Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/sdrangelove-0.0.1.20150707/include-gpl/audio/audiofifo.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/audio/audiooutput.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/channelizer.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/dspcommands.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/dspengine.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/fftengine.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/fftsengine.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/fftwengine.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/fftwindow.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/interpolator.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/kissengine.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/lowpass.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/movingaverage.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/nco.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/pidcontroller.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/scopevis.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/spectrumvis.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/inthalfbandfilter.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/aboutdialog.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/addpresetdialog.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/buttonswitch.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/channelwindow.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/glscope.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/glspectrum.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/glspectrumgui.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/indicator.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/physicalunit.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/pluginsdialog.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/preferencesdialog.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/presetitem.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/scale.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/scaleengine.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/scopewindow.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/valuedial.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/mainwindow.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/plugin/pluginmanager.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/settings/preferences.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/settings/preset.h Examining data/sdrangelove-0.0.1.20150707/include-gpl/settings/settings.h Examining data/sdrangelove-0.0.1.20150707/include/dsp/channelmarker.h Examining data/sdrangelove-0.0.1.20150707/include/dsp/dsptypes.h Examining data/sdrangelove-0.0.1.20150707/include/dsp/kissfft.h Examining data/sdrangelove-0.0.1.20150707/include/dsp/samplefifo.h Examining data/sdrangelove-0.0.1.20150707/include/dsp/samplesink.h Examining data/sdrangelove-0.0.1.20150707/include/dsp/samplesource/samplesource.h Examining data/sdrangelove-0.0.1.20150707/include/dsp/threadedsamplesink.h Examining data/sdrangelove-0.0.1.20150707/include/gui/basicchannelsettingswidget.h Examining data/sdrangelove-0.0.1.20150707/include/gui/rollupwidget.h Examining data/sdrangelove-0.0.1.20150707/include/plugin/pluginapi.h Examining data/sdrangelove-0.0.1.20150707/include/plugin/plugingui.h Examining data/sdrangelove-0.0.1.20150707/include/plugin/plugininterface.h Examining data/sdrangelove-0.0.1.20150707/include/util/export.h Examining data/sdrangelove-0.0.1.20150707/include/util/message.h Examining data/sdrangelove-0.0.1.20150707/include/util/messagequeue.h Examining data/sdrangelove-0.0.1.20150707/include/util/miniz.h Examining data/sdrangelove-0.0.1.20150707/include/util/simpleserializer.h Examining data/sdrangelove-0.0.1.20150707/include/util/spinlock.h Examining data/sdrangelove-0.0.1.20150707/main.cpp Examining data/sdrangelove-0.0.1.20150707/plugins/channel/nfm/nfmdemod.cpp Examining data/sdrangelove-0.0.1.20150707/plugins/channel/nfm/nfmdemod.h Examining data/sdrangelove-0.0.1.20150707/plugins/channel/nfm/nfmdemodgui.cpp Examining data/sdrangelove-0.0.1.20150707/plugins/channel/nfm/nfmdemodgui.h Examining data/sdrangelove-0.0.1.20150707/plugins/channel/nfm/nfmplugin.cpp Examining data/sdrangelove-0.0.1.20150707/plugins/channel/nfm/nfmplugin.h Examining data/sdrangelove-0.0.1.20150707/plugins/channel/tcpsrc/tcpsrc.cpp Examining data/sdrangelove-0.0.1.20150707/plugins/channel/tcpsrc/tcpsrc.h Examining data/sdrangelove-0.0.1.20150707/plugins/channel/tcpsrc/tcpsrcgui.cpp Examining data/sdrangelove-0.0.1.20150707/plugins/channel/tcpsrc/tcpsrcgui.h Examining data/sdrangelove-0.0.1.20150707/plugins/channel/tcpsrc/tcpsrcplugin.cpp Examining data/sdrangelove-0.0.1.20150707/plugins/channel/tcpsrc/tcpsrcplugin.h Examining data/sdrangelove-0.0.1.20150707/plugins/channel/tetra/tetrademod.cpp Examining data/sdrangelove-0.0.1.20150707/plugins/channel/tetra/tetrademod.h Examining data/sdrangelove-0.0.1.20150707/plugins/channel/tetra/tetrademodgui.cpp Examining data/sdrangelove-0.0.1.20150707/plugins/channel/tetra/tetrademodgui.h Examining data/sdrangelove-0.0.1.20150707/plugins/channel/tetra/tetraplugin.cpp Examining data/sdrangelove-0.0.1.20150707/plugins/channel/tetra/tetraplugin.h Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/gnuradio/gnuradiogui.cpp Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/gnuradio/gnuradiogui.h Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/gnuradio/gnuradioinput.cpp Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/gnuradio/gnuradioinput.h Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/gnuradio/gnuradioplugin.cpp Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/gnuradio/gnuradioplugin.h Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/gnuradio/gnuradiothread.cpp Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/gnuradio/gnuradiothread.h Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrgui.h Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrinput.h Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrplugin.cpp Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrplugin.h Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrthread.cpp Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrthread.h Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrupgrade.cpp Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrupgrade.h Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrinput.cpp Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrgui.cpp Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrgui.cpp Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrgui.h Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrinput.cpp Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrinput.h Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrplugin.cpp Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrplugin.h Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrthread.cpp Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrthread.h Examining data/sdrangelove-0.0.1.20150707/sdrbase/audio/audiofifo.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/audio/audiooutput.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/channelizer.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/channelmarker.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/dspcommands.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/dspengine.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/fftengine.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/fftsengine.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/fftwengine.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/fftwindow.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/interpolator.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/inthalfbandfilter.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/kissengine.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/lowpass.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/movingaverage.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/nco.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/pidcontroller.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/samplefifo.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/samplesink.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/samplesource/samplesource.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/scopevis.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/spectrumvis.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/threadedsamplesink.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/aboutdialog.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/addpresetdialog.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/basicchannelsettingswidget.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/buttonswitch.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/channelwindow.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/glscope.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/glspectrum.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/glspectrumgui.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/indicator.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/pluginsdialog.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/preferencesdialog.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/presetitem.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/scale.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/scaleengine.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/scopewindow.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/valuedial.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/rollupwidget.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/mainwindow.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/plugin/pluginapi.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/plugin/plugingui.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/plugin/plugininterface.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/plugin/pluginmanager.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/settings/preferences.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/settings/preset.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/settings/settings.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/util/message.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/util/messagequeue.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/util/simpleserializer.cpp Examining data/sdrangelove-0.0.1.20150707/sdrbase/util/spinlock.cpp FINAL RESULTS: data/sdrangelove-0.0.1.20150707/include-gpl/audio/audiooutput.h:61:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(OpenMode mode); data/sdrangelove-0.0.1.20150707/plugins/channel/tetra/tetrademod.cpp:96:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen("/tmp/tetra.iq", "wb"); data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrinput.cpp:147:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vendor[256]; data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrinput.cpp:148:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char product[256]; data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrinput.cpp:149:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serial[256]; data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrplugin.cpp:39:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vendor[256]; data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrplugin.cpp:40:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char product[256]; data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrplugin.cpp:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serial[256]; data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrupgrade.cpp:223:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sn[64]; data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrinput.cpp:88:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vendor[256]; data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrinput.cpp:89:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char product[256]; data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrinput.cpp:90:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serial[256]; data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrplugin.cpp:39:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vendor[256]; data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrplugin.cpp:40:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char product[256]; data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrplugin.cpp:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serial[256]; data/sdrangelove-0.0.1.20150707/sdrbase/audio/audiofifo.cpp:107:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_fifo + (m_tail * m_sampleSize), data, copyLen * m_sampleSize); data/sdrangelove-0.0.1.20150707/sdrbase/audio/audiofifo.cpp:163:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, m_fifo + (m_head * m_sampleSize), copyLen * m_sampleSize); data/sdrangelove-0.0.1.20150707/sdrbase/audio/audiooutput.cpp:96:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QIODevice::open(QIODevice::ReadOnly); data/sdrangelove-0.0.1.20150707/sdrbase/audio/audiooutput.cpp:150:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool AudioOutput::open(OpenMode mode) data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:487:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_filename[MZ_ZIP_MAX_ARCHIVE_FILENAME_SIZE]; data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:488:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_comment[MZ_ZIP_MAX_ARCHIVE_FILE_COMMENT_SIZE]; data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:898:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char mz_validate_uint16[sizeof(mz_uint16)==2 ? 