Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pd-lyonpotpourri-2.0+git20121009/MSPd.h
Examining data/pd-lyonpotpourri-2.0+git20121009/PenroseOscil.c
Examining data/pd-lyonpotpourri-2.0+git20121009/PenroseOscil.h
Examining data/pd-lyonpotpourri-2.0+git20121009/PenroseRand.c
Examining data/pd-lyonpotpourri-2.0+git20121009/PenroseRand.h
Examining data/pd-lyonpotpourri-2.0+git20121009/adsr~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/bashfest.h
Examining data/pd-lyonpotpourri-2.0+git20121009/bashfest_helper.c
Examining data/pd-lyonpotpourri-2.0+git20121009/bashfest~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/bloscbank.c
Examining data/pd-lyonpotpourri-2.0+git20121009/bvplay~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/channel~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/chopper~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/clean_selector~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/click2bang~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/click2float~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/clickhold~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/convert.c
Examining data/pd-lyonpotpourri-2.0+git20121009/distortion~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/dmach~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/ellipse.c
Examining data/pd-lyonpotpourri-2.0+git20121009/expflam~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/fft.c
Examining data/pd-lyonpotpourri-2.0+git20121009/fft4.c
Examining data/pd-lyonpotpourri-2.0+git20121009/fftease.h
Examining data/pd-lyonpotpourri-2.0+git20121009/fftease_setup.c
Examining data/pd-lyonpotpourri-2.0+git20121009/flanjah~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/fold.c
Examining data/pd-lyonpotpourri-2.0+git20121009/granola~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/impulse~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/kbuffer~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/killdc~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/leanconvert.c
Examining data/pd-lyonpotpourri-2.0+git20121009/leanunconvert.c
Examining data/pd-lyonpotpourri-2.0+git20121009/magfreq_analysis~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/makewindows.c
Examining data/pd-lyonpotpourri-2.0+git20121009/markov~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/mask~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/oscil~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/overlapadd.c
Examining data/pd-lyonpotpourri-2.0+git20121009/phasemod~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/player~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/power_of_two.c
Examining data/pd-lyonpotpourri-2.0+git20121009/pulser~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/qsortE.c
Examining data/pd-lyonpotpourri-2.0+git20121009/rtrig~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/samm~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/sigseq~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/ugens.h
Examining data/pd-lyonpotpourri-2.0+git20121009/unconvert.c
Examining data/pd-lyonpotpourri-2.0+git20121009/vdb~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/vdp~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/waveshape~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/bashfest_dsp.c
Examining data/pd-lyonpotpourri-2.0+git20121009/buffet~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/function~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/granulesf~.c
Examining data/pd-lyonpotpourri-2.0+git20121009/granule~.c
FINAL RESULTS:
data/pd-lyonpotpourri-2.0+git20121009/bashfest~.c:509:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(x->sound_name, x->wavename->s_name);
data/pd-lyonpotpourri-2.0+git20121009/bashfest~.c:306:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(0));
data/pd-lyonpotpourri-2.0+git20121009/buffet~.c:1142:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(clock());
data/pd-lyonpotpourri-2.0+git20121009/chopper~.c:211:2: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom((long)seed);
data/pd-lyonpotpourri-2.0+git20121009/chopper~.c:214:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((long)seed);
data/pd-lyonpotpourri-2.0+git20121009/chopper~.c:474:4: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(0));
data/pd-lyonpotpourri-2.0+git20121009/chopper~.c:476:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(time(0)); // codewarrior lacks random()/srandom(), only supplies dirtbag rand()
data/pd-lyonpotpourri-2.0+git20121009/granulesf~.c:198:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((long)seed);
