-0.32.0/audio/out/ao_wasapi_utils.c:703:34: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (wcslen(deviceID) + 1) * sizeof(wchar_t)); data/mpv-0.32.0/audio/out/ao_wasapi_utils.c:826:27: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (wcslen(d->deviceID) + 1) * sizeof(wchar_t)); data/mpv-0.32.0/common/av_log.c:138:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). log_print_prefix = fmt[strlen(fmt) - 1] == '\n'; data/mpv-0.32.0/common/av_log.c:221:13: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return !mismatch; data/mpv-0.32.0/common/encode_lavc.c:952:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(p->encoder->stats_out)); data/mpv-0.32.0/common/msg.c:235:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t prefix_len = strlen(prefix); data/mpv-0.32.0/common/msg.c:399:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int size = strlen(text) + 1; data/mpv-0.32.0/common/tags.c:115:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t keylen = strlen(key); data/mpv-0.32.0/demux/cache.c:174:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t res = read(cache->fd, ptr, len); data/mpv-0.32.0/demux/demux_disc.c:116:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sh->codec->extradata_size = strlen(s); data/mpv-0.32.0/demux/demux_edl.c:464:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (len != strlen(HEADER) || memcmp(header, HEADER, len) != 0) data/mpv-0.32.0/demux/demux_lavf.c:282:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (len == strlen(name) && !memcmp(avifname, name, len)) data/mpv-0.32.0/demux/demux_lavf.c:401:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(prefixes[n]); data/mpv-0.32.0/demux/demux_mf.c:124:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *fname = talloc_size(mf, strlen(filename) + 32); data/mpv-0.32.0/demux/demux_mf.c:130:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(fname, "*"); data/mpv-0.32.0/demux/demux_mkv.c:1696:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(track->codec_id) >= 12) data/mpv-0.32.0/demux/demux_mkv_timeline.c:93:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int offset = strlen(filename) - strlen(suffix); data/mpv-0.32.0/demux/demux_mkv_timeline.c:93:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int offset = strlen(filename) - strlen(suffix); data/mpv-0.32.0/demux/demux_playlist.c:119:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int l = read_characters(s, &mem[read], max - read - 1, utf16); data/mpv-0.32.0/demux/demux_playlist.c:120:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (l < 0 || memchr(&mem[read], '\0', l)) { data/mpv-0.32.0/demux/demux_playlist.c:125:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (l == 0 || (read > 0 && mem[read - 1] == '\n')) data/mpv-0.32.0/demux/demux_playlist.c:128:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). mem[read] = '\0'; data/mpv-0.32.0/demux/demux_playlist.c:138:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(res); data/mpv-0.32.0/demux/demux_playlist.c:318:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(path) >= 8192 || num_dir_stack == MAX_DIR_STACK) data/mpv-0.32.0/input/ipc-unix.c:70:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t count = strlen(buf); data/mpv-0.32.0/input/ipc-unix.c:170:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t bytes = read(arg->client_fd, buf, sizeof(buf)); data/mpv-0.32.0/input/ipc-unix.c:321:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t path_len = strlen(arg->path); data/mpv-0.32.0/input/ipc-unix.c:328:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ipc_un.sun_path, arg->path, sizeof(ipc_un.sun_path) - 1); data/mpv-0.32.0/input/ipc-win.c:174:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((error = async_write(arg->client_h, buf, strlen(buf), &arg->write_ol))) data/mpv-0.32.0/misc/bstr.h:61:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (struct bstr){(unsigned char *)s, s ? strlen(s) : 0}; data/mpv-0.32.0/misc/thread_tools.c:174:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int r = read(c->wakeup_pipe[0], &(char[256]){0}, 256); data/mpv-0.32.0/options/m_option.c:1161:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = v ? strlen(v) : 0; data/mpv-0.32.0/options/m_option.c:3489:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(param, NAMECH) == strlen(param)) { data/mpv-0.32.0/options/m_option.c:3493:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *res = talloc_asprintf_append(*res, "%%%zd%%%s", strlen(param), param); data/mpv-0.32.0/options/m_option.h:351:12: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. bool (*equal)(const m_option_t *opt, void *a, void *b); data/mpv-0.32.0/options/m_option.h:562:31: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (a == b || !opt->type->equal) data/mpv-0.32.0/options/m_option.h:564:23: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return opt->type->equal(opt, a, b); data/mpv-0.32.0/options/m_property.c:596:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char *key_end = ka->key + strlen(ka->key); data/mpv-0.32.0/options/path.c:241:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(path); data/mpv-0.32.0/osdep/glob-win.c:33:19: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = (wcslen(wcs) + 