Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/pd-iemlib-1.22.1/alias/any.c Examining data/pd-iemlib-1.22.1/alias/for_pp.c Examining data/pd-iemlib-1.22.1/alias/ii.c Examining data/pd-iemlib-1.22.1/alias/pp.c Examining data/pd-iemlib-1.22.1/alias/tm.c Examining data/pd-iemlib-1.22.1/alias/unsym.c Examining data/pd-iemlib-1.22.1/iem_mp3/src/iem_mp3.c Examining data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c Examining data/pd-iemlib-1.22.1/include/iemlib.h Examining data/pd-iemlib-1.22.1/src/FIR~.c Examining data/pd-iemlib-1.22.1/src/LFO_noise~.c Examining data/pd-iemlib-1.22.1/src/add2_comma.c Examining data/pd-iemlib-1.22.1/src/aspeedlim.c Examining data/pd-iemlib-1.22.1/src/biquad_freq_resp.c Examining data/pd-iemlib-1.22.1/src/bpe.c Examining data/pd-iemlib-1.22.1/src/db2v.c Examining data/pd-iemlib-1.22.1/src/dollarg.c Examining data/pd-iemlib-1.22.1/src/exp_inc.c Examining data/pd-iemlib-1.22.1/src/f2note.c Examining data/pd-iemlib-1.22.1/src/fade~.c Examining data/pd-iemlib-1.22.1/src/filter~.c Examining data/pd-iemlib-1.22.1/src/float24.c Examining data/pd-iemlib-1.22.1/src/for++.c Examining data/pd-iemlib-1.22.1/src/gate.c Examining data/pd-iemlib-1.22.1/src/hml_shelf~.c Examining data/pd-iemlib-1.22.1/src/iem_alisttosym.c Examining data/pd-iemlib-1.22.1/src/iem_anything.c Examining data/pd-iemlib-1.22.1/src/iem_append.c Examining data/pd-iemlib-1.22.1/src/iem_blocksize~.c Examining data/pd-iemlib-1.22.1/src/iem_cot4~.c Examining data/pd-iemlib-1.22.1/src/iem_delay~.c Examining data/pd-iemlib-1.22.1/src/iem_i_route.c Examining data/pd-iemlib-1.22.1/src/iem_pbank_csv.c Examining data/pd-iemlib-1.22.1/src/iem_pow4~.c Examining data/pd-iemlib-1.22.1/src/iem_prepend.c Examining data/pd-iemlib-1.22.1/src/iem_receive.c Examining data/pd-iemlib-1.22.1/src/iem_route.c Examining data/pd-iemlib-1.22.1/src/iem_samplerate~.c Examining data/pd-iemlib-1.22.1/src/iem_sel_any.c Examining data/pd-iemlib-1.22.1/src/iem_send.c Examining data/pd-iemlib-1.22.1/src/iem_sqrt4~.c Examining data/pd-iemlib-1.22.1/src/iem_symtoalist.c Examining data/pd-iemlib-1.22.1/src/iemlib.c Examining data/pd-iemlib-1.22.1/src/init.c Examining data/pd-iemlib-1.22.1/src/list2send.c Examining data/pd-iemlib-1.22.1/src/lp1_t~.c Examining data/pd-iemlib-1.22.1/src/m2f~.c Examining data/pd-iemlib-1.22.1/src/mergefilename.c Examining data/pd-iemlib-1.22.1/src/modulo_counter.c Examining data/pd-iemlib-1.22.1/src/mov_avrg_kern~.c Examining data/pd-iemlib-1.22.1/src/para_bp2~.c Examining data/pd-iemlib-1.22.1/src/parentdollarzero.c Examining data/pd-iemlib-1.22.1/src/peakenv_AR~.c Examining data/pd-iemlib-1.22.1/src/peakenv_hold~.c Examining data/pd-iemlib-1.22.1/src/peakenv~.c Examining data/pd-iemlib-1.22.1/src/post_netreceive.c Examining data/pd-iemlib-1.22.1/src/pre_inlet.c Examining data/pd-iemlib-1.22.1/src/prepend_ascii.c Examining data/pd-iemlib-1.22.1/src/protect_against_open.c Examining data/pd-iemlib-1.22.1/src/prvu~.c Examining data/pd-iemlib-1.22.1/src/pvu~.c Examining data/pd-iemlib-1.22.1/src/receive2list.c Examining data/pd-iemlib-1.22.1/src/round_zero.c Examining data/pd-iemlib-1.22.1/src/rvu~.c Examining data/pd-iemlib-1.22.1/src/sin_freq~.c Examining data/pd-iemlib-1.22.1/src/sin_phase~.c Examining data/pd-iemlib-1.22.1/src/soundfile_info.c Examining data/pd-iemlib-1.22.1/src/sparse_FIR~.c Examining data/pd-iemlib-1.22.1/src/speedlim.c Examining data/pd-iemlib-1.22.1/src/split.c Examining data/pd-iemlib-1.22.1/src/splitfilename.c Examining data/pd-iemlib-1.22.1/src/stripfilename.c Examining data/pd-iemlib-1.22.1/src/t3_bpe.c Examining data/pd-iemlib-1.22.1/src/t3_delay.c Examining data/pd-iemlib-1.22.1/src/t3_line~.c Examining data/pd-iemlib-1.22.1/src/t3_metro.c Examining data/pd-iemlib-1.22.1/src/t3_sig~.c Examining data/pd-iemlib-1.22.1/src/t3_timer.c Examining data/pd-iemlib-1.22.1/src/toggle_mess.c Examining data/pd-iemlib-1.22.1/src/transf_fader.c Examining data/pd-iemlib-1.22.1/src/unsymbol.c Examining data/pd-iemlib-1.22.1/src/v2db.c Examining data/pd-iemlib-1.22.1/src/vcf_filter~.c Examining data/pd-iemlib-1.22.1/src/wrap.c FINAL RESULTS: data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:3392:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(completefilename, str); data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:3398:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(completefilename, str); data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:3402:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(completefilename, canvas_getdir(x->x_canvas)->s_name); data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:3404:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(completefilename, str); data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:3413:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(x->filename, completefilename); data/pd-iemlib-1.22.1/src/float24.c:37:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(str, buf); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:77:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(completefilename, filename->s_name); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:82:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(completefilename, filename->s_name); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:86:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(completefilename, canvas_getdir(x->x_canvas)->s_name); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:88:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(completefilename, filename->s_name); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:397:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(completefilename, filename->s_name); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:402:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(completefilename, filename->s_name); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:406:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(completefilename, canvas_getdir(x->x_canvas)->s_name); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:408:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(completefilename, filename->s_name); data/pd-iemlib-1.22.1/src/mergefilename.c:108:11: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(x->x_mem, av->a_w.w_symbol->s_name); data/pd-iemlib-1.22.1/src/mergefilename.c:124:11: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(x->x_mem, flt_buf); data/pd-iemlib-1.22.1/src/mergefilename.c:149:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(x->x_mem, s->s_name); data/pd-iemlib-1.22.1/src/mergefilename.c:169:11: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(x->x_mem, av->a_w.w_symbol->s_name); data/pd-iemlib-1.22.1/src/mergefilename.c:185:11: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(x->x_mem, flt_buf); data/pd-iemlib-1.22.1/src/protect_against_open.c:87:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str, s_unique->s_name); data/pd-iemlib-1.22.1/src/soundfile_info.c:250:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(completefilename, filename->s_name); data/pd-iemlib-1.22.1/src/soundfile_info.c:255:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(completefilename, filename->s_name); data/pd-iemlib-1.22.1/src/soundfile_info.c:259:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(completefilename, canvas_getdir(x->x_canvas)->s_name); data/pd-iemlib-1.22.1/src/soundfile_info.c:261:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(completefilename, filename->s_name); data/pd-iemlib-1.22.1/src/splitfilename.c:87:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(x->x_mem, s->s_name); data/pd-iemlib-1.22.1/src/stripfilename.c:36:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(x->x_mem, s->s_name); data/pd-iemlib-1.22.1/src/stripfilename.c:53:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(x->x_mem, s->s_name); data/pd-iemlib-1.22.1/src/vcf_filter~.c:325:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(x->x_filtname, c); data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:50:10: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. # define random rand data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:51:10: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. # define srandom srand data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:51:18: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. # define srandom srand data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:175:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bsspace[2][MAXFRAMESIZE+512]; /* MAXFRAMESIZE */ data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:826:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iemmp3_wordpointer+len,mp->tail->pnt+mp->tail->pos,nlen); data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:1135:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nbuf->pnt,buf,size); data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:1640:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iemmp3_wordpointer,bsbufold+iemmp3_gmp->fsizeold-backstep,backstep); data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:1648:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char slen[2][16] = { data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:1754:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char stab[3][6][4] = { data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:3374:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *modes[4] = { "Stereo", "Joint-Stereo", "Dual-Channel", "Single-Channel" }; data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:3375:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *layers[4] = { "Unknown" , "I", "II", "III" }; data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:3376:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char completefilename[400]; data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:3407:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((x->fh = fopen(completefilename, "rb")) == NULL) data/pd-iemlib-1.22.1/include/iemlib.h:177:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). # define iem_open open data/pd-iemlib-1.22.1/include/iemlib.h:179:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). # define iem_fopen fopen data/pd-iemlib-1.22.1/src/f2note.c:132:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[4]; data/pd-iemlib-1.22.1/src/float24.c:29:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1000], buf[100]; data/pd-iemlib-1.22.1/src/float24.c:36:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%g", (float)atom_getfloatarg(i, argc, argv)); data/pd-iemlib-1.22.1/src/iem_alisttosym.c:19:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char x_string[MAXPDSTRING]; data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:63:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char completefilename[MAXPDSTRING], eol[8], sep, mode[IEM_PBANK_MALLOC_SIZE], sfmt[IEM_PBANK_MALLOC_SIZE]; data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:68:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char formattext[100]; data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:70:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mode, "br"); // default: blank-separator, return-eol, return depends on operating system data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:72:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(eol, ";\n"); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:91:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh = fopen(completefilename,"wb"); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:126:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(formattext, "item-separator = BLANK; "); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:131:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(formattext, "item-separator = SEMICOLON; "); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:136:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(formattext, "item-separator = TABULATOR; "); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:143:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(formattext, "end_of_line_terminator = BLANK-RETURN."); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:148:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(formattext, "end_of_line_terminator = SEMICOLON-RETURN."); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:153:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(formattext, "end_of_line_terminator = TABULATOR-RETURN."); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:158:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(formattext, "end_of_line_terminator = RETURN."); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:186:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXPDSTRING+1], *bufp, *ebuf = buf+MAXPDSTRING; data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:291:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). SETDOLLAR(ap, atoi(buf+1)); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:383:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char completefilename[400], eol, sep, mode[4], *txbuf1, *txbuf2, *txvec_src, *txvec_dst; data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:388:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char formattext[100], str_format[8]; data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:390:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mode, "br"); // blank-separator, return-eol data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:411:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh = fopen(completefilename,"rb"); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:443:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(formattext, "item-separator = BLANK; "); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:448:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(formattext, "item-separator = SEMICOLON; "); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:453:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(formattext, "item-separator = TABULATOR; "); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:460:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(formattext, "end_of_line_terminator = BLANK-RETURN."); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:465:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(formattext, "end_of_line_terminator = SEMICOLON-RETURN."); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:470:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(formattext, "end_of_line_terminator = TABULATOR-RETURN."); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:475:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(formattext, "end_of_line_terminator = RETURN."); data/pd-iemlib-1.22.1/src/iem_receive.c:58:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[32]; data/pd-iemlib-1.22.1/src/iem_receive.c:62:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%g", atom_getfloat(av)); data/pd-iemlib-1.22.1/src/iem_receive.c:142:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[100]; data/pd-iemlib-1.22.1/src/iem_receive.c:144:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%g", atom_getfloat(av)); data/pd-iemlib-1.22.1/src/iem_sel_any.c:60:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[100]; data/pd-iemlib-1.22.1/src/iem_sel_any.c:62:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%g", atom_getfloatarg(1, ac, av)); data/pd-iemlib-1.22.1/src/iem_sel_any.c:83:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[100]; data/pd-iemlib-1.22.1/src/iem_sel_any.c:85:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%g", atom_getfloatarg(0, ac, av)); data/pd-iemlib-1.22.1/src/iem_send.c:95:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[32]; data/pd-iemlib-1.22.1/src/iem_send.c:97:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%g", atom_getfloat(av)); data/pd-iemlib-1.22.1/src/iem_send.c:127:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[32]; data/pd-iemlib-1.22.1/src/iem_send.c:129:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%g", atom_getfloat(av)); data/pd-iemlib-1.22.1/src/iem_symtoalist.c:22:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char x_string[MAXPDSTRING]; data/pd-iemlib-1.22.1/src/iem_symtoalist.c:42:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[40]; data/pd-iemlib-1.22.1/src/iem_symtoalist.c:46:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(string, "%g", f); data/pd-iemlib-1.22.1/src/list2send.c:188:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[100]; data/pd-iemlib-1.22.1/src/list2send.c:190:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%g", atom_getfloatarg(1, ac, av)); data/pd-iemlib-1.22.1/src/mergefilename.c:22:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char x_sep[2]; data/pd-iemlib-1.22.1/src/mergefilename.c:23:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char