data/pd-lyonpotpourri-2.0+git20121009/granulesf~.c:659:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(0)); //need "seed" message
data/pd-lyonpotpourri-2.0+git20121009/granule~.c:513:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(0));
data/pd-lyonpotpourri-2.0+git20121009/rtrig~.c:143:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(0));
data/pd-lyonpotpourri-2.0+git20121009/sigseq~.c:300:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(clock());
data/pd-lyonpotpourri-2.0+git20121009/adsr~.c:100:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(float) Attack / (bang) Trigger");
data/pd-lyonpotpourri-2.0+git20121009/adsr~.c:103:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(float) Decay");
data/pd-lyonpotpourri-2.0+git20121009/adsr~.c:106:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(float) Sustain");
data/pd-lyonpotpourri-2.0+git20121009/adsr~.c:109:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(float) Release");
data/pd-lyonpotpourri-2.0+git20121009/adsr~.c:112:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(float) Gain1");
data/pd-lyonpotpourri-2.0+git20121009/adsr~.c:115:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(float) Gain2");
data/pd-lyonpotpourri-2.0+git20121009/adsr~.c:118:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(float) Tempo");
data/pd-lyonpotpourri-2.0+git20121009/adsr~.c:122:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) ADSR Output");
data/pd-lyonpotpourri-2.0+git20121009/bashfest.h:108:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sound_name[256];
data/pd-lyonpotpourri-2.0+git20121009/bashfest_dsp.c:132:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuf, inbuf, in_frames * channels * sizeof(float) );
data/pd-lyonpotpourri-2.0+git20121009/bashfest_dsp.c:526:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuf, inbuf, in_frames * sizeof(float) );
data/pd-lyonpotpourri-2.0+git20121009/bashfest~.c:1459:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(signal) Click Trigger"); break;
data/pd-lyonpotpourri-2.0+git20121009/bashfest~.c:1464:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(signal) Channel 1 Output"); break;
data/pd-lyonpotpourri-2.0+git20121009/bashfest~.c:1465:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 1: sprintf(dst,"(signal) Channel 2 Output"); break;
data/pd-lyonpotpourri-2.0+git20121009/buffet~.c:658:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b_dest_samples, b_samples + (startframe * b_nchans),
data/pd-lyonpotpourri-2.0+git20121009/buffet~.c:950:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpmem, b_samples, shiftframes * b_nchans * sizeof(float));
data/pd-lyonpotpourri-2.0+git20121009/buffet~.c:962:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b_samples + (b_frames - shiftframes) * b_nchans,tmpmem,
data/pd-lyonpotpourri-2.0+git20121009/buffet~.c:2353:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(messages) Groove Sync Signal Input"); break;
data/pd-lyonpotpourri-2.0+git20121009/buffet~.c:2357:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(bang) Operation Completed"); break;
data/pd-lyonpotpourri-2.0+git20121009/buffet~.c:2358:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 1: sprintf(dst,"(list) Buffer Event Times"); break;
data/pd-lyonpotpourri-2.0+git20121009/buffet~.c:2359:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 2: sprintf(dst,"(float) Buffer Segment RMS Value"); break;
data/pd-lyonpotpourri-2.0+git20121009/bvplay~.c:415:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(list) Note Data [st,dur,incr,amp]"); break;
data/pd-lyonpotpourri-2.0+git20121009/bvplay~.c:418:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Output");
data/pd-lyonpotpourri-2.0+git20121009/channel~.c:84:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0:sprintf(dst,"(signal) Input");break;
data/pd-lyonpotpourri-2.0+git20121009/channel~.c:85:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 1:sprintf(dst,"(int) Channel Number");break;
data/pd-lyonpotpourri-2.0+git20121009/channel~.c:88:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Channel Value");
data/pd-lyonpotpourri-2.0+git20121009/chopper~.c:171:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(bang) Force New Loop ");
data/pd-lyonpotpourri-2.0+git20121009/chopper~.c:174:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(float) Minimum Increment ");
data/pd-lyonpotpourri-2.0+git20121009/chopper~.c:177:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(float) Maximum Increment ");
data/pd-lyonpotpourri-2.0+git20121009/chopper~.c:180:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(float) Minimum Segdur ");