1) * sizeof(wchar_t); data/mpv-0.32.0/osdep/io.c:108:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (void)read(pipe_end, buf, sizeof(buf)); data/mpv-0.32.0/osdep/io.c:588:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpdir->dirent.d_namlen = strlen(mpdir->dirent.d_name); data/mpv-0.32.0/osdep/io.c:624:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t st = strlen(t); data/mpv-0.32.0/osdep/io.c:657:22: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = wcslen(wenv); data/mpv-0.32.0/osdep/io.c:677:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t l = strlen(name); data/mpv-0.32.0/osdep/io.c:791:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(template); data/mpv-0.32.0/osdep/semaphore_osx.c:56:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t s = read(sem->wakeup_pipe[0], buf, sizeof(buf)); data/mpv-0.32.0/osdep/subprocess-posix.c:117:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t r = read(*read_fds[n], buf, sizeof(buf)); data/mpv-0.32.0/osdep/subprocess-win.c:108:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static int create_overlapped_pipe(HANDLE *read, HANDLE *write) data/mpv-0.32.0/osdep/subprocess-win.c:132:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). CloseHandle(*read); data/mpv-0.32.0/osdep/subprocess-win.c:223:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). HANDLE read; data/mpv-0.32.0/osdep/subprocess-win.c:240:46: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (create_overlapped_pipe(&pipes[i].read, &pipes[i].write)) data/mpv-0.32.0/osdep/subprocess-win.c:297:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (async_read(pipes[i].read, pipes[i].buf, 4096, &pipes[i].ol)) { data/mpv-0.32.0/osdep/subprocess-win.c:298:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). CloseHandle(pipes[i].read); data/mpv-0.32.0/osdep/subprocess-win.c:305:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (pipes[0].read || pipes[1].read || pi.hProcess) { data/mpv-0.32.0/osdep/subprocess-win.c:305:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (pipes[0].read || pipes[1].read || pi.hProcess) { data/mpv-0.32.0/osdep/subprocess-win.c:311:47: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!GetOverlappedResult(pipes[i].read, &pipes[i].ol, &r, TRUE)) { data/mpv-0.32.0/osdep/subprocess-win.c:312:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). CloseHandle(pipes[i].read); data/mpv-0.32.0/osdep/subprocess-win.c:320:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (async_read(pipes[i].read, pipes[i].buf, 4096, &pipes[i].ol)) { data/mpv-0.32.0/osdep/subprocess-win.c:321:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). CloseHandle(pipes[i].read); data/mpv-0.32.0/osdep/subprocess-win.c:348:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (pipes[i].read) { data/mpv-0.32.0/osdep/subprocess-win.c:350:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). CancelIo(pipes[i].read); data/mpv-0.32.0/osdep/subprocess-win.c:351:42: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). GetOverlappedResult(pipes[i].read, &pipes[i].ol, &r, TRUE); data/mpv-0.32.0/osdep/subprocess-win.c:352:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). CloseHandle(pipes[i].read); data/mpv-0.32.0/osdep/terminal-unix.c:176:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int retval = read(tty_in, &buf.b[buf.len], BUF_LEN - buf.len); data/mpv-0.32.0/osdep/terminal-unix.c:203:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (memcmp(e->seq, buf.b, MPMIN(buf.len, strlen(e->seq))) == 0) { data/mpv-0.32.0/osdep/terminal-unix.c:231:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int seq_len = strlen(match->seq); data/mpv-0.32.0/osdep/terminal-unix.c:236:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int rep = strlen(match->replace); data/mpv-0.32.0/osdep/terminal-unix.c:266:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void)write(tty_out, cmd, strlen(cmd)); data/mpv-0.32.0/osdep/terminal-unix.c:404:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool quit = read(death_pipe[0], &c, 1) == 1 && c == 1; data/mpv-0.32.0/osdep/terminal-win.c:170:22: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t out_len = wcslen(out); data/mpv-0.32.0/player/command.c:362:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)(tail ? tail - head : strlen(head)), head); data/mpv-0.32.0/player/command.c:1308:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(rem)) { data/mpv-0.32.0/player/command.c:3539:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return end ? end - p : strlen(p) + 1; data/mpv-0.32.0/player/configfiles.c:205:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). av_md5_sum(md5, realpath, strlen(realpath)); data/mpv-0.32.0/player/configfiles.c:374:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(file, "%s=%%%d%%%s\n", pname, (int)strlen(val), val); data/mpv-0.32.0/player/configfiles.c:408:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!mp_is_url(bstr0(path)) && strlen(path) < sizeof(tmp)) { data/mpv-0.32.0/player/configfiles.c:412:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (dir.len == strlen(tmp) || !dir.len || bstr_equals0(dir, ".")) data/mpv-0.32.0/player/configfiles.c:416:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tmp) >= 2) // keep "/" data/mpv-0.32.0/player/external_files.c:230:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(s); data/mpv-0.32.0/player/external_files.c:231:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t