Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pd-vbap-1.1/define_loudspeakers.c
Examining data/pd-vbap-1.1/define_loudspeakers.h
Examining data/pd-vbap-1.1/max2pd.h
Examining data/pd-vbap-1.1/rvbap.c
Examining data/pd-vbap-1.1/vbap.c
Examining data/pd-vbap-1.1/vbap.h
FINAL RESULTS:
data/pd-vbap-1.1/vbap.c:73:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(s,mess);
data/pd-vbap-1.1/rvbap.c:151:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "define_loudspeakers / Bang to output actual values.");
data/pd-vbap-1.1/rvbap.c:154:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "(int) azimuth");
data/pd-vbap-1.1/rvbap.c:157:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "(int) elevation");
data/pd-vbap-1.1/rvbap.c:160:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "(int) spreading");
data/pd-vbap-1.1/rvbap.c:163:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "(t_float) distance");
data/pd-vbap-1.1/rvbap.c:170:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "(list) matrix~ values");
data/pd-vbap-1.1/rvbap.c:173:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "(int) actual azimuth");
data/pd-vbap-1.1/rvbap.c:176:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "(int) actual elevation");
data/pd-vbap-1.1/rvbap.c:179:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "(int) actual spreading");
data/pd-vbap-1.1/rvbap.c:182:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "(t_float) actual distance");
ANALYSIS SUMMARY:
Hits = 11
Lines analyzed = 2819 in approximately 0.08 seconds (33788 lines/second)
Physical Source Lines of Code (SLOC) = 2107
Hits@level = [0] 0 [1] 0 [2] 10 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 11 [1+] 11 [2+] 11 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 5.22069 [1+] 5.22069 [2+] 5.22069 [3+] 0.474608 [4+] 0.474608 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.