data/pd-lyonpotpourri-2.0+git20121009/chopper~.c:183:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(float) Maximum Segdur ");
data/pd-lyonpotpourri-2.0+git20121009/chopper~.c:186:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(int) Non-Zero Locks Loop ");
data/pd-lyonpotpourri-2.0+git20121009/chopper~.c:191:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Output");
data/pd-lyonpotpourri-2.0+git20121009/clean_selector~.c:84:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal/int) Input 0, Channel Number");
data/pd-lyonpotpourri-2.0+git20121009/clean_selector~.c:86:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Input %ld",arg);
data/pd-lyonpotpourri-2.0+git20121009/clean_selector~.c:90:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Output");
data/pd-lyonpotpourri-2.0+git20121009/click2bang~.c:77:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0:sprintf(dst,"(bang) Trigger click2bang");break;
data/pd-lyonpotpourri-2.0+git20121009/click2bang~.c:80:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(bang) Output");
data/pd-lyonpotpourri-2.0+git20121009/click2float~.c:74:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0:sprintf(dst,"(signal) Click Trigger");break;
data/pd-lyonpotpourri-2.0+git20121009/click2float~.c:77:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(float) Click Value");
data/pd-lyonpotpourri-2.0+git20121009/clickhold~.c:72:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0:sprintf(dst,"(signal) Non-Zero Trigger Value");break;
data/pd-lyonpotpourri-2.0+git20121009/clickhold~.c:75:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Sample and Hold Output");
data/pd-lyonpotpourri-2.0+git20121009/distortion~.c:73:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(signal) Input"); break;
data/pd-lyonpotpourri-2.0+git20121009/distortion~.c:74:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 1: sprintf(dst,"(signal/float) Knee"); break;
data/pd-lyonpotpourri-2.0+git20121009/distortion~.c:75:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 2: sprintf(dst,"(signal/float) Cut"); break;
data/pd-lyonpotpourri-2.0+git20121009/distortion~.c:78:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Output");
data/pd-lyonpotpourri-2.0+git20121009/dmach~.c:739:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)p[pnum].drumlines[slot].attacks,(void *)tmpatks,
data/pd-lyonpotpourri-2.0+git20121009/dmach~.c:1050:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(signal) Sync Click"); break;
data/pd-lyonpotpourri-2.0+git20121009/dmach~.c:1054:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(list) Raw Pattern Data");
data/pd-lyonpotpourri-2.0+git20121009/dmach~.c:1057:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Sync Trigger");
data/pd-lyonpotpourri-2.0+git20121009/dmach~.c:1059:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Trigger %ld",arg/2 + 1);
data/pd-lyonpotpourri-2.0+git20121009/dmach~.c:1061:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Increment %ld",(arg-1)/2 + 1);
data/pd-lyonpotpourri-2.0+git20121009/expflam~.c:109:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(signal) Trigger Click"); break;
data/pd-lyonpotpourri-2.0+git20121009/expflam~.c:110:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 1: sprintf(dst,"(signal) Flam Gate"); break;
data/pd-lyonpotpourri-2.0+git20121009/expflam~.c:113:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Flam Clicks");
data/pd-lyonpotpourri-2.0+git20121009/expflam~.c:216:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *)out_vec, (void *)in_vec, n * sizeof(float) );
data/pd-lyonpotpourri-2.0+git20121009/expflam~.c:220:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *)flamgate_vec, (void *)in2_vec, n * sizeof(float) );// the order of these mcopies matters
data/pd-lyonpotpourri-2.0+git20121009/expflam~.c:221:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *)trigvec, (void *)in_vec, n * sizeof(float) );
data/pd-lyonpotpourri-2.0+git20121009/expflam~.c:222:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *)out_vec, (void *)in_vec, n * sizeof(float) );// copy triggers to output for a start
data/pd-lyonpotpourri-2.0+git20121009/flanjah~.c:324:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal/float) Input ");
data/pd-lyonpotpourri-2.0+git20121009/flanjah~.c:327:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal/float) Feedback");
data/pd-lyonpotpourri-2.0+git20121009/flanjah~.c:330:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal/float) Speed1");