x_mem[MAXPDSTRING]; data/pd-iemlib-1.22.1/src/mergefilename.c:70:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flt_buf[30]; data/pd-iemlib-1.22.1/src/mergefilename.c:73:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(flt_buf, "%g", f); data/pd-iemlib-1.22.1/src/mergefilename.c:84:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flt_buf[30]; data/pd-iemlib-1.22.1/src/mergefilename.c:114:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(flt_buf, "%g", av->a_w.w_float); data/pd-iemlib-1.22.1/src/mergefilename.c:136:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flt_buf[30]; data/pd-iemlib-1.22.1/src/mergefilename.c:175:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(flt_buf, "%g", av->a_w.w_float); data/pd-iemlib-1.22.1/src/pre_inlet.c:70:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[2]; data/pd-iemlib-1.22.1/src/prepend_ascii.c:94:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[2]; data/pd-iemlib-1.22.1/src/protect_against_open.c:83:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[100]; data/pd-iemlib-1.22.1/src/protect_against_open.c:88:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(str, "-quabla"); data/pd-iemlib-1.22.1/src/receive2list.c:77:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[32]; data/pd-iemlib-1.22.1/src/receive2list.c:81:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%g", atom_getfloat(av+1)); data/pd-iemlib-1.22.1/src/soundfile_info.c:245:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char completefilename[MAXPDSTRING]; data/pd-iemlib-1.22.1/src/soundfile_info.c:264:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh = fopen(completefilename,"rb"); data/pd-iemlib-1.22.1/src/splitfilename.c:22:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char x_sep[2]; data/pd-iemlib-1.22.1/src/splitfilename.c:23:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char x_mem[MAXPDSTRING]; data/pd-iemlib-1.22.1/src/stripfilename.c:20:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char x_mem[MAXPDSTRING]; data/pd-iemlib-1.22.1/src/vcf_filter~.c:19:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char x_filtname[6]; data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:3403:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(completefilename, "/"); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:87:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(completefilename, "/"); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:98:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(format->s_name) >= IEM_PBANK_FORMAT_SIZE) data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:407:8: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(completefilename, "/"); data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:418:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(format->s_name) >= IEM_PBANK_FORMAT_SIZE) data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:420:10: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str_format, format->s_name, IEM_PBANK_FORMAT_SIZE); data/pd-iemlib-1.22.1/src/iem_symtoalist.c:30:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int i, n=strlen(string); data/pd-iemlib-1.22.1/src/iem_symtoalist.c:47:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n=strlen(string); data/pd-iemlib-1.22.1/src/mergefilename.c:34:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(name) == 1) data/pd-iemlib-1.22.1/src/mergefilename.c:94:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(x->x_mem, x->x_sep, 2); data/pd-iemlib-1.22.1/src/mergefilename.c:99:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(av->a_w.w_symbol->s_name); data/pd-iemlib-1.22.1/src/mergefilename.c:102:11: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(x->x_mem, av->a_w.w_symbol->s_name, MAXPDSTRING - 2 - accu_size); data/pd-iemlib-1.22.1/src/mergefilename.c:115:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(flt_buf); data/pd-iemlib-1.22.1/src/mergefilename.c:118:11: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(x->x_mem, flt_buf, MAXPDSTRING - 2 - accu_size); data/pd-iemlib-1.22.1/src/mergefilename.c:140:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(s->s_name); data/pd-iemlib-1.22.1/src/mergefilename.c:143:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(x->x_mem, s->s_name, MAXPDSTRING - 2); data/pd-iemlib-1.22.1/src/mergefilename.c:157:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(x->x_mem, x->x_sep, 2); data/pd-iemlib-1.22.1/src/mergefilename.c:160:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(av->a_w.w_symbol->s_name); data/pd-iemlib-1.22.1/src/mergefilename.c:163:11: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(x->x_mem, av->a_w.w_symbol->s_name, MAXPDSTRING - 2 - accu_size); data/pd-iemlib-1.22.1/src/mergefilename.c:176:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(flt_buf); data/pd-iemlib-1.22.1/src/mergefilename.c:179:11: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(x->x_mem, flt_buf, MAXPDSTRING - 2 - accu_size); data/pd-iemlib-1.22.1/src/soundfile_info.c:260:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(completefilename, "/"); data/pd-iemlib-1.22.1/src/splitfilename.c:36:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(name) == 1) data/pd-iemlib-1.22.1/src/splitfilename.c:72:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int length = strlen(s->s_name); data/pd-iemlib-1.22.1/src/splitfilename.c:83:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(x->x_mem, s->s_name, MAXPDSTRING - 2); data/pd-iemlib-1.22.1/src/stripfilename.c:27:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(s->s_name); data/pd-iemlib-1.22.1/src/stripfilename.c:32:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(x->x_mem, s->s_name, MAXPDSTRING - 2); data/pd-iemlib-1.22.1/src/stripfilename.c:44:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(s->s_name); data/pd-iemlib-1.22.1/src/stripfilename.c:49:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(x->x_mem, s->s_name, MAXPDSTRING - 2); ANALYSIS SUMMARY: Hits = 138 Lines analyzed = 18153 in approximately 0.52 seconds (34892 lines/second) Physical Source Lines of Code (SLOC) = 14960 Hits@level = [0] 16 [1] 29 [2] 78 [3] 3 [4] 28 [5] 0 Hits@level+ = [0+] 154 [1+] 138 [2+] 109 [3+] 31 [4+] 28 [5+] 0 Hits/KSLOC@level+ = [0+] 10.2941 [1+] 9.2246 [2+] 7.2861 [3+] 2.07219 [4+] 1.87166 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.