Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioAmp.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioClipper.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioCompressor.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioCompressor.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDebugger.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDecimator.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDecimator.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDecoder.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDecoder.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDecoderDummy.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDecoderGsm.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDecoderGsm.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDecoderNull.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDecoderOpus.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDecoderOpus.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDecoderRaw.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDecoderS16.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDecoderS16.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDecoderSpeex.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDecoderSpeex.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDelayLine.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDelayLine.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDevice.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDevice.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDeviceAlsa.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDeviceAlsa.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDeviceFactory.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDeviceFactory.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDeviceOSS.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDeviceOSS.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDeviceUDP.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioDeviceUDP.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoder.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoder.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoderDummy.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoderGsm.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoderGsm.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoderNull.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoderOpus.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoderOpus.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoderRaw.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoderS16.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoderS16.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoderSpeex.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoderSpeex.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioFifo.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioFifo.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioFilter.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioFilter.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioFsf.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioFsf.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioGenerator.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioIO.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioIO.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioInterpolator.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioInterpolator.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioJitterFifo.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioJitterFifo.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioMixer.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioMixer.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioNoiseAdder.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioNoiseAdder.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioPacer.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioPacer.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioPassthrough.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioProcessor.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioProcessor.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioReader.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioReader.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioRecorder.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioRecorder.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioSelector.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioSelector.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioSink.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioSink.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioSource.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioSource.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioSplitter.cpp
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioSplitter.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioStreamStateDetector.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncAudioValve.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncSigCAudioSink.h
Examining data/svxlink-19.09.1/src/async/audio/AsyncSigCAudioSource.h
Examining data/svxlink-19.09.1/src/async/audio/fidlib.c
Examining data/svxlink-19.09.1/src/async/audio/fidlib.h
Examining data/svxlink-19.09.1/src/async/audio/fidmkf.h
Examining data/svxlink-19.09.1/src/async/audio/fidrf_cmdlist.h
Examining data/svxlink-19.09.1/src/async/core/AsyncApplication.cpp
Examining data/svxlink-19.09.1/src/async/core/AsyncApplication.h
Examining data/svxlink-19.09.1/src/async/core/AsyncAtTimer.cpp
Examining data/svxlink-19.09.1/src/async/core/AsyncAtTimer.h
Examining data/svxlink-19.09.1/src/async/core/AsyncConfig.cpp
Examining data/svxlink-19.09.1/src/async/core/AsyncConfig.h
Examining data/svxlink-19.09.1/src/async/core/AsyncDnsLookup.cpp
Examining data/svxlink-19.09.1/src/async/core/AsyncDnsLookup.h
Examining data/svxlink-19.09.1/src/async/core/AsyncDnsLookupWorker.h
Examining data/svxlink-19.09.1/src/async/core/AsyncExec.cpp
Examining data/svxlink-19.09.1/src/async/core/AsyncExec.h
Examining data/svxlink-19.09.1/src/async/core/AsyncFdWatch.cpp
Examining data/svxlink-19.09.1/src/async/core/AsyncFdWatch.h
Examining data/svxlink-19.09.1/src/async/core/AsyncFileReader.cpp
Examining data/svxlink-19.09.1/src/async/core/AsyncFileReader.h
Examining data/svxlink-19.09.1/src/async/core/AsyncFramedTcpConnection.cpp
Examining data/svxlink-19.09.1/src/async/core/AsyncFramedTcpConnection.h
Examining data/svxlink-19.09.1/src/async/core/AsyncIpAddress.cpp
Examining data/svxlink-19.09.1/src/async/core/AsyncIpAddress.h
Examining data/svxlink-19.09.1/src/async/core/AsyncMsg.h
Examining data/svxlink-19.09.1/src/async/core/AsyncPty.cpp
Examining data/svxlink-19.09.1/src/async/core/AsyncPty.h
Examining data/svxlink-19.09.1/src/async/core/AsyncPtyStreamBuf.cpp
Examining data/svxlink-19.09.1/src/async/core/AsyncPtyStreamBuf.h
Examining data/svxlink-19.09.1/src/async/core/AsyncSerial.cpp
Examining data/svxlink-19.09.1/src/async/core/AsyncSerial.h
Examining data/svxlink-19.09.1/src/async/core/AsyncSerialDevice.cpp
Examining data/svxlink-19.09.1/src/async/core/AsyncSerialDevice.h
Examining data/svxlink-19.09.1/src/async/core/AsyncTcpClient.h
Examining data/svxlink-19.09.1/src/async/core/AsyncTcpClientBase.cpp
Examining data/svxlink-19.09.1/src/async/core/AsyncTcpClientBase.h
Examining data/svxlink-19.09.1/src/async/core/AsyncTcpConnection.cpp
Examining data/svxlink-19.09.1/src/async/core/AsyncTcpConnection.h
Examining data/svxlink-19.09.1/src/async/core/AsyncTcpServer.h
Examining data/svxlink-19.09.1/src/async/core/AsyncTcpServerBase.cpp
Examining data/svxlink-19.09.1/src/async/core/AsyncTcpServerBase.h
Examining data/svxlink-19.09.1/src/async/core/AsyncTimer.cpp
Examining data/svxlink-19.09.1/src/async/core/AsyncTimer.h
Examining data/svxlink-19.09.1/src/async/core/AsyncUdpSocket.cpp
Examining data/svxlink-19.09.1/src/async/core/AsyncUdpSocket.h
Examining data/svxlink-19.09.1/src/async/cpp/AsyncCppApplication.cpp
Examining data/svxlink-19.09.1/src/async/cpp/AsyncCppApplication.h
Examining data/svxlink-19.09.1/src/async/cpp/AsyncCppDnsLookupWorker.cpp
Examining data/svxlink-19.09.1/src/async/cpp/AsyncCppDnsLookupWorker.h
Examining data/svxlink-19.09.1/src/async/demo/AsyncAtTimer_demo.cpp
Examining data/svxlink-19.09.1/src/async/demo/AsyncAudioFsf_demo.cpp
Examining data/svxlink-19.09.1/src/async/demo/AsyncAudioIO_demo.cpp
Examining data/svxlink-19.09.1/src/async/demo/AsyncAudioSelector_demo.cpp
Examining data/svxlink-19.09.1/src/async/demo/AsyncConfig_demo.cpp
Examining data/svxlink-19.09.1/src/async/demo/AsyncCppApplication_demo.cpp
Examining data/svxlink-19.09.1/src/async/demo/AsyncDnsLookup_demo.cpp
Examining data/svxlink-19.09.1/src/async/demo/AsyncExec_demo.cpp
Examining data/svxlink-19.09.1/src/async/demo/AsyncFdWatch_demo.cpp
Examining data/svxlink-19.09.1/src/async/demo/AsyncFramedTcpClient_demo.cpp
Examining data/svxlink-19.09.1/src/async/demo/AsyncFramedTcpServer_demo.cpp
Examining data/svxlink-19.09.1/src/async/demo/AsyncMsg_demo.cpp
Examining data/svxlink-19.09.1/src/async/demo/AsyncPtyStreamBuf_demo.cpp
Examining data/svxlink-19.09.1/src/async/demo/AsyncQtApplication_demo.cpp
Examining data/svxlink-19.09.1/src/async/demo/AsyncSerial_demo.cpp
Examining data/svxlink-19.09.1/src/async/demo/AsyncTcpClient_demo.cpp
Examining data/svxlink-19.09.1/src/async/demo/AsyncTcpServer_demo.cpp
Examining data/svxlink-19.09.1/src/async/demo/AsyncTimer_demo.cpp
Examining data/svxlink-19.09.1/src/async/demo/AsyncUdpSocket_demo.cpp
Examining data/svxlink-19.09.1/src/async/qt/AsyncQtApplication.cpp