data/pd-lyonpotpourri-2.0+git20121009/flanjah~.c:333:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal/float) Speed2");
data/pd-lyonpotpourri-2.0+git20121009/flanjah~.c:336:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal/float) Delay Depth");
data/pd-lyonpotpourri-2.0+git20121009/flanjah~.c:341:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(signal) Output");break;
data/pd-lyonpotpourri-2.0+git20121009/function~.c:386:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(messages) Groove Sync Signal"); break;
data/pd-lyonpotpourri-2.0+git20121009/function~.c:390:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(signal) No Output"); break;
data/pd-lyonpotpourri-2.0+git20121009/granola~.c:98:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0:sprintf(dst,"(signal) Input");break;
data/pd-lyonpotpourri-2.0+git20121009/granola~.c:99:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 1:sprintf(dst,"(signal/float) Increment");break;
data/pd-lyonpotpourri-2.0+git20121009/granola~.c:102:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Output");
data/pd-lyonpotpourri-2.0+git20121009/granulesf~.c:1243:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(messages) No Signal Input"); break;
data/pd-lyonpotpourri-2.0+git20121009/granulesf~.c:1247:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(signal) Output 1"); break;
data/pd-lyonpotpourri-2.0+git20121009/granulesf~.c:1248:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 1: sprintf(dst,"(signal) Output 2"); break;
data/pd-lyonpotpourri-2.0+git20121009/granule~.c:872:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(messages) No Signal Input"); break;
data/pd-lyonpotpourri-2.0+git20121009/granule~.c:876:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(signal) Output 1"); break;
data/pd-lyonpotpourri-2.0+git20121009/granule~.c:877:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 1: sprintf(dst,"(signal) Output 2"); break;
data/pd-lyonpotpourri-2.0+git20121009/impulse~.c:68:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0:sprintf(dst,"(bang) Trigger Impulse");break;
data/pd-lyonpotpourri-2.0+git20121009/impulse~.c:71:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Output");
data/pd-lyonpotpourri-2.0+git20121009/kbuffer~.c:373:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal/float) Input ");
data/pd-lyonpotpourri-2.0+git20121009/kbuffer~.c:379:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Output ");
data/pd-lyonpotpourri-2.0+git20121009/kbuffer~.c:382:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Sync ");
data/pd-lyonpotpourri-2.0+git20121009/killdc~.c:80:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Input");
data/pd-lyonpotpourri-2.0+git20121009/killdc~.c:84:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Output");
data/pd-lyonpotpourri-2.0+git20121009/magfreq_analysis~.c:197:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(signal) Input"); break;
data/pd-lyonpotpourri-2.0+git20121009/magfreq_analysis~.c:201:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(signal) Magnitude Vector"); break;
data/pd-lyonpotpourri-2.0+git20121009/magfreq_analysis~.c:202:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 1: sprintf(dst,"(signal) Frequency Vector"); break;
data/pd-lyonpotpourri-2.0+git20121009/magfreq_analysis~.c:203:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 2: sprintf(dst,"(signal) Index"); break;
data/pd-lyonpotpourri-2.0+git20121009/markov~.c:183:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(bang/messages)");
data/pd-lyonpotpourri-2.0+git20121009/markov~.c:190:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Output");
data/pd-lyonpotpourri-2.0+git20121009/markov~.c:193:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Sync");
data/pd-lyonpotpourri-2.0+git20121009/mask~.c:414:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(signal) Trigger Impulses"); break;
data/pd-lyonpotpourri-2.0+git20121009/mask~.c:418:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(signal) Masked Impulses"); break;
data/pd-lyonpotpourri-2.0+git20121009/oscil~.c:230:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(signal/float) Frequency"); break;
data/pd-lyonpotpourri-2.0+git20121009/oscil~.c:231:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 1: sprintf(dst,"(signal/float) Phase"); break;
data/pd-lyonpotpourri-2.0+git20121009/oscil~.c:234:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Output");
data/pd-lyonpotpourri-2.0+git20121009/oscil~.c:427:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(old_wavetable, wavetable, table_length * sizeof(float) );