1 : -1]; data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:899:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char mz_validate_uint32[sizeof(mz_uint32)==4 ? 1 : -1]; data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:900:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char mz_validate_uint64[sizeof(mz_uint64)==8 ? 1 : -1]; data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:1226:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n); data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:1246:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n); data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:1326:31: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define TINFL_MEMCPY(d, s, l) memcpy(d, s, l) data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:1915:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(code_sizes_to_pack, &d->m_huff_code_sizes[0][0], num_lit_codes); data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:1916:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(code_sizes_to_pack + num_lit_codes, &d->m_huff_code_sizes[1][0], num_dist_codes); data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:2212:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs, d->m_output_buf, bytes_to_copy); data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:2313:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d->m_dict + dst_pos, d->m_pSrc, n); data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:2315:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d->m_dict + TDEFL_LZ_DICT_SIZE + dst_pos, d->m_pSrc, MZ_MIN(n, (TDEFL_MAX_MATCH_LEN - 1) - dst_pos)); data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:2591:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs, d->m_output_buf + d->m_output_flush_ofs, n); data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:2719:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((mz_uint8*)p->m_pBuf + p->m_size, pBuf, len); p->m_size = new_size; data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:2785:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out_buf.m_pBuf, pnghdr, 41); data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:2825:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return fopen(pFilename, pMode); data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:2979:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((mz_uint8*)pArray->m_p + orig_size * pArray->m_element_size, pElements, n * pArray->m_element_size); data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:3231:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pBuf, (const mz_uint8 *)pZip->m_pState->m_pMem + file_ofs, s); data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:3359:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pStat->m_filename, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, n); pStat->m_filename[n] = '\0'; data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:3363:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pStat->m_comment, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + MZ_READ_LE16(p + MZ_ZIP_CDH_FILENAME_LEN_OFS) + MZ_READ_LE16(p + MZ_ZIP_CDH_EXTRA_LEN_OFS), n); pStat->m_comment[n] = '\0'; data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:3377:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pFilename, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, n); data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:3943:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((mz_uint8 *)pState->m_pMem + file_ofs, pBuf, n); data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:3991:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. mz_uint64 cur_ofs = 0; char buf[4096]; MZ_CLEAR_OBJ(buf); data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:4171:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:4605:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(central_header, pSrc_central_header, MZ_ZIP_CENTRAL_DIR_HEADER_SIZE); data/sdrangelove-0.0.1.20150707/include-gpl/audio/audiofifo.h:34:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uint read(quint8* data, uint numSamples, int timeout = INT_MAX); data/sdrangelove-0.0.1.20150707/include/dsp/samplefifo.h:55:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uint read(SampleVector::iterator begin, SampleVector::iterator end); data/sdrangelove-0.0.1.20150707/sdrbase/audio/audiofifo.cpp:120:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uint AudioFifo::read(quint8* data, uint numSamples, int timeout) data/sdrangelove-0.0.1.20150707/sdrbase/audio/audiooutput.cpp:178:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uint samples = (*it)->read((quint8*)data, framesPerBuffer, 1); data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:3417:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const mz_uint filename_len = (mz_uint)strlen(pFilename); data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:3439:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_len = strlen(pName); if (name_len > 0xFFFF) return -1; data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:3440:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). comment_len = pComment ? strlen(pComment) : 0; if (comment_len > 0xFFFF) return -1; data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:4219:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). archive_name_size = strlen(pArchive_name); data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:4354:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). archive_name_size = strlen(pArchive_name); ANALYSIS SUMMARY: Hits = 54 Lines analyzed = 23129 in approximately 0.52 seconds (44596 lines/second) Physical Source Lines of Code (SLOC) = 17910 Hits@level = [0] 4 [1] 9 [2] 45 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 58 [1+] 54 [2+] 45 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 3.23841 [1+] 3.01508 [2+] 2.51256 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.