Examining data/svxlink-19.09.1/src/async/qt/AsyncQtApplication.h
Examining data/svxlink-19.09.1/src/async/qt/AsyncQtDnsLookupWorker.cpp
Examining data/svxlink-19.09.1/src/async/qt/AsyncQtDnsLookupWorker.h
Examining data/svxlink-19.09.1/src/async/qt/AsyncQtTimer.h
Examining data/svxlink-19.09.1/src/avr/siglev/common.h
Examining data/svxlink-19.09.1/src/avr/siglev/siglev.c
Examining data/svxlink-19.09.1/src/doc/macho/Example.cpp
Examining data/svxlink-19.09.1/src/doc/macho/Helloworld.cpp
Examining data/svxlink-19.09.1/src/doc/macho/Macho.cpp
Examining data/svxlink-19.09.1/src/doc/macho/Macho.hpp
Examining data/svxlink-19.09.1/src/doc/macho/Microwave.cpp
Examining data/svxlink-19.09.1/src/doc/macho/Test.cpp
Examining data/svxlink-19.09.1/src/echolib/EchoLinkDirectory.cpp
Examining data/svxlink-19.09.1/src/echolib/EchoLinkDirectory.h
Examining data/svxlink-19.09.1/src/echolib/EchoLinkDirectoryCon.cpp
Examining data/svxlink-19.09.1/src/echolib/EchoLinkDirectoryCon.h
Examining data/svxlink-19.09.1/src/echolib/EchoLinkDirectory_demo.cpp
Examining data/svxlink-19.09.1/src/echolib/EchoLinkDispatcher.cpp
Examining data/svxlink-19.09.1/src/echolib/EchoLinkDispatcher.h
Examining data/svxlink-19.09.1/src/echolib/EchoLinkDispatcher_demo.cpp
Examining data/svxlink-19.09.1/src/echolib/EchoLinkProxy.cpp
Examining data/svxlink-19.09.1/src/echolib/EchoLinkProxy.h
Examining data/svxlink-19.09.1/src/echolib/EchoLinkQso.cpp
Examining data/svxlink-19.09.1/src/echolib/EchoLinkQso.h
Examining data/svxlink-19.09.1/src/echolib/EchoLinkQsoTest.cpp
Examining data/svxlink-19.09.1/src/echolib/EchoLinkQsoTest.h
Examining data/svxlink-19.09.1/src/echolib/EchoLinkQso_demo.cpp
Examining data/svxlink-19.09.1/src/echolib/EchoLinkStationData.cpp
Examining data/svxlink-19.09.1/src/echolib/EchoLinkStationData.h
Examining data/svxlink-19.09.1/src/echolib/echolib_test.cpp
Examining data/svxlink-19.09.1/src/echolib/md5.c
Examining data/svxlink-19.09.1/src/echolib/md5.h
Examining data/svxlink-19.09.1/src/echolib/rtp.h
Examining data/svxlink-19.09.1/src/echolib/rtpacket.cpp
Examining data/svxlink-19.09.1/src/echolib/rtpacket.h
Examining data/svxlink-19.09.1/src/locationinfo/AprsClient.h
Examining data/svxlink-19.09.1/src/locationinfo/AprsPty.h
Examining data/svxlink-19.09.1/src/locationinfo/AprsTcpClient.cpp
Examining data/svxlink-19.09.1/src/locationinfo/AprsTcpClient.h
Examining data/svxlink-19.09.1/src/locationinfo/AprsUdpClient.cpp
Examining data/svxlink-19.09.1/src/locationinfo/AprsUdpClient.h
Examining data/svxlink-19.09.1/src/locationinfo/LocationInfo.cpp
Examining data/svxlink-19.09.1/src/locationinfo/LocationInfo.h
Examining data/svxlink-19.09.1/src/misc/CppStdCompat.h
Examining data/svxlink-19.09.1/src/misc/common.cpp
Examining data/svxlink-19.09.1/src/misc/common.h
Examining data/svxlink-19.09.1/src/qtel/ComDialog.cpp
Examining data/svxlink-19.09.1/src/qtel/ComDialog.h
Examining data/svxlink-19.09.1/src/qtel/EchoLinkDirectoryModel.cpp
Examining data/svxlink-19.09.1/src/qtel/EchoLinkDirectoryModel.h
Examining data/svxlink-19.09.1/src/qtel/MainWindow.cpp
Examining data/svxlink-19.09.1/src/qtel/MainWindow.h
Examining data/svxlink-19.09.1/src/qtel/MsgHandler.cpp
Examining data/svxlink-19.09.1/src/qtel/MsgHandler.h
Examining data/svxlink-19.09.1/src/qtel/MyMessageBox.h
Examining data/svxlink-19.09.1/src/qtel/Settings.cpp
Examining data/svxlink-19.09.1/src/qtel/Settings.h
Examining data/svxlink-19.09.1/src/qtel/SettingsDialog.h
Examining data/svxlink-19.09.1/src/qtel/Vox.cpp
Examining data/svxlink-19.09.1/src/qtel/Vox.h
Examining data/svxlink-19.09.1/src/qtel/multirate_filter_coeff.h
Examining data/svxlink-19.09.1/src/qtel/qtel.cpp
Examining data/svxlink-19.09.1/src/svxlink/contrib/svxserver/server.cpp
Examining data/svxlink-19.09.1/src/svxlink/contrib/svxserver/server.h
Examining data/svxlink-19.09.1/src/svxlink/contrib/svxserver/svxserver.cpp
Examining data/svxlink-19.09.1/src/svxlink/devcal/devcal.cpp
Examining data/svxlink-19.09.1/src/svxlink/devcal/noisegen.cpp
Examining data/svxlink-19.09.1/src/svxlink/digital/AfskDemodulator.cpp
Examining data/svxlink-19.09.1/src/svxlink/digital/AfskDemodulator.h
Examining data/svxlink-19.09.1/src/svxlink/digital/AfskModulator.cpp
Examining data/svxlink-19.09.1/src/svxlink/digital/AfskModulator.h
Examining data/svxlink-19.09.1/src/svxlink/digital/Fcs.cpp
Examining data/svxlink-19.09.1/src/svxlink/digital/Fcs.h
Examining data/svxlink-19.09.1/src/svxlink/digital/HdlcDeframer.cpp
Examining data/svxlink-19.09.1/src/svxlink/digital/HdlcDeframer.h
Examining data/svxlink-19.09.1/src/svxlink/digital/HdlcFramer.cpp
Examining data/svxlink-19.09.1/src/svxlink/digital/HdlcFramer.h
Examining data/svxlink-19.09.1/src/svxlink/digital/Synchronizer.cpp
Examining data/svxlink-19.09.1/src/svxlink/digital/Synchronizer.h
Examining data/svxlink-19.09.1/src/svxlink/digital/afsk_test.cpp
Examining data/svxlink-19.09.1/src/svxlink/digital/cal_sound_card.cpp
Examining data/svxlink-19.09.1/src/svxlink/digital/tx_test.cpp
Examining data/svxlink-19.09.1/src/svxlink/dtmf_plot/DtmfDecoder.cpp
Examining data/svxlink-19.09.1/src/svxlink/dtmf_plot/DtmfDecoder.h
Examining data/svxlink-19.09.1/src/svxlink/dtmf_plot/dtmf_plot.cpp
Examining data/svxlink-19.09.1/src/svxlink/modules/dtmf_repeater/ModuleDtmfRepeater.cpp
Examining data/svxlink-19.09.1/src/svxlink/modules/dtmf_repeater/ModuleDtmfRepeater.h
Examining data/svxlink-19.09.1/src/svxlink/modules/echolink/ModuleEchoLink.cpp
Examining data/svxlink-19.09.1/src/svxlink/modules/echolink/ModuleEchoLink.h
Examining data/svxlink-19.09.1/src/svxlink/modules/echolink/QsoImpl.cpp
Examining data/svxlink-19.09.1/src/svxlink/modules/echolink/QsoImpl.h
Examining data/svxlink-19.09.1/src/svxlink/modules/echolink/multirate_filter_coeff.h
Examining data/svxlink-19.09.1/src/svxlink/modules/frn/ModuleFrn.cpp
Examining data/svxlink-19.09.1/src/svxlink/modules/frn/ModuleFrn.h
Examining data/svxlink-19.09.1/src/svxlink/modules/frn/QsoFrn.cpp
Examining data/svxlink-19.09.1/src/svxlink/modules/frn/QsoFrn.h
Examining data/svxlink-19.09.1/src/svxlink/modules/frn/Utils.cpp
Examining data/svxlink-19.09.1/src/svxlink/modules/frn/Utils.h
Examining data/svxlink-19.09.1/src/svxlink/modules/frn/multirate_filter_coeff.h
Examining data/svxlink-19.09.1/src/svxlink/modules/help/ModuleHelp.cpp
Examining data/svxlink-19.09.1/src/svxlink/modules/help/ModuleHelp.h
Examining data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp
Examining data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.h
Examining data/svxlink-19.09.1/src/svxlink/modules/parrot/ModuleParrot.cpp
Examining data/svxlink-19.09.1/src/svxlink/modules/parrot/ModuleParrot.h
Examining data/svxlink-19.09.1/src/svxlink/modules/tcl/ModuleTcl.cpp
Examining data/svxlink-19.09.1/src/svxlink/modules/tcl/ModuleTcl.h
Examining data/svxlink-19.09.1/src/svxlink/modules/template/ModuleTemplate.cpp
Examining data/svxlink-19.09.1/src/svxlink/modules/template/ModuleTemplate.h
Examining data/svxlink-19.09.1/src/svxlink/modules/trx/ModuleTrx.cpp
Examining data/svxlink-19.09.1/src/svxlink/modules/trx/ModuleTrx.h
Examining data/svxlink-19.09.1/src/svxlink/reflector/Reflector.cpp
Examining data/svxlink-19.09.1/src/svxlink/reflector/Reflector.h
Examining data/svxlink-19.09.1/src/svxlink/reflector/ReflectorClient.cpp
Examining data/svxlink-19.09.1/src/svxlink/reflector/ReflectorClient.h
Examining data/svxlink-19.09.1/src/svxlink/reflector/ReflectorMsg.h
Examining data/svxlink-19.09.1/src/svxlink/reflector/svxreflector.cpp
Examining data/svxlink-19.09.1/src/svxlink/remotetrx/NetTrxAdapter.cpp
Examining data/svxlink-19.09.1/src/svxlink/remotetrx/NetTrxAdapter.h
Examining data/svxlink-19.09.1/src/svxlink/remotetrx/NetUplink.cpp
Examining data/svxlink-19.09.1/src/svxlink/remotetrx/NetUplink.h
Examining data/svxlink-19.09.1/src/svxlink/remotetrx/RfUplink.cpp
Examining data/svxlink-19.09.1/src/svxlink/remotetrx/RfUplink.h
Examining data/svxlink-19.09.1/src/svxlink/remotetrx/TrxHandler.cpp
Examining data/svxlink-19.09.1/src/svxlink/remotetrx/TrxHandler.h
Examining data/svxlink-19.09.1/src/svxlink/remotetrx/Uplink.cpp
Examining data/svxlink-19.09.1/src/svxlink/remotetrx/Uplink.h
Examining data/svxlink-19.09.1/src/svxlink/remotetrx/remotetrx.cpp
Examining data/svxlink-19.09.1/src/svxlink/siglevdetcal/siglevdetcal.cpp
Examining data/svxlink-19.09.1/src/svxlink/svxlink/CmdParser.cpp
Examining data/svxlink-19.09.1/src/svxlink/svxlink/CmdParser.h
Examining data/svxlink-19.09.1/src/svxlink/svxlink/DtmfDigitHandler.cpp
Examining data/svxlink-19.09.1/src/svxlink/svxlink/DtmfDigitHandler.h
Examining data/svxlink-19.09.1/src/svxlink/svxlink/DummyLogic.h
Examining data/svxlink-19.09.1/src/svxlink/svxlink/EventHandler.cpp
Examining data/svxlink-19.09.1/src/svxlink/svxlink/EventHandler.h
Examining data/svxlink-19.09.1/src/svxlink/svxlink/LinkManager.cpp
Examining data/svxlink-19.09.1/src/svxlink/svxlink/LinkManager.h
Examining data/svxlink-19.09.1/src/svxlink/svxlink/Logic.cpp
Examining data/svxlink-19.09.1/src/svxlink/svxlink/Logic.h
Examining data/svxlink-19.09.1/src/svxlink/svxlink/LogicBase.cpp
Examining data/svxlink-19.09.1/src/svxlink/svxlink/LogicBase.h
Examining data/svxlink-19.09.1/src/svxlink/svxlink/LogicCmds.h
Examining data/svxlink-19.09.1/src/svxlink/svxlink/Module.cpp
Examining data/svxlink-19.09.1/src/svxlink/svxlink/Module.h
Examining data/svxlink-19.09.1/src/svxlink/svxlink/MsgHandler.cpp
Examining data/svxlink-19.09.1/src/svxlink/svxlink/MsgHandler.h
Examining data/svxlink-19.09.1/src/svxlink/svxlink/QsoRecorder.cpp
Examining data/svxlink-19.09.1/src/svxlink/svxlink/QsoRecorder.h
Examining data/svxlink-19.09.1/src/svxlink/svxlink/ReflectorLogic.cpp
Examining data/svxlink-19.09.1/src/svxlink/svxlink/ReflectorLogic.h