data/pd-lyonpotpourri-2.0+git20121009/oscil~.c:504:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(old_wavetable, wavetable, table_length * sizeof(float) );
data/pd-lyonpotpourri-2.0+git20121009/phasemod~.c:86:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal/float) Frequency ");
data/pd-lyonpotpourri-2.0+git20121009/phasemod~.c:89:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal/float) Slope Factor ");
data/pd-lyonpotpourri-2.0+git20121009/phasemod~.c:93:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Output ");
data/pd-lyonpotpourri-2.0+git20121009/player~.c:1252:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(signal) Click Trigger"); break;
data/pd-lyonpotpourri-2.0+git20121009/player~.c:1253:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 1: sprintf(dst,"(signal) Increment"); break;
data/pd-lyonpotpourri-2.0+git20121009/player~.c:1258:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(signal) Channel 1 Output"); break;
data/pd-lyonpotpourri-2.0+git20121009/player~.c:1262:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(signal) Channel 1 Output"); break;
data/pd-lyonpotpourri-2.0+git20121009/player~.c:1263:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 1: sprintf(dst,"(signal) Channel 2 Output"); break;
data/pd-lyonpotpourri-2.0+git20121009/pulser~.c:86:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal/float) Frequency");
data/pd-lyonpotpourri-2.0+git20121009/pulser~.c:89:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal/float) Pulse Width");
data/pd-lyonpotpourri-2.0+git20121009/pulser~.c:93:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Output");
data/pd-lyonpotpourri-2.0+git20121009/rtrig~.c:118:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(signal) Unused"); break;
data/pd-lyonpotpourri-2.0+git20121009/rtrig~.c:121:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Triggers");
data/pd-lyonpotpourri-2.0+git20121009/samm~.c:279:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(signal) Trigger Impulse"); break;
data/pd-lyonpotpourri-2.0+git20121009/samm~.c:282:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Beat Impulse %ld",arg + 1);
data/pd-lyonpotpourri-2.0+git20121009/sigseq~.c:191:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename->s_name, "r");
data/pd-lyonpotpourri-2.0+git20121009/sigseq~.c:211:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Input ");
data/pd-lyonpotpourri-2.0+git20121009/sigseq~.c:218:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Output ");
data/pd-lyonpotpourri-2.0+git20121009/sigseq~.c:221:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) ADSR Envelope ");
data/pd-lyonpotpourri-2.0+git20121009/sigseq~.c:224:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(bang) On Sequence Start");
data/pd-lyonpotpourri-2.0+git20121009/vdb~.c:602:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Input %ld",arg + 1);
data/pd-lyonpotpourri-2.0+git20121009/vdb~.c:604:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal/float) Delay Time");
data/pd-lyonpotpourri-2.0+git20121009/vdb~.c:606:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal/float) Feedback");
data/pd-lyonpotpourri-2.0+git20121009/vdb~.c:610:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Output %ld", arg + 1);
data/pd-lyonpotpourri-2.0+git20121009/vdp~.c:521:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b_dest_samples, b_samples, b_frames * 1 * sizeof(float) );
data/pd-lyonpotpourri-2.0+git20121009/vdp~.c:597:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(signal) Input");break;
data/pd-lyonpotpourri-2.0+git20121009/vdp~.c:598:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 1: sprintf(dst,"(signal/float) Delay Time");break;
data/pd-lyonpotpourri-2.0+git20121009/vdp~.c:599:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 2: sprintf(dst,"(signal/float) Feedback");break;
data/pd-lyonpotpourri-2.0+git20121009/vdp~.c:605:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Output ");
data/pd-lyonpotpourri-2.0+git20121009/waveshape~.c:82:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(dst,"(signal) Input"); break;
data/pd-lyonpotpourri-2.0+git20121009/waveshape~.c:85:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst,"(signal) Output");
ANALYSIS SUMMARY:
Hits = 140
Lines analyzed = 24682 in approximately 0.58 seconds (42568 lines/second)
Physical Source Lines of Code (SLOC) = 20100
Hits@level = [0] 1 [1] 0 [2] 128 [3] 11 [4] 1 [5] 0
Hits@level+ = [0+] 141 [1+] 140 [2+] 140 [3+] 12 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 7.01493 [1+] 6.96517 [2+] 6.96517 [3+] 0.597015 [4+] 0.0497512 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.