elen = strlen(end); data/mpv-0.32.0/player/external_files.c:245:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (prev && strncmp(prev, fname, strlen(fname) - 4) == 0) data/mpv-0.32.0/player/javascript.c:326:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). js_pushlstring(J, builtin, MPMIN(limit, strlen(builtin))); data/mpv-0.32.0/player/javascript.c:914:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fname += strlen(prefix); data/mpv-0.32.0/player/javascript.c:923:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(data); // limited by terminating null data/mpv-0.32.0/player/lua.c:215:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (luaL_loadbuffer(L, script, strlen(script), dispname)) data/mpv-0.32.0/player/misc.c:290:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bstr_strip(bstr0(e->filename)).len != strlen(e->filename)) data/mpv-0.32.0/player/misc.c:293:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). edl = talloc_asprintf_append_buffer(edl, "%%%zd%%", strlen(e->filename)); data/mpv-0.32.0/player/osd.c:126:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(mpctx->term_osd_status) > w && !strchr(mpctx->term_osd_status, '\n')) data/mpv-0.32.0/player/screenshot.c:71:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = s + strlen(s); data/mpv-0.32.0/stream/cookies.c:113:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, buffer, *length) != *length) { data/mpv-0.32.0/stream/dvb_tune.c:316:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(pat_fd, bufptr, data/mpv-0.32.0/stream/dvb_tune.c:318:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes_read = read(pat_fd, bufptr, sizeof(buft)); data/mpv-0.32.0/stream/dvb_tune.c:390:9: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(10000); data/mpv-0.32.0/stream/dvb_tune.c:434:5: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(15 * 1000); data/mpv-0.32.0/stream/dvb_tune.c:437:5: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(cmd->wait * 1000); data/mpv-0.32.0/stream/dvb_tune.c:438:5: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(15 * 1000); data/mpv-0.32.0/stream/dvb_tune.c:441:5: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(15 * 1000); data/mpv-0.32.0/stream/dvb_tune.c:444:5: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(100000); data/mpv-0.32.0/stream/stream.c:137:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (int len = strlen(url), i = 0, o = 0; i <= len;) { data/mpv-0.32.0/stream/stream.c:174:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *rv = talloc_size(talloc_ctx, strlen(url) * 3 + 1); data/mpv-0.32.0/stream/stream.c:197:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l = strlen(proto); data/mpv-0.32.0/stream/stream.c:349:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(url) > INT_MAX / 8) { data/mpv-0.32.0/stream/stream.c:526:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read = MPMIN(read, buf_alloc - pos); data/mpv-0.32.0/stream/stream.c:531:55: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read = stream_read_unbuffered(s, &s->buffer[pos], read); data/mpv-0.32.0/stream/stream.c:533:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s->buf_end += read; data/mpv-0.32.0/stream/stream.c:557:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return !!read; data/mpv-0.32.0/stream/stream.c:591:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read <= 0) data/mpv-0.32.0/stream/stream.c:593:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). mem = (char *)mem + read; data/mpv-0.32.0/stream/stream.c:594:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len -= read; data/mpv-0.32.0/stream/stream.c:759:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stream_seek_skip(s, stream_tell(s) + strlen(bom[n])); data/mpv-0.32.0/stream/stream_bluray.c:549:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(path); data/mpv-0.32.0/stream/stream_bluray.c:594:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(priv->cfg_device) <= 1) data/mpv-0.32.0/stream/stream_dvb.c:307:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((line[0] == '#') || (strlen(line) == 0)) data/mpv-0.32.0/stream/stream_dvb.c:357:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (num_chars == strlen(&line[k])) { data/mpv-0.32.0/stream/stream_dvb.c:417:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (valid_digits == strlen(vdr_loc_str)) { data/mpv-0.32.0/stream/stream_dvb.c:508:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(ptr->name) == 0) data/mpv-0.32.0/stream/stream_dvb.c:752:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rk = read(fd, (char *)buffer + pos, (size - pos)); data/mpv-0.32.0/stream/stream_dvb.c:1126:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (priv->opts->cfg_prog != NULL && strlen(priv->opts->cfg_prog) > 0) { data/mpv-0.32.0/stream/stream_dvdnav.c:182:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(sig) <= sizeof(data)); data/mpv-0.32.0/stream/stream_dvdnav.c:185:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (memcmp(data, sig, strlen(sig)) == 0) data/mpv-0.32.0/stream/stream_file.c:101:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int r = read(p->fd, buffer, max_len); data/mpv-0.32.0/stream/stream_file.c:153:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(filename, filename + 1, strlen(filename)); // including \0 data/mpv-0.32.0/stream/stream_lavf.c:220:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(cust_headers)) data/mpv-0.32.0/stream/stream_lavf.c:275:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(filename, prefix[i], strlen(prefix[i]))) data/mpv-0.32.0/stream/stream_lavf.c:276:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). filename += strlen(prefix[i]); data/mpv-0.32.0/stream/stream_libarchive.c:267:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). struct bstr base = bstr_splice(primary_url, 0, -(int)strlen(pattern->match)); data/mpv-0.32.0/stream/stream_smb.c:45:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(workgroup, "LAN", wgmaxlen - 1); data/mpv-0.32.0/sub/filter_sdh.c:360:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). init_buf(buf, strlen(ass) + 1); // with room for terminating '\0' data/mpv-0.32.0/sub/sd_ass.c:107:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *ext = strlen(f->name) > 4 ? f->name + strlen(f->name) - 4 : ""; data/mpv-0.32.0/sub/sd_ass.c:107:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *ext = strlen(f->name) > 4 ? f->name + strlen(f->name) - 4 : ""; data/mpv-0.32.0/sub/sd_ass.c:165:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). extradata_size = extradata ? strlen(extradata) : 0; data/mpv-0.32.0/sub/sd_ass.c:254:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ass_process_chunk(track, ass_line, strlen(ass_line), data/mpv-0.32.0/sub/sd_ass.c:275:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ass_len = ass_line ? strlen(ass_line) : 0; data/mpv-0.32.0/ta/ta_utils.c:127:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return ta_strndup(ta_parent, str, str ? strlen(str) : 0); data/mpv-0.32.0/ta/ta_utils.c:154:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strndup_append_at(str, *str ? strlen(*str) : 0, a, (size_t)-1); data/mpv-0.32.0/ta/ta_utils.c:173:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strndup_append_at(str, *str ? strlen(*str) : 0, a, n); data/mpv-0.32.0/ta/ta_utils.c:255:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return ta_vasprintf_append_at(str, *str ? strlen(*str) : 0, fmt, ap); data/mpv-0.32.0/video/img_format.c:95:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(buf); data/mpv-0.32.0/video/out/d3d11/ra_d3d11.c:1345:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hr = p->D3DCompile(hlsl, strlen(hlsl), NULL, NULL, NULL, "main", data/mpv-0.32.0/video/out/d3d11/ra_d3d11.c:1573:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(header.magic, cache_magic, sizeof(header.magic)); data/mpv-0.32.0/video/out/d3d11/ra_d3d11.c:1574:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(header.compiler, spirv->name, sizeof(header.compiler)); data/mpv-0.32.0/video/out/drm_common.c:903:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fds[0].fd, &event, sizeof(event)) != sizeof(event)) data/mpv-0.32.0/video/out/gpu/lcms.c:396:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). av_sha_update(sha, cache_info, strlen(cache_info)); data/mpv-0.32.0/video/out/gpu/shader_cache.c:630:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fwrite(cache_header, strlen(cache_header), 1, out); data/mpv-0.32.0/video/out/gpu/spirv.c:60:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ctx->spirv->name, name, sizeof(ctx->spirv->name) - 1); data/mpv-0.32.0/video/out/gpu/spirv_shaderc.c:61:69: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return shaderc_compile_into_spv_assembly(p->compiler, glsl, strlen(glsl), data/mpv-0.32.0/video/out/gpu/spirv_shaderc.c:64:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return shaderc_compile_into_spv(p->compiler, glsl, strlen(glsl), data/mpv-0.32.0/video/out/gpu/utils.c:329:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). next = end = src + strlen(src); data/mpv-0.32.0/video/out/gpu/video.c:1377:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(crap); data/mpv-0.32.0/video/out/opengl/utils.c:270:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(ext); data/mpv-0.32.0/video/out/vo.c:345:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(vo_list[n].name) == 0) data/mpv-0.32.0/video/out/vo_image.c:119:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p->opts->outdir && strlen(p->opts->outdir)) data/mpv-0.32.0/video/out/vo_sdl.c:567:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ev.text.text, strlen(ev.text.text) data/mpv-0.32.0/video/out/wayland_common.c:1407:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((data_read = read(wl->dnd_fd, buffer + offset, chunk_size)) > 0) { data/mpv-0.32.0/video/out/x11_common.c:1340:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). PropModeReplace, t, strlen(t)); data/mpv-0.32.0/waftools/fragments/iconv.c:16:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((numread = read(0, inbuffer, INBUFSIZE))) { ANALYSIS SUMMARY: Hits = 592 Lines analyzed = 173400 in approximately 3.84 seconds (45180 lines/second) Physical Source Lines of Code (SLOC) = 128387 Hits@level = [0] 182 [1] 160 [2] 347 [3] 23 [4] 62 [5] 0 Hits@level+ = [0+] 774 [1+] 592 [2+] 432 [3+] 85 [4+] 62 [5+] 0 Hits/KSLOC@level+ = [0+] 6.02865 [1+] 4.61106 [2+] 3.36483 [3+] 0.662061 [4+] 0.482915 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.