Examining data/svxlink-19.09.1/src/svxlink/svxlink/RepeaterLogic.cpp
Examining data/svxlink-19.09.1/src/svxlink/svxlink/RepeaterLogic.h
Examining data/svxlink-19.09.1/src/svxlink/svxlink/SimplexLogic.cpp
Examining data/svxlink-19.09.1/src/svxlink/svxlink/SimplexLogic.h
Examining data/svxlink-19.09.1/src/svxlink/svxlink/svxlink.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/AfskDtmfDecoder.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/AfskDtmfDecoder.h
Examining data/svxlink-19.09.1/src/svxlink/trx/Ddr.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/Ddr.h
Examining data/svxlink-19.09.1/src/svxlink/trx/DdrFilterCoeffs.h
Examining data/svxlink-19.09.1/src/svxlink/trx/Dh1dmSwDtmfDecoder.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/Dh1dmSwDtmfDecoder.h
Examining data/svxlink-19.09.1/src/svxlink/trx/DtmfDecoder.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/DtmfDecoder.h
Examining data/svxlink-19.09.1/src/svxlink/trx/DtmfDecoderTest.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/DtmfEncoder.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/DtmfEncoder.h
Examining data/svxlink-19.09.1/src/svxlink/trx/DummyRxTx.h
Examining data/svxlink-19.09.1/src/svxlink/trx/Emphasis.h
Examining data/svxlink-19.09.1/src/svxlink/trx/Factory.h
Examining data/svxlink-19.09.1/src/svxlink/trx/Goertzel.h
Examining data/svxlink-19.09.1/src/svxlink/trx/HwDtmfDecoder.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/HwDtmfDecoder.h
Examining data/svxlink-19.09.1/src/svxlink/trx/LocalRx.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/LocalRx.h
Examining data/svxlink-19.09.1/src/svxlink/trx/LocalRxBase.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/LocalRxBase.h
Examining data/svxlink-19.09.1/src/svxlink/trx/LocalRxSim.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/LocalRxSim.h
Examining data/svxlink-19.09.1/src/svxlink/trx/LocalTx.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/LocalTx.h
Examining data/svxlink-19.09.1/src/svxlink/trx/Macho.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/Macho.hpp
Examining data/svxlink-19.09.1/src/svxlink/trx/Modulation.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/Modulation.h
Examining data/svxlink-19.09.1/src/svxlink/trx/MultiTx.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/MultiTx.h
Examining data/svxlink-19.09.1/src/svxlink/trx/NetRx.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/NetRx.h
Examining data/svxlink-19.09.1/src/svxlink/trx/NetTrxMsg.h
Examining data/svxlink-19.09.1/src/svxlink/trx/NetTrxTcpClient.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/NetTrxTcpClient.h
Examining data/svxlink-19.09.1/src/svxlink/trx/NetTx.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/NetTx.h
Examining data/svxlink-19.09.1/src/svxlink/trx/Ptt.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/Ptt.h
Examining data/svxlink-19.09.1/src/svxlink/trx/PttCtrl.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/PttCtrl.h
Examining data/svxlink-19.09.1/src/svxlink/trx/PttGpio.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/PttGpio.h
Examining data/svxlink-19.09.1/src/svxlink/trx/PttHidraw.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/PttHidraw.h
Examining data/svxlink-19.09.1/src/svxlink/trx/PttPty.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/PttPty.h
Examining data/svxlink-19.09.1/src/svxlink/trx/PttSerialPin.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/PttSerialPin.h
Examining data/svxlink-19.09.1/src/svxlink/trx/PtyDtmfDecoder.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/PtyDtmfDecoder.h
Examining data/svxlink-19.09.1/src/svxlink/trx/RefCountingPty.h
Examining data/svxlink-19.09.1/src/svxlink/trx/RtlSdr.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/RtlSdr.h
Examining data/svxlink-19.09.1/src/svxlink/trx/RtlTcp.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/RtlTcp.h
Examining data/svxlink-19.09.1/src/svxlink/trx/RtlUsb.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/RtlUsb.h
Examining data/svxlink-19.09.1/src/svxlink/trx/Rx.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/Rx.h
Examining data/svxlink-19.09.1/src/svxlink/trx/S54sDtmfDecoder.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/S54sDtmfDecoder.h
Examining data/svxlink-19.09.1/src/svxlink/trx/Sel5Decoder.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/Sel5Decoder.h
Examining data/svxlink-19.09.1/src/svxlink/trx/SigLevDet.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/SigLevDet.h
Examining data/svxlink-19.09.1/src/svxlink/trx/SigLevDetAfsk.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/SigLevDetAfsk.h
Examining data/svxlink-19.09.1/src/svxlink/trx/SigLevDetDdr.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/SigLevDetDdr.h
Examining data/svxlink-19.09.1/src/svxlink/trx/SigLevDetNoise.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/SigLevDetNoise.h
Examining data/svxlink-19.09.1/src/svxlink/trx/SigLevDetSim.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/SigLevDetSim.h
Examining data/svxlink-19.09.1/src/svxlink/trx/SigLevDetTone.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/SigLevDetTone.h
Examining data/svxlink-19.09.1/src/svxlink/trx/SpanDtmfDecoder.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/SpanDtmfDecoder.h
Examining data/svxlink-19.09.1/src/svxlink/trx/Squelch.h
Examining data/svxlink-19.09.1/src/svxlink/trx/SquelchCtcss.h
Examining data/svxlink-19.09.1/src/svxlink/trx/SquelchEvDev.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/SquelchEvDev.h
Examining data/svxlink-19.09.1/src/svxlink/trx/SquelchGpio.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/SquelchGpio.h
Examining data/svxlink-19.09.1/src/svxlink/trx/SquelchHidraw.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/SquelchHidraw.h
Examining data/svxlink-19.09.1/src/svxlink/trx/SquelchOpen.h
Examining data/svxlink-19.09.1/src/svxlink/trx/SquelchPty.h
Examining data/svxlink-19.09.1/src/svxlink/trx/SquelchSerial.h
Examining data/svxlink-19.09.1/src/svxlink/trx/SquelchSigLev.h
Examining data/svxlink-19.09.1/src/svxlink/trx/SquelchVox.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/SquelchVox.h
Examining data/svxlink-19.09.1/src/svxlink/trx/SvxSwDtmfDecoder.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/SvxSwDtmfDecoder.h
Examining data/svxlink-19.09.1/src/svxlink/trx/SwSel5Decoder.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/SwSel5Decoder.h
Examining data/svxlink-19.09.1/src/svxlink/trx/ToneDetector.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/ToneDetector.h
Examining data/svxlink-19.09.1/src/svxlink/trx/Tx.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/Tx.h
Examining data/svxlink-19.09.1/src/svxlink/trx/Voter.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/Voter.h
Examining data/svxlink-19.09.1/src/svxlink/trx/WbRxRtlSdr.cpp
Examining data/svxlink-19.09.1/src/svxlink/trx/WbRxRtlSdr.h
Examining data/svxlink-19.09.1/src/svxlink/trx/multirate_filter_coeff.h
Examining data/svxlink-19.09.1/src/template.cpp
Examining data/svxlink-19.09.1/src/template.h
FINAL RESULTS:
data/svxlink-19.09.1/src/async/audio/fidlib.c:270:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#ifndef vsnprintf
data/svxlink-19.09.1/src/async/audio/fidlib.c:271:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/svxlink-19.09.1/src/async/audio/fidlib.c:273:10: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#ifndef snprintf
data/svxlink-19.09.1/src/async/audio/fidlib.c:274:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/svxlink-19.09.1/src/async/audio/fidlib.c:274:20: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/svxlink-19.09.1/src/async/audio/fidlib.c:295:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, ap); // Ignore overflow
data/svxlink-19.09.1/src/async/audio/fidlib.c:310:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len= vsnprintf(buf, sizeof(buf), fmt, ap);
data/svxlink-19.09.1/src/async/audio/fidlib.c:1957:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 1: sprintf(buf, "/%s%.15g", sp.adj ? "=" : "", sp.f0); break;
data/svxlink-19.09.1/src/async/audio/fidlib.c:1958:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 2: sprintf(buf, "/%s%.15g-%.15g", sp.adj ? "=" : "", sp.f0, sp.f1); break;
data/svxlink-19.09.1/src/async/audio/fidlib.c:1964:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rv+sp.minlen, buf);
data/svxlink-19.09.1/src/async/core/AsyncExec.cpp:339:9: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = execv(cmd[0], cmd);
data/svxlink-19.09.1/src/echolib/rtpacket.cpp:54:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%-15s%s", callsign, name);
data/svxlink-19.09.1/src/locationinfo/AprsTcpClient.cpp:172:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "connection to %s closed", call.c_str());
data/svxlink-19.09.1/src/locationinfo/AprsTcpClient.cpp:175:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "connection to %s (%s)", call.c_str(), info.c_str());
data/svxlink-19.09.1/src/locationinfo/AprsTcpClient.cpp:178:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "incoming connection %s (%s)", call.c_str(), info.c_str());
data/svxlink-19.09.1/src/locationinfo/AprsTcpClient.cpp:191:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(aprsmsg, "%s>%s,%s:;%s%-6.6s*111111z%s%s\r\n",
data/svxlink-19.09.1/src/locationinfo/AprsTcpClient.cpp:214:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(aprsmsg, "%s>%s\n\r", call.c_str(), info.c_str());
data/svxlink-19.09.1/src/locationinfo/AprsTcpClient.cpp:268:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tone, (loc_cfg.tone < 1000) ? "T%03d" : "%04d", loc_cfg.tone);
