Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_jsgf.c Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_reinit.c Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_acmod_grow.c Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_mllr.c Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_acmod.c Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_keyphrase.c Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_senfh.c Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_posterior.c Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_alignment.c Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_fwdflat.c Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_state_align.c Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_simple.c Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_ps.c Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_fwdtree_bestpath.c Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_macros.h Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_ptm_mgau.c Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_dict.c Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_set_search.c Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_dict2pid.c Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_init.c Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_lattice.c Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_lm_read.c Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_nbest.c Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_fsg.c Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_allphone.c Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_fwdtree.c Examining data/pocketsphinx-0.8+5prealpha+1/include/ps_lattice.h Examining data/pocketsphinx-0.8+5prealpha+1/include/pocketsphinx_export.h Examining data/pocketsphinx-0.8+5prealpha+1/include/ps_search.h Examining data/pocketsphinx-0.8+5prealpha+1/include/pocketsphinx.h Examining data/pocketsphinx-0.8+5prealpha+1/include/cmdln_macro.h Examining data/pocketsphinx-0.8+5prealpha+1/include/ps_mllr.h Examining data/pocketsphinx-0.8+5prealpha+1/src/gst-plugin/livedemo.c Examining data/pocketsphinx-0.8+5prealpha+1/src/gst-plugin/gstpocketsphinx.c Examining data/pocketsphinx-0.8+5prealpha+1/src/gst-plugin/gstpocketsphinx.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ngram_search.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ms_senone.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s3types.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/fsg_lextree.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ngram_search_fwdflat.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/fsg_history.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/tied_mgau_common.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/pocketsphinx.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/fsg_lextree.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/hmm.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/phone_loop_search.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/vector.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/tmat.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_mllr.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice_internal.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/fsg_search_internal.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/blkarray_list.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_search.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ms_mgau.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_alignment.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ngram_search.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict2pid.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict2pid.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/fsg_history.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/pocketsphinx_internal.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_detections.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/vector.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ngram_search_fwdtree.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ms_gauden.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ngram_search_fwdtree.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/allphone_search.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ms_senone.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/allphone_search.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/acmod.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_search.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/acmod.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_alignment.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/state_align_search.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/hmm.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ms_mgau.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/fsg_search.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/tmat.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ngram_search_fwdflat.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ms_gauden.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/state_align_search.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/phone_loop_search.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/blkarray_list.c Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_detections.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict.h Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c Examining data/pocketsphinx-0.8+5prealpha+1/src/programs/continuous.c Examining data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c Examining data/pocketsphinx-0.8+5prealpha+1/src/programs/mdef_convert.c FINAL RESULTS: data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c:125:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bmdef->ciname[0], mdef->ciphone[0].name); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c:129:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bmdef->ciname[i], mdef->ciphone[i].name); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c:878:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s", bin_mdef_ciphone_str(m, pid)); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c:880:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s %s %s %c", data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict.c:53:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf sprintf_s data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict.c:239:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(phones, dict_ciphone_str(dict, i, j)); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:206:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s", mdef_ciphone_str(m, pid)); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:208:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s %s %s %c", data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:308:10: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if ((sscanf(lp, "%s%n", word, &wlen) != 1) || (strcmp(word, "N") != 0)) data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:313:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(lp, "%s%n", word, &wlen) == 1) data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:328:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(lp, "%s%n", word, &wlen) != 1) data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:343:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if ((sscanf(lp, "%s%n", word, &wlen) != 1) data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:350:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(lp, "%s%n", word, &wlen) != 1) data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:378:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(lp, "%s%n", word, &wlen) != 1) data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:387:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(lp, "%s%n", word, &wlen) != 1) data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:395:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(lp, "%s%n", word, &wlen) != 1) data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:403:10: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if ((sscanf(lp, "%s%n", word, &wlen) != 1) || (word[1] != '\0')) data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:424:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(lp, "%s%n", word, &wlen) != 1) data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:551:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if ((sscanf(buf, "%d %s", &n, tag) != 2) || (n < 0)) data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/pocketsphinx.c:875:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(phones, dict_ciphone_str(dict, wid, j)); data/pocketsphinx-0.8+5prealpha+1/test/unit/test_dict.c:35:16: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. TEST_EQUAL(0, system("diff -uw " MODELDIR "/en-us/cmudict-en-us.dict _cmu07a.dic")); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/vector.c:84:9: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define srandom srand data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/vector.c:84:17: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define srandom srand data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/vector.c:85:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random rand data/pocketsphinx-0.8+5prealpha+1/src/gst-plugin/gstpocketsphinx.c:715:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uttid[16]; data/pocketsphinx-0.8+5prealpha+1/src/gst-plugin/gstpocketsphinx.c:717:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(uttid, "%09u", ps->uttno); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/acmod.c:352:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nsenstr[64], logbasestr[64]; data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/acmod.c:354:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(nsenstr, "%d", bin_mdef_n_sen(acmod->mdef)); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/acmod.c:355:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(logbasestr, "%f", logmath_get_base(acmod->lmath)); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/acmod.c:541:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(acmod->rawdata + acmod->rawdata_pos, *inout_raw, *inout_n_samps * sizeof(int16)); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/acmod.c:644:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(acmod->rawdata + acmod->rawdata_pos, prev_audio_inptr, processed_samples * sizeof(int16)); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/acmod.c:681:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(acmod->rawdata + acmod->rawdata_pos, prev_audio_inptr, processed_samples * sizeof(int16)); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/acmod.c:819:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(acmod->feat_buf[inptr][i], data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/acmod.c:838:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(val[i]) != bin_mdef_n_sen(acmod->mdef)) { data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/acmod.c:840:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). "match mdef (%d)\n", atoi(val[i]), data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c:337:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fh = fopen(filename, "rb")) == NULL) data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c:527:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fh = fopen(filename, "wb")) == NULL) data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c:614:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fh = fopen(filename, "w")) == NULL) data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict.c:134:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wordp->ciphone, p, np * sizeof(s3cipid_t)); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict.c:226:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fh = fopen(filename, "w")) == NULL) { data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict.c:274:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(dictfile, "r")) == NULL) { data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict.c:288:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp2 = fopen(fillerfile, "r")) == NULL) { data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict2pid.c:115:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d2p->rssid[b][l].ssid, tmpssid, data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict2pid.c:119:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d2p->rssid[b][l].cimap, tmpcimap, data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict2pid.c:175:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d2p->lrssid[b][l].ssid, tmpssid, data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict2pid.c:179:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d2p->lrssid[b][l].cimap, tmpcimap, data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/fsg_search.c:1046:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, baseword, len); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/hmm.c:104:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hmm->senid, ctx->sseq[ssid], hmm->n_emit_state * sizeof(*hmm->senid)); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_detections.c:108:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, det->keyphrase, strlen(det->keyphrase)); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_search.c:333:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((list_file = fopen(keyfile, "r")) == NULL) { data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_search.c:696:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&line[c], str, strlen(str)); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:160:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. __BIGSTACKVARIABLE__ char buf[4096]; data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:277:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. __BIGSTACKVARIABLE__ char word[1024]; data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:322:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. __BIGSTACKVARIABLE__ char word[1024], *lp; data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:371:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. __BIGSTACKVARIABLE__ char word[1024], *lp; data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:476:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sseq[j], hash_entry_key(he), k); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:508:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. __BIGSTACKVARIABLE__ char tag[1024], buf[1024]; data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:522:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(mdeffile, "r")) == NULL) data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ms_gauden.c:129:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(file_name, "rb")) == NULL) { data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ms_senone.c:66:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(file_name, "rb")) == NULL) data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ms_senone.c:151:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(file_name, "rb")) == NULL) data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ngram_search.c:586:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, dict_basestr(ps_search_dict(ngs), be->wid), len); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/pocketsphinx.c:78:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmp = fopen(path, "rb"); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/pocketsphinx.c:90:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmp = fopen(mdef, "rb"); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/pocketsphinx.c:936:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uttid[16]; data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/pocketsphinx.c:952:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(uttid, "%09u", ps->uttno); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/pocketsphinx.c:971:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((mfcfh = fopen(logfn, "wb")) == NULL) { data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/pocketsphinx.c:984:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((rawfh = fopen(logfn, "wb")) == NULL) { data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/pocketsphinx.c:997:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((senfh = fopen(logfn, "wb")) == NULL) { data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:220:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(filename, "w")) == NULL) { data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:280:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(filename, "w")) == NULL) { data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:316:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). altpron = atoi(c + 1); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:478:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wd[256]; data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:861:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, wstr, len); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:874:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, wstr, len); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:1837:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, wstr, len); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_mllr.c:61:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(regmatfile, "r")) == NULL) { data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:148:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*cur + 1, *cur, sizeof(**cur)); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:440:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s->f->topn[0][0], lastf->topn[0][0], data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:460:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1000]; data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:473:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(file, "rb")) == NULL) data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:532:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n_feat = atoi(line + strlen("feature_count ")); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:535:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n_density = atoi(line + strlen("mixture_count ")); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:538:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n_sen = atoi(line + strlen("model_count ")); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:541:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n_clust = atoi(line + strlen("cluster_count ")); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:544:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n_bits = atoi(line + strlen("cluster_bits ")); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:673:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(file_name, "rb")) == NULL) data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:164:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cur + 1, cur, sizeof(vqFeature_t)); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:861:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s->f[i], lastf[i], sizeof(vqFeature_t) * s->max_topn); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:888:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1000]; data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:901:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(file, "rb")) == NULL) data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:960:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n_feat = atoi(line + strlen("feature_count ")); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:963:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n_density = atoi(line + strlen("mixture_count ")); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:966:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n_sen = atoi(line + strlen("model_count ")); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:969:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n_clust = atoi(line + strlen("cluster_count ")); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:972:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n_bits = atoi(line + strlen("cluster_bits ")); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:1101:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(file_name, "rb")) == NULL) data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:1209:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). out[i] = atoi(c); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:1215:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). out[i] = atoi(c); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/tmat.c:154:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(file_name, "rb")) == NULL) data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c:388:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((infh = fopen(infile, "rb")) == NULL) { data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c:487:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh = fopen(outfile, "w"); data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c:615:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mllrfh = fopen(str, "r"); data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c:622:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fsgfh = fopen(str, "r"); data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c:629:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). lmfh = fopen(str, "r"); data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c:636:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). hypfh = fopen(str, "w"); data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c:644:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). hypsegfh = fopen(str, "w"); data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c:652:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ctmfh = fopen(str, "w"); data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c:662:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *wptr[4]; data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c:721:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sf = atoi(wptr[1]); data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c:723:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ef = atoi(wptr[2]); data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c:814:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ctlfh = fopen(ctl, "r")) == NULL) { data/pocketsphinx-0.8+5prealpha+1/src/programs/continuous.c:156:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((rawfd = fopen(fname, "rb")) == NULL) { data/pocketsphinx-0.8+5prealpha+1/src/programs/continuous.c:162:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char waveheader[44]; data/pocketsphinx-0.8+5prealpha+1/test/unit/test_acmod.c:70:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb")); data/pocketsphinx-0.8+5prealpha+1/test/unit/test_acmod_grow.c:69:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb")); data/pocketsphinx-0.8+5prealpha+1/test/unit/test_dict.c:18:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/pocketsphinx-0.8+5prealpha+1/test/unit/test_dict.c:55:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "word_%d", i); data/pocketsphinx-0.8+5prealpha+1/test/unit/test_fsg.c:31:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb")); data/pocketsphinx-0.8+5prealpha+1/test/unit/test_jsgf.c:41:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb")); data/pocketsphinx-0.8+5prealpha+1/test/unit/test_jsgf.c:59:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb")); data/pocketsphinx-0.8+5prealpha+1/test/unit/test_jsgf.c:77:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb")); data/pocketsphinx-0.8+5prealpha+1/test/unit/test_lattice.c:115:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb")); data/pocketsphinx-0.8+5prealpha+1/test/unit/test_lm_read.c:27:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb")); data/pocketsphinx-0.8+5prealpha+1/test/unit/test_mllr.c:27:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb")); data/pocketsphinx-0.8+5prealpha+1/test/unit/test_nbest.c:29:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb")); data/pocketsphinx-0.8+5prealpha+1/test/unit/test_posterior.c:32:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb")); data/pocketsphinx-0.8+5prealpha+1/test/unit/test_ps.c:26:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb")); data/pocketsphinx-0.8+5prealpha+1/test/unit/test_ptm_mgau.c:41:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb")); data/pocketsphinx-0.8+5prealpha+1/test/unit/test_senfh.c:40:29: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb")); data/pocketsphinx-0.8+5prealpha+1/test/unit/test_senfh.c:42:29: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). TEST_ASSERT(senfh = fopen("goforward.sen", "wb")); data/pocketsphinx-0.8+5prealpha+1/test/unit/test_senfh.c:67:29: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). TEST_ASSERT(senfh = fopen("goforward.sen", "rb")); data/pocketsphinx-0.8+5prealpha+1/test/unit/test_state_align.c:18:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb")); data/pocketsphinx-0.8+5prealpha+1/src/gst-plugin/gstpocketsphinx.c:674:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (hyp && strlen(hyp) > 0) { data/pocketsphinx-0.8+5prealpha+1/src/gst-plugin/gstpocketsphinx.c:707:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer = gst_buffer_new_and_alloc(strlen(hyp) + 1); data/pocketsphinx-0.8+5prealpha+1/src/gst-plugin/gstpocketsphinx.c:708:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gst_buffer_fill(buffer, 0, hyp, strlen(hyp)); data/pocketsphinx-0.8+5prealpha+1/src/gst-plugin/gstpocketsphinx.c:709:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gst_buffer_fill(buffer, strlen(hyp), "\n", 1); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c:123:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nchars += strlen(mdef->ciphone[i].name) + 1; data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c:128:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bmdef->ciname[i - 1] + strlen(bmdef->ciname[i - 1]) + 1; data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c:433:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m->ciname[i] = m->ciname[i - 1] + strlen(m->ciname[i - 1]) + 1; data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c:437:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m->ciname[i - 1] + strlen(m->ciname[i - 1]) + 1 - m->ciname[0]; data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c:564:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fwrite(m->ciname[i], 1, strlen(m->ciname[i]) + 1, fh); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict.c:207:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stralloc += strlen(d->word[w].word); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict.c:236:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). phlen += strlen(dict_ciphone_str(dict, i, j)) + 1; data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict.c:241:17: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(phones, " "); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict.c:446:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(word); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/fsg_search.c:1019:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(baseword) + 1; data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/fsg_search.c:1044:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(baseword); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_detections.c:95:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(det->keyphrase) + 1; data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_detections.c:108:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(c, det->keyphrase, strlen(det->keyphrase)); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_detections.c:109:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c += strlen(det->keyphrase); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_search.c:351:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = strlen(line) - 1; data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_search.c:690:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(((kws_keyphrase_t *)gnode_ptr(gn))->word) + 1; data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_search.c:696:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(&line[c], str, strlen(str)); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_search.c:697:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c += strlen(str); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:536:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(buf, MODEL_DEF_VERSION, strlen(MODEL_DEF_VERSION)) != 0) data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ngram_search.c:566:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(dict_basestr(ps_search_dict(ngs), be->wid)) + 1; data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ngram_search.c:584:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(dict_basestr(ps_search_dict(ngs), be->wid)); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/pocketsphinx.c:872:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). phlen += strlen(dict_ciphone_str(dict, wid, j)) + 1; data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/pocketsphinx.c:877:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(phones, " "); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:367:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(li->buf, param, strlen(param)) == 0 data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:486:14: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(line->buf, "%d %255s %d %d %d", &seqid, wd, &sf, &fef, data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:842:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(wstr) + 1; data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:848:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(wstr) + 1; data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:859:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(wstr); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:872:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(wstr); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:1820:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(wstr) + 1; data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:1835:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(wstr); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:531:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(line, "feature_count ", strlen("feature_count "))) { data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:532:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n_feat = atoi(line + strlen("feature_count ")); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:534:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(line, "mixture_count ", strlen("mixture_count "))) { data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:535:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n_density = atoi(line + strlen("mixture_count ")); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:537:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(line, "model_count ", strlen("model_count "))) { data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:538:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n_sen = atoi(line + strlen("model_count ")); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:540:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(line, "cluster_count ", strlen("cluster_count "))) { data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:541:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n_clust = atoi(line + strlen("cluster_count ")); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:543:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(line, "cluster_bits ", strlen("cluster_bits "))) { data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:544:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n_bits = atoi(line + strlen("cluster_bits ")); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:959:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(line, "feature_count ", strlen("feature_count "))) { data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:960:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n_feat = atoi(line + strlen("feature_count ")); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:962:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(line, "mixture_count ", strlen("mixture_count "))) { data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:963:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n_density = atoi(line + strlen("mixture_count ")); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:965:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(line, "model_count ", strlen("model_count "))) { data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:966:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n_sen = atoi(line + strlen("model_count ")); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:968:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(line, "cluster_count ", strlen("cluster_count "))) { data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:969:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n_clust = atoi(line + strlen("cluster_count ")); data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:971:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(line, "cluster_bits ", strlen("cluster_bits "))) { data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:972:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n_bits = atoi(line + strlen("cluster_bits ")); data/pocketsphinx-0.8+5prealpha+1/src/programs/continuous.c:161:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(fname) > 4 && strcmp(fname + strlen(fname) - 4, ".wav") == 0) { data/pocketsphinx-0.8+5prealpha+1/src/programs/continuous.c:161:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(fname) > 4 && strcmp(fname + strlen(fname) - 4, ".wav") == 0) { data/pocketsphinx-0.8+5prealpha+1/src/programs/continuous.c:168:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(fname) > 4 && strcmp(fname + strlen(fname) - 4, ".mp3") == 0) { data/pocketsphinx-0.8+5prealpha+1/src/programs/continuous.c:168:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(fname) > 4 && strcmp(fname + strlen(fname) - 4, ".mp3") == 0) { ANALYSIS SUMMARY: Hits = 192 Lines analyzed = 33744 in approximately 1.00 seconds (33587 lines/second) Physical Source Lines of Code (SLOC) = 22154 Hits@level = [0] 255 [1] 59 [2] 109 [3] 3 [4] 21 [5] 0 Hits@level+ = [0+] 447 [1+] 192 [2+] 133 [3+] 24 [4+] 21 [5+] 0 Hits/KSLOC@level+ = [0+] 20.1769 [1+] 8.66661 [2+] 6.00343 [3+] 1.08333 [4+] 0.94791 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.