data/svxlink-19.09.1/src/locationinfo/AprsTcpClient.cpp:272:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(aprsmsg, "%s>%s,%s:;%s%-6.6s*111111z%s%03d.%03dMHz %s R%02d%c %s\r\n",
data/svxlink-19.09.1/src/locationinfo/AprsTcpClient.cpp:312:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(loginmsg, format, el_call.c_str(), getPasswd(el_call),
data/svxlink-19.09.1/src/locationinfo/AprsUdpClient.cpp:286:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(info, "=%s ", curr_call.c_str());
data/svxlink-19.09.1/src/locationinfo/AprsUdpClient.cpp:289:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(info, "+%s ", curr_call.c_str());
data/svxlink-19.09.1/src/locationinfo/AprsUdpClient.cpp:321:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s-%s/%d", loc_cfg.mycall.c_str(), loc_cfg.prefix.c_str(),
data/svxlink-19.09.1/src/locationinfo/AprsUdpClient.cpp:326:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, ")EL-%.6s!%s0PHG%d%d%d%d/%06d/%03d%6s%02d%02d\r\n",
data/svxlink-19.09.1/src/locationinfo/LocationInfo.cpp:620:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(info, "E%s-%s>RXTLM-1,TCPIP,qAR,%s::E%s-%-6s:%s\n",
data/svxlink-19.09.1/src/locationinfo/LocationInfo.cpp:650:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(info,
data/svxlink-19.09.1/src/qtel/qtel.cpp:145:51: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
translator.load(QString("qtel_%1").arg(QLocale::system().name()),
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/svxserver.cpp:293:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(err, "fopen(\"%s\")", pidfile_name);
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/svxserver.cpp:761:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, logfile_name);
data/svxlink-19.09.1/src/svxlink/reflector/svxreflector.cpp:275:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(err, "fopen(\"%s\")", pidfile_name);
data/svxlink-19.09.1/src/svxlink/remotetrx/remotetrx.cpp:332:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(err, "fopen(\"%s\")", pidfile_name);
data/svxlink-19.09.1/src/svxlink/svxlink/svxlink.cpp:292:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(err, "fopen(\"%s\")", pidfile_name);
data/svxlink-19.09.1/src/svxlink/trx/SwSel5Decoder.cpp:316:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sel5_table, tonedef.c_str());
data/svxlink-19.09.1/src/async/audio/AsyncAudioDeviceAlsa.cpp:201:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *zerofill_str = getenv("ASYNC_AUDIO_ALSA_ZEROFILL");
data/svxlink-19.09.1/src/async/audio/AsyncAudioDeviceOSS.cpp:202:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *use_trigger_str = getenv("ASYNC_AUDIO_NOTRIGGER");
data/svxlink-19.09.1/src/echolib/echolib_test.cpp:188:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *home = getenv("HOME");
data/svxlink-19.09.1/src/misc/common.h:234:15: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
input.setstate(std::ios_base::failbit);
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/svxserver.cpp:339:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *home_dir = getenv("HOME");
data/svxlink-19.09.1/src/svxlink/digital/afsk_test.cpp:431:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
string cfg_filename(getenv("HOME"));
data/svxlink-19.09.1/src/svxlink/modules/echolink/ModuleEchoLink.cpp:1992:7: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/svxlink-19.09.1/src/svxlink/modules/frn/Utils.cpp:61:14: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
is.setstate(std::ios::eofbit);
data/svxlink-19.09.1/src/svxlink/reflector/svxreflector.cpp:315:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home_dir = getenv("HOME");
data/svxlink-19.09.1/src/svxlink/remotetrx/RfUplink.cpp:103:13: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
input.setstate(ios_base::failbit);
data/svxlink-19.09.1/src/svxlink/remotetrx/remotetrx.cpp:372:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home_dir = getenv("HOME");
data/svxlink-19.09.1/src/svxlink/svxlink/QsoRecorder.cpp:344:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *shell = getenv("SHELL");
data/svxlink-19.09.1/src/svxlink/svxlink/svxlink.cpp:332:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home_dir = getenv("HOME");
data/svxlink-19.09.1/src/async/audio/AsyncAudioDecoderSpeex.cpp:141:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
enableEnhancer(atoi(value.c_str()) != 0);
data/svxlink-19.09.1/src/async/audio/AsyncAudioDevice.cpp:196:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool AudioDevice::open(Mode mode)
data/svxlink-19.09.1/src/async/audio/AsyncAudioDevice.h:243:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(Mode mode);
data/svxlink-19.09.1/src/async/audio/AsyncAudioDeviceOSS.cpp:203:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
use_trigger = (use_trigger_str != 0) && (atoi(use_trigger_str) == 0);
data/svxlink-19.09.1/src/async/audio/AsyncAudioDeviceOSS.cpp:206:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int f = ::open(dev_name.c_str(), O_RDWR);
data/svxlink-19.09.1/src/async/audio/AsyncAudioDeviceOSS.cpp:252:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = ::open(dev_name.c_str(), flags);
data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoderOpus.cpp:156:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
setFramesPerPacket(atoi(value.c_str()));
data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoderOpus.cpp:170:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
setComplexity(atoi(value.c_str()));
data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoderOpus.cpp:174:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
setBitrate(atoi(value.c_str()));
data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoderOpus.cpp:178:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
enableVbr(atoi(value.c_str()) != 0);
data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoderOpus.cpp:182:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
enableConstrainedVbr(atoi(value.c_str()) != 0);
data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoderOpus.cpp:641:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output_buf[4000];
data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoderSpeex.cpp:152:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
setFramesPerPacket(atoi(value.c_str()));
data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoderSpeex.cpp:156:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
setQuality(atoi(value.c_str()));
data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoderSpeex.cpp:160:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
setBitrate(atoi(value.c_str()));
data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoderSpeex.cpp:164:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
setComplexity(atoi(value.c_str()));
data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoderSpeex.cpp:168:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
enableVbr(atoi(value.c_str()) != 0);
data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoderSpeex.cpp:172:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
setVbrQuality(atoi(value.c_str()));
data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoderSpeex.cpp:176:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
setAbr(atoi(value.c_str()));
data/svxlink-19.09.1/src/async/audio/AsyncAudioEncoderSpeex.cpp:341:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_buf[nbytes];
data/svxlink-19.09.1/src/async/audio/AsyncAudioFilter.cpp:166:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spec_buf[256];
data/svxlink-19.09.1/src/async/audio/AsyncAudioIO.cpp:319:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool AudioIO::open(Mode mode)
data/svxlink-19.09.1/src/async/audio/AsyncAudioIO.cpp:339:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open_ok = audio_dev->open((AudioDevice::Mode)mode);
data/svxlink-19.09.1/src/async/audio/AsyncAudioIO.h:236:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(Mode mode);
data/svxlink-19.09.1/src/async/audio/AsyncAudioPacer.cpp:192:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + buf_pos, samples, samples_written * sizeof(*buf));
data/svxlink-19.09.1/src/async/audio/AsyncAudioProcessor.cpp:156:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(input_buf + input_buf_cnt, samples, copy_cnt * sizeof(*input_buf));
data/svxlink-19.09.1/src/async/audio/AsyncAudioProcessor.cpp:188:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(input_buf, samples, len * sizeof(*input_buf));
data/svxlink-19.09.1/src/async/audio/AsyncAudioReader.cpp:159:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + samples_in_buf, samples, samples_to_read * sizeof(*buf));
data/svxlink-19.09.1/src/async/audio/AsyncAudioRecorder.cpp:158:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(filename.c_str(), "w");
data/svxlink-19.09.1/src/async/audio/AsyncAudioRecorder.cpp:324:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[WAVE_HEADER_SIZE];
data/svxlink-19.09.1/src/async/audio/AsyncAudioRecorder.cpp:328:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, "RIFF", 4);
data/svxlink-19.09.1/src/async/audio/AsyncAudioRecorder.cpp:335:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, "WAVE", 4);
data/svxlink-19.09.1/src/async/audio/AsyncAudioRecorder.cpp:339:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, "fmt ", 4);
data/svxlink-19.09.1/src/async/audio/AsyncAudioRecorder.cpp:364:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, "data", 4);
data/svxlink-19.09.1/src/async/audio/AsyncAudioSplitter.cpp:356:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, samples, len * sizeof(*samples));
data/svxlink-19.09.1/src/async/audio/fidlib.c:291:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/svxlink-19.09.1/src/async/audio/fidlib.c:307:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], *rv;
data/svxlink-19.09.1/src/async/audio/fidlib.c:403:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aa, bb, 2*sizeof(double)); // Assigning doubles is really slow
data/svxlink-19.09.1/src/async/audio/fidlib.c:703:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, q, len);
data/svxlink-19.09.1/src/async/audio/fidlib.c:909:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bessel(order); memcpy(tmp, pol, order * sizeof(double));
data/svxlink-19.09.1/src/async/audio/fidlib.c:1405:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%d", sp.order);
data/svxlink-19.09.1/src/async/audio/fidlib.c:1408:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%g", f0*rate);
data/svxlink-19.09.1/src/async/audio/fidlib.c:1411:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%g-%g", f0*rate, f1*rate);
data/svxlink-19.09.1/src/async/audio/fidlib.c:1418:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%g", *arg++);
data/svxlink-19.09.1/src/async/audio/fidlib.c:1579:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 'o': p += sprintf(p, "<optional-order>"); break;
data/svxlink-19.09.1/src/async/audio/fidlib.c:1580:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 'O': p += sprintf(p, "<order>"); break;
data/svxlink-19.09.1/src/async/audio/fidlib.c:1581:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 'F': p += sprintf(p, "<freq>"); break;
data/svxlink-19.09.1/src/async/audio/fidlib.c:1582:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 'R': p += sprintf(p, "<range>"); break;
data/svxlink-19.09.1/src/async/audio/fidlib.c:1583:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 'V': p += sprintf(p, "<value>"); break;
data/svxlink-19.09.1/src/async/audio/fidlib.c:1584:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
default: p += sprintf(p, "<%c>", str[-1]); break;
data/svxlink-19.09.1/src/async/audio/fidlib.c:1693:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/svxlink-19.09.1/src/async/audio/fidlib.c:1709:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[4096];
data/svxlink-19.09.1/src/async/audio/fidlib.c:1953:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/svxlink-19.09.1/src/async/audio/fidlib.c:1963:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rv, spec, sp.minlen);
data/svxlink-19.09.1/src/async/audio/fidlib.c:1970:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rv, spec, sp.minlen);
data/svxlink-19.09.1/src/async/audio/fidlib.c:2029:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ff->val, dp, len * sizeof(double));
data/svxlink-19.09.1/src/async/audio/fidlib.c:2072:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, ff0, cnt);
data/svxlink-19.09.1/src/async/audio/fidlib.c:2125:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, p, len);
data/svxlink-19.09.1/src/async/audio/fidlib.c:2147:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/svxlink-19.09.1/src/async/audio/fidlib.c:2244:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rvp, ff, len); rvp += len;
data/svxlink-19.09.1/src/async/audio/fidmkf.h:202:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char poltyp[MAXPZ]; // Pole value types: 1 real, 2 first of complex pair, 0 second
data/svxlink-19.09.1/src/async/audio/fidmkf.h:205:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char zertyp[MAXPZ];
data/svxlink-19.09.1/src/async/audio/fidmkf.h:298:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pol, bessel_poles[order-1], n_pol * sizeof(double));
data/svxlink-19.09.1/src/async/audio/fidmkf.h:771:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp1, val, 2*sizeof(double));
data/svxlink-19.09.1/src/async/audio/fidmkf.h:772:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp2, val, 2*sizeof(double));
data/svxlink-19.09.1/src/async/audio/fidmkf.h:773:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp3, val, 2*sizeof(double));
data/svxlink-19.09.1/src/async/audio/fidmkf.h:774:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp4, val, 2*sizeof(double));
data/svxlink-19.09.1/src/async/audio/fidmkf.h:813:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zer, pol, 2*sizeof(double));
data/svxlink-19.09.1/src/async/audio/fidrf_cmdlist.h:365:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rr->coef, coef_tmp, coef_cnt*sizeof(double));
data/svxlink-19.09.1/src/async/audio/fidrf_cmdlist.h:366:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rr->cmd, cmd_tmp, cmd_cnt*sizeof(char));
data/svxlink-19.09.1/src/async/core/AsyncConfig.cpp:132:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool Config::open(const string& name)
data/svxlink-19.09.1/src/async/core/AsyncConfig.cpp:136:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(name.c_str(), "r");
data/svxlink-19.09.1/src/async/core/AsyncConfig.cpp:280:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[16384];
data/svxlink-19.09.1/src/async/core/AsyncConfig.h:156:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const std::string& name);
data/svxlink-19.09.1/src/async/core/AsyncExec.cpp:333:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cmd[args.size()+1];
data/svxlink-19.09.1/src/async/core/AsyncExec.cpp:436:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/svxlink-19.09.1/src/async/core/AsyncExec.cpp:457:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/svxlink-19.09.1/src/async/core/AsyncExec.cpp:528:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/svxlink-19.09.1/src/async/core/AsyncFileReader.cpp:134:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool FileReader::open(const string& name)
data/svxlink-19.09.1/src/async/core/AsyncFileReader.cpp:138:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = ::open(name.c_str(), O_RDONLY | O_NONBLOCK);
data/svxlink-19.09.1/src/async/core/AsyncFileReader.cpp:194:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)buf + written, buffer + tail, to_end_of_buffer);
data/svxlink-19.09.1/src/async/core/AsyncFileReader.h:136:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const std::string& name);
data/svxlink-19.09.1/src/async/core/AsyncFramedTcpConnection.cpp:240:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(m_frame.data()+cur_size, ptr, copy_cnt);
data/svxlink-19.09.1/src/async/core/AsyncFramedTcpConnection.h:253:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(ptr, buf, count);
data/svxlink-19.09.1/src/async/core/AsyncIpAddress.cpp:189:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t mask = 0xffffffff ^ ((uint32_t)pow(2.0, 32-atoi(mask_str.c_str())) - 1);
data/svxlink-19.09.1/src/async/core/AsyncMsg.h:309:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(T)];
data/svxlink-19.09.1/src/async/core/AsyncMsg.h:343:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(T)];
data/svxlink-19.09.1/src/async/core/AsyncMsg.h:377:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(T)];
data/svxlink-19.09.1/src/async/core/AsyncMsg.h:433:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[str_len];
data/svxlink-19.09.1/src/async/core/AsyncPty.cpp:139:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool Pty::open(void)
data/svxlink-19.09.1/src/async/core/AsyncPty.cpp:188:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int slave = ::open(slave_path, O_RDWR|O_NOCTTY);
data/svxlink-19.09.1/src/async/core/AsyncPty.cpp:234:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!open())
data/svxlink-19.09.1/src/async/core/AsyncPty.cpp:292:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/svxlink-19.09.1/src/async/core/AsyncPty.h:144:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(void);
data/svxlink-19.09.1/src/async/core/AsyncSerial.cpp:320:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool Serial::open(bool flush)
data/svxlink-19.09.1/src/async/core/AsyncSerial.cpp:327:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dev = SerialDevice::open(serial_port, flush);
data/svxlink-19.09.1/src/async/core/AsyncSerial.h:221:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(bool flush=false);
data/svxlink-19.09.1/src/async/core/AsyncSerialDevice.cpp:137:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SerialDevice *SerialDevice::open(const string& port, bool flush)
data/svxlink-19.09.1/src/async/core/AsyncSerialDevice.cpp:238:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = ::open(port_name.c_str(), O_RDWR | O_NOCTTY | O_NONBLOCK);
data/svxlink-19.09.1/src/async/core/AsyncSerialDevice.cpp:302:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[Serial::READ_BUFSIZE];
data/svxlink-19.09.1/src/async/core/AsyncSerialDevice.h:131:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
static SerialDevice *open(const std::string& port, bool flush);
data/svxlink-19.09.1/src/async/core/AsyncTcpConnection.cpp:209:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_recv_buf, recv_buf, recv_buf_cnt);
data/svxlink-19.09.1/src/async/core/AsyncUdpSocket.cpp:100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65535];
data/svxlink-19.09.1/src/async/core/AsyncUdpSocket.cpp:106:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->buf, buf, len);
data/svxlink-19.09.1/src/async/core/AsyncUdpSocket.cpp:326:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65536];
data/svxlink-19.09.1/src/async/demo/AsyncAudioFsf_demo.cpp:36:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!audio_io.open(Async::AudioIO::MODE_RDWR))
data/svxlink-19.09.1/src/async/demo/AsyncAudioIO_demo.cpp:19:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
audio_io->open(AudioIO::MODE_RDWR);
data/svxlink-19.09.1/src/async/demo/AsyncAudioIO_demo.cpp:34:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sine_io->open(AudioIO::MODE_WR);
data/svxlink-19.09.1/src/async/demo/AsyncConfig_demo.cpp:13:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cfg.open("test.cfg"))
data/svxlink-19.09.1/src/async/demo/AsyncFdWatch_demo.cpp:29:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/svxlink-19.09.1/src/async/demo/AsyncMsg_demo.cpp:72:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
os.open("m2.msg", std::ofstream::binary);
data/svxlink-19.09.1/src/async/demo/AsyncMsg_demo.cpp:91:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
is.open("m2.msg", std::ifstream::binary);
data/svxlink-19.09.1/src/async/demo/AsyncPtyStreamBuf_demo.cpp:33:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!pty.open())
data/svxlink-19.09.1/src/async/demo/AsyncSerial_demo.cpp:20:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!serial->open(true))
data/svxlink-19.09.1/src/doc/macho/Microwave.cpp:37:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void open() {}
data/svxlink-19.09.1/src/doc/macho/Microwave.cpp:69:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/svxlink-19.09.1/src/doc/macho/Microwave.cpp:129:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Operational::open() {
data/svxlink-19.09.1/src/doc/macho/Microwave.cpp:187:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m->open();
data/svxlink-19.09.1/src/echolib/EchoLinkDirectory.cpp:496:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
get_call_cnt = atoi(buf);
data/svxlink-19.09.1/src/echolib/EchoLinkDirectory.cpp:548:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
get_call_entry.setId(atoi(buf));
data/svxlink-19.09.1/src/echolib/EchoLinkDirectory.cpp:692:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_time_str[6];
data/svxlink-19.09.1/src/echolib/EchoLinkDirectory.cpp:704:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_time_str[6];
data/svxlink-19.09.1/src/echolib/EchoLinkDispatcher.cpp:336:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remote_id[256];
data/svxlink-19.09.1/src/echolib/EchoLinkDispatcher.cpp:340:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strtok_buf[256];
data/svxlink-19.09.1/src/echolib/EchoLinkDispatcher.cpp:350:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char priv[256];
data/svxlink-19.09.1/src/echolib/EchoLinkProxy.cpp:290:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg_ptr, data, len);
data/svxlink-19.09.1/src/echolib/EchoLinkProxy.cpp:296:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errstr[256];
data/svxlink-19.09.1/src/echolib/EchoLinkProxy.cpp:394:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char auth_msg[auth_msg_len+1];
data/svxlink-19.09.1/src/echolib/EchoLinkProxy.cpp:396:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(auth_msg_ptr, callsign.c_str(), callsign.size());
data/svxlink-19.09.1/src/echolib/EchoLinkProxy.cpp:403:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char auth_str[auth_str_len + 1];
data/svxlink-19.09.1/src/echolib/EchoLinkProxy.cpp:405:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(auth_str_ptr, password.c_str(), password.size());
data/svxlink-19.09.1/src/echolib/EchoLinkProxy.cpp:407:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(auth_str_ptr, buf, NONCE_SIZE);
data/svxlink-19.09.1/src/echolib/EchoLinkProxy.cpp:541:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(recv_buf + recv_buf_cnt, buf, len);
data/svxlink-19.09.1/src/echolib/EchoLinkProxy.cpp:560:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(recv_buf, buf + processed, recv_buf_cnt);
data/svxlink-19.09.1/src/echolib/EchoLinkQso.cpp:628:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remote_id[256];
data/svxlink-19.09.1/src/echolib/EchoLinkQso.cpp:633:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strtok_buf[256];
data/svxlink-19.09.1/src/echolib/EchoLinkQso.cpp:659:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char priv[256];
data/svxlink-19.09.1/src/echolib/EchoLinkQso.cpp:1032:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bye[64];
data/svxlink-19.09.1/src/echolib/EchoLinkQso.h:482:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sdes_packet[1500];
data/svxlink-19.09.1/src/echolib/EchoLinkQsoTest.cpp:168:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
audio_io->open(AudioIO::MODE_RDWR);
data/svxlink-19.09.1/src/echolib/EchoLinkQsoTest.cpp:172:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
audio_io->open(AudioIO::MODE_WR);
data/svxlink-19.09.1/src/echolib/EchoLinkQsoTest.cpp:307:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
audio_io->open(AudioIO::MODE_WR);
data/svxlink-19.09.1/src/echolib/EchoLinkQsoTest.cpp:316:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
audio_io->open(AudioIO::MODE_RD);
data/svxlink-19.09.1/src/echolib/EchoLinkStationData.cpp:186:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAXDATA];
data/svxlink-19.09.1/src/echolib/echolib_test.cpp:154:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char my_callsign[256];
data/svxlink-19.09.1/src/echolib/echolib_test.cpp:155:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char my_password[256];
data/svxlink-19.09.1/src/echolib/echolib_test.cpp:156:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char my_name[256];
data/svxlink-19.09.1/src/echolib/echolib_test.cpp:157:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char my_location[256];
data/svxlink-19.09.1/src/echolib/echolib_test.cpp:158:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char my_info[256];
data/svxlink-19.09.1/src/echolib/echolib_test.cpp:195:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *cfg = fopen(cfg_filename.c_str(), "r");
data/svxlink-19.09.1/src/echolib/md5.c:169:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xbuf, data, 64);
data/svxlink-19.09.1/src/echolib/md5.c:343:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pms->buf + offset, p, copy);
data/svxlink-19.09.1/src/echolib/md5.c:357:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pms->buf, p, left);
data/svxlink-19.09.1/src/echolib/rtpacket.cpp:11:33: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block, text, sl); block += sl; }
data/svxlink-19.09.1/src/echolib/rtpacket.cpp:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256];
data/svxlink-19.09.1/src/echolib/rtpacket.cpp:181:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r_text, cp + 2, ilen);
data/svxlink-19.09.1/src/locationinfo/AprsPty.h:141:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return pty->open();
data/svxlink-19.09.1/src/locationinfo/AprsTcpClient.cpp:168:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[80];
data/svxlink-19.09.1/src/locationinfo/AprsTcpClient.cpp:186:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pos[128];
data/svxlink-19.09.1/src/locationinfo/AprsTcpClient.cpp:190:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aprsmsg[256];
data/svxlink-19.09.1/src/locationinfo/AprsTcpClient.cpp:213:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aprsmsg[200];
data/svxlink-19.09.1/src/locationinfo/AprsTcpClient.cpp:251:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pos, "%02d%02d.%02d%c%c%03d%02d.%02d%c0",
data/svxlink-19.09.1/src/locationinfo/AprsTcpClient.cpp:263:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pos[128];
data/svxlink-19.09.1/src/locationinfo/AprsTcpClient.cpp:267:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tone[5];
data/svxlink-19.09.1/src/locationinfo/AprsTcpClient.cpp:271:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aprsmsg[200];
data/svxlink-19.09.1/src/locationinfo/AprsTcpClient.cpp:309:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loginmsg[150];
data/svxlink-19.09.1/src/locationinfo/AprsUdpClient.cpp:223:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdes_packet[256];
data/svxlink-19.09.1/src/locationinfo/AprsUdpClient.cpp:254:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block, text, sl); \
data/svxlink-19.09.1/src/locationinfo/AprsUdpClient.cpp:263:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pos[128], info[80], tmp[256];
data/svxlink-19.09.1/src/locationinfo/AprsUdpClient.cpp:272:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(info, " Off @");
data/svxlink-19.09.1/src/locationinfo/AprsUdpClient.cpp:276:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(info, " Busy ");
data/svxlink-19.09.1/src/locationinfo/AprsUdpClient.cpp:283:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(info, " On @");
data/svxlink-19.09.1/src/locationinfo/AprsUdpClient.cpp:300:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pos, "%02d%02d.%02d%cE%03d%02d.%02d%c",
data/svxlink-19.09.1/src/locationinfo/LocationInfo.cpp:177:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int iv = atoi(cfg.getValue(cfg_name, "STATISTICS_INTERVAL").c_str());
data/svxlink-19.09.1/src/locationinfo/LocationInfo.cpp:328:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir, sep[2];
data/svxlink-19.09.1/src/locationinfo/LocationInfo.cpp:364:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir, sep[2];
data/svxlink-19.09.1/src/locationinfo/LocationInfo.cpp:616:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[255];
data/svxlink-19.09.1/src/qtel/ComDialog.cpp:544:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mic_open_ok = mic_audio_io->open(AudioIO::MODE_RD);
data/svxlink-19.09.1/src/qtel/ComDialog.cpp:556:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
spkr_open_ok = spkr_audio_io->open(AudioIO::MODE_WR);
data/svxlink-19.09.1/src/qtel/MainWindow.cpp:326:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_str[16];
data/svxlink-19.09.1/src/qtel/MainWindow.cpp:340:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
msg_audio_io->open(AudioIO::MODE_WR);
data/svxlink-19.09.1/src/qtel/MsgHandler.cpp:203:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chunk_id[4];
data/svxlink-19.09.1/src/qtel/MsgHandler.cpp:205:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[4];
data/svxlink-19.09.1/src/qtel/MsgHandler.cpp:206:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subchunk1id[4];
data/svxlink-19.09.1/src/qtel/MsgHandler.cpp:214:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subchunk2id[4];
data/svxlink-19.09.1/src/qtel/MsgHandler.cpp:517:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = ::open(filename.c_str(), O_RDONLY);
data/svxlink-19.09.1/src/qtel/MsgHandler.cpp:589:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = ::open(filename.c_str(), O_RDONLY);
data/svxlink-19.09.1/src/qtel/MsgHandler.cpp:686:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = ::open(filename.c_str(), O_RDONLY);
data/svxlink-19.09.1/src/qtel/MsgHandler.cpp:694:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[44];
data/svxlink-19.09.1/src/qtel/MsgHandler.cpp:704:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chunk_id, ptr, 4);
data/svxlink-19.09.1/src/qtel/MsgHandler.cpp:715:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(format, ptr, 4);
data/svxlink-19.09.1/src/qtel/MsgHandler.cpp:724:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(subchunk1id, ptr, 4);
data/svxlink-19.09.1/src/qtel/MsgHandler.cpp:781:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(subchunk2id, ptr, 4);
data/svxlink-19.09.1/src/qtel/Settings.cpp:505:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_vsplitter_sizes.push_back(atoi(size_str.toStdString().c_str()));
data/svxlink-19.09.1/src/qtel/Settings.cpp:519:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_hsplitter_sizes.push_back(atoi(size_str.toStdString().c_str()));
data/svxlink-19.09.1/src/qtel/Settings.cpp:531:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_stn_view_col_sizes.push_back(atoi(size_str.toStdString().c_str()));
data/svxlink-19.09.1/src/qtel/Settings.cpp:537:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_incm_view_col_sizes.push_back(atoi(size_str.toStdString().c_str()));
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/server.cpp:101:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sql_timeout = 1000 * atoi(value.c_str());
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/server.cpp:111:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sql_resettimeout = 1000 * atoi(value.c_str());
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/server.cpp:125:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hbto = 1000 * atoi(value.c_str());
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/server.cpp:145:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(auth_challenge, auth_msg->challenge(),
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/server.cpp:297:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*it).second.recv_buf+(*it).second.recv_cnt, buf, read_cnt);
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/server.h:158:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recv_buf[4096];
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/server.h:174:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char auth_challenge[NetTrxMsg::MsgAuthChallenge::CHALLENGE_LEN];
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/svxserver.cpp:289:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *pidfile = fopen(pidfile_name, "w");
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/svxserver.cpp:292:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[256];
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/svxserver.cpp:321:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/svxserver.cpp:322:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "chown returns:%d uid:%d gid:%d", rc,
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/svxserver.cpp:352:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cfg.open(cfg_filename))
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/svxserver.cpp:363:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cfg.open(cfg_filename))
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/svxserver.cpp:366:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cfg.open(cfg_filename))
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/svxserver.cpp:369:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cfg.open(cfg_filename))
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/svxserver.cpp:418:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cfg.open(cfg_filename))
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/svxserver.cpp:585:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/svxserver.cpp:654:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstr[256];
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/svxserver.cpp:696:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/svxserver.cpp:757:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfd = open(logfile_name, O_WRONLY | O_APPEND | O_CREAT, 00644);
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/svxserver.cpp:760:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256] = "open(\"";
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/svxserver.cpp:762:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "\")");
data/svxlink-19.09.1/src/svxlink/devcal/devcal.cpp:524:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cfg.open(cfgfile))
data/svxlink-19.09.1/src/svxlink/devcal/devcal.cpp:600:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!audio_io->open(AudioIO::MODE_WR))
data/svxlink-19.09.1/src/svxlink/devcal/devcal.cpp:652:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!audio_io->open(AudioIO::MODE_WR))
data/svxlink-19.09.1/src/svxlink/devcal/devcal.cpp:835:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/svxlink-19.09.1/src/svxlink/devcal/noisegen.cpp:47:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (audio_io.open(AudioIO::MODE_WR))
data/svxlink-19.09.1/src/svxlink/digital/afsk_test.cpp:126:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/svxlink-19.09.1/src/svxlink/digital/afsk_test.cpp:321:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(int mode) { return true; }
data/svxlink-19.09.1/src/svxlink/digital/afsk_test.cpp:434:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cfg.open(cfg_filename))
data/svxlink-19.09.1/src/svxlink/digital/afsk_test.cpp:456:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!audio_io.open(AudioIO::MODE_RDWR))
data/svxlink-19.09.1/src/svxlink/digital/cal_sound_card.cpp:80:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!audio_in.open(AudioIO::MODE_RD))
data/svxlink-19.09.1/src/svxlink/digital/tx_test.cpp:19:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cfg.open(cfg_file))
data/svxlink-19.09.1/src/svxlink/digital/tx_test.cpp:26:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!audio_in.open(AudioIO::MODE_RD))
data/svxlink-19.09.1/src/svxlink/dtmf_plot/DtmfDecoder.cpp:230:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sample_buf + buffered_samples, buf, sizeof(*buf) * samples_to_copy);
data/svxlink-19.09.1/src/svxlink/dtmf_plot/DtmfDecoder.cpp:364:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char digit_map[4][4] =
data/svxlink-19.09.1/src/svxlink/dtmf_plot/dtmf_plot.cpp:143:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[2];
data/svxlink-19.09.1/src/svxlink/dtmf_plot/dtmf_plot.cpp:234:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!audio_io.open(AudioIO::MODE_RD))
data/svxlink-19.09.1/src/svxlink/modules/echolink/ModuleEchoLink.cpp:259:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_connections = atoi(value.c_str());
data/svxlink-19.09.1/src/svxlink/modules/echolink/ModuleEchoLink.cpp:264:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_qsos = atoi(value.c_str());
data/svxlink-19.09.1/src/svxlink/modules/echolink/ModuleEchoLink.cpp:287:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[msg_size];
data/svxlink-19.09.1/src/svxlink/modules/echolink/ModuleEchoLink.cpp:325:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[msg_size];
data/svxlink-19.09.1/src/svxlink/modules/echolink/ModuleEchoLink.cpp:344:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[msg_size];
data/svxlink-19.09.1/src/svxlink/modules/echolink/ModuleEchoLink.cpp:363:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[msg_size];
data/svxlink-19.09.1/src/svxlink/modules/echolink/ModuleEchoLink.cpp:382:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[msg_size];
data/svxlink-19.09.1/src/svxlink/modules/echolink/ModuleEchoLink.cpp:472:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!pty->open())
data/svxlink-19.09.1/src/svxlink/modules/echolink/ModuleEchoLink.cpp:807:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
connectByNodeId(atoi(cmd.c_str()));
data/svxlink-19.09.1/src/svxlink/modules/echolink/ModuleEchoLink.cpp:1751:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned idx = static_cast<unsigned>(atoi(cmd.c_str()));
data/svxlink-19.09.1/src/svxlink/modules/echolink/ModuleEchoLink.cpp:1833:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned idx = static_cast<unsigned>(atoi(cmd.c_str()));
data/svxlink-19.09.1/src/svxlink/modules/echolink/ModuleEchoLink.cpp:2164:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_str[64];
data/svxlink-19.09.1/src/svxlink/modules/echolink/QsoImpl.cpp:189:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
idle_timeout = atoi(idle_timeout_str.c_str());
data/svxlink-19.09.1/src/svxlink/modules/frn/QsoFrn.cpp:318:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tcp_client->connect(server, atoi(port.c_str()));
data/svxlink-19.09.1/src/svxlink/modules/frn/QsoFrn.cpp:506:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gsm_data[FRN_AUDIO_PACKET_SIZE];
data/svxlink-19.09.1/src/svxlink/modules/frn/QsoFrn.cpp:732:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lines_to_read = atoi(line.c_str());
data/svxlink-19.09.1/src/svxlink/modules/help/ModuleHelp.cpp:279:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int module_id = atoi(cmd.c_str());
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:722:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int icmd = atoi(cmd.c_str());
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:776:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
offset = atoi(cmd.substr(a+1,1).c_str());
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:1517:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ss << atoi(token.substr(2,2).c_str()) << "." << token.substr(4,1);
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:1519:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ss << atoi(token.substr(6,2).c_str()) << "." << token.substr(8,1);
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:1563:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ss << atoi(token.substr(2,2).c_str()) << "." << token.substr(4,1);
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:1588:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ss << atoi(token.substr(2,2).c_str()) << "." << token.substr(4,1) << " "
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:1597:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ss << atoi(token.substr(1,2).c_str()) << "." << token.substr(3,2);
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:1612:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ss << atoi(token.substr(0,2).c_str()) << " "
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:1624:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(atoi(token.substr(3,1).c_str()) > 6) ? ss << "9" : ss << "10";
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:1683:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int trwy = atoi(token.substr(1,2).c_str()); //RXXxxxxxx
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:1715:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(token.substr(3,1).c_str()) > 91 || token.substr(3,2) == "//")
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:1723:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(token.substr(3,2).c_str()) == 0)
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:1729:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ss << " " << atoi(token.substr(3,2).c_str()) << " unit_mms ";
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:1734:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(token.substr(5,2).c_str()) > 90 || token.substr(5,2) == "//")
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:1741:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ss << " friction_coefficient 0." << atoi(token.substr(5,2).c_str());
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:1904:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mtime.tm_min = atoi(utctoken.substr(14,2).c_str());
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:1905:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mtime.tm_hour = atoi(utctoken.substr(11,2).c_str());
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:1906:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mtime.tm_mday = atoi(utctoken.substr(8,2).c_str());
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:1907:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mtime.tm_mon = atoi(utctoken.substr(5,2).c_str()) - 1;
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:1908:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mtime.tm_year = atoi(utctoken.substr(0,4).c_str()) - 1900;
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:1955:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(token.substr(0,token.find("sm")).c_str()) != 1) ss << "s";
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:1961:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (token.length() >= 4 && atoi(token.substr(0,4).c_str()) > 4999)
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:1963:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ss << atoi(token.substr(0,4).c_str())/1000 << " unit_kms";
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:1966:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (token.length() >= 4 && atoi(token.substr(0,4).c_str()) < 5000
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:1967:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
&& atoi(token.substr(0,4).c_str()) > 1 )
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:1969:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ss << atoi(token.substr(0,4).c_str()) << " unit_meters";
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:2053:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ss << "qnh " << atoi(token.substr(1,4).c_str());
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:2105:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ss << atoi(token.substr(0,2).c_str());
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:2123:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ss << atoi(token.substr(token.length()-2,2).c_str());
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:2200:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ss << atoi(tlist[1].substr(0,4).c_str()) << unit << "to ";
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:2213:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ss << atoi(tlist[1].substr(0,4).c_str()) << unit;
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:2239:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ss << atoi(token.substr(2,3).c_str()) * 100;
data/svxlink-19.09.1/src/svxlink/modules/metarinfo/ModuleMetarInfo.cpp:2255:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ss << atoi(token.substr(0,3).c_str()) * 100;
data/svxlink-19.09.1/src/svxlink/modules/parrot/ModuleParrot.cpp:206:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fifo = new AudioFifo(atoi(fifo_len.c_str())*INTERNAL_SAMPLE_RATE);
data/svxlink-19.09.1/src/svxlink/reflector/ReflectorClient.cpp:345:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_auth_challenge, challenge_msg.challenge(),
data/svxlink-19.09.1/src/svxlink/reflector/ReflectorClient.h:285:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_auth_challenge[MsgAuthChallenge::CHALLENGE_LEN];
data/svxlink-19.09.1/src/svxlink/reflector/ReflectorMsg.h:360:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[DIGEST_LEN];
data/svxlink-19.09.1/src/svxlink/reflector/ReflectorMsg.h:383:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, digest_ptr, DIGEST_LEN);
data/svxlink-19.09.1/src/svxlink/reflector/svxreflector.cpp:234:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int devnull = open("/dev/null", O_RDONLY);
data/svxlink-19.09.1/src/svxlink/reflector/svxreflector.cpp:271:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *pidfile = fopen(pidfile_name, "w");
data/svxlink-19.09.1/src/svxlink/reflector/svxreflector.cpp:274:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[256];
data/svxlink-19.09.1/src/svxlink/reflector/svxreflector.cpp:329:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cfg.open(cfg_filename))
data/svxlink-19.09.1/src/svxlink/reflector/svxreflector.cpp:340:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cfg.open(cfg_filename))
data/svxlink-19.09.1/src/svxlink/reflector/svxreflector.cpp:343:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cfg.open(cfg_filename))
data/svxlink-19.09.1/src/svxlink/reflector/svxreflector.cpp:396:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cfg.open(cfg_filename))
data/svxlink-19.09.1/src/svxlink/reflector/svxreflector.cpp:551:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/svxlink-19.09.1/src/svxlink/reflector/svxreflector.cpp:588:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/svxlink-19.09.1/src/svxlink/reflector/svxreflector.cpp:655:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfd = open(logfile_name, O_WRONLY | O_APPEND | O_CREAT, 00644);
data/svxlink-19.09.1/src/svxlink/reflector/svxreflector.cpp:701:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstr[256];
data/svxlink-19.09.1/src/svxlink/remotetrx/NetUplink.cpp:309:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(auth_challenge, auth_msg->challenge(),
data/svxlink-19.09.1/src/svxlink/remotetrx/NetUplink.cpp:417:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(recv_buf+recv_cnt, buf, read_cnt);
data/svxlink-19.09.1/src/svxlink/remotetrx/NetUplink.h:170:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recv_buf[4096];
data/svxlink-19.09.1/src/svxlink/remotetrx/NetUplink.h:187:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char auth_challenge[NetTrxMsg::MsgAuthChallenge::CHALLENGE_LEN];
data/svxlink-19.09.1/src/svxlink/remotetrx/RfUplink.cpp:177:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mute_rx_on_tx = atoi(value.c_str()) != 0;
data/svxlink-19.09.1/src/svxlink/remotetrx/RfUplink.cpp:183:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
loop_rx_to_tx = atoi(value.c_str()) != 0;
data/svxlink-19.09.1/src/svxlink/remotetrx/RfUplink.cpp:330:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digit_str[2] = {digit, 0};
data/svxlink-19.09.1/src/svxlink/remotetrx/remotetrx.cpp:291:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int devnull = open("/dev/null", O_RDONLY);
data/svxlink-19.09.1/src/svxlink/remotetrx/remotetrx.cpp:328:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *pidfile = fopen(pidfile_name, "w");
data/svxlink-19.09.1/src/svxlink/remotetrx/remotetrx.cpp:331:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[256];
data/svxlink-19.09.1/src/svxlink/remotetrx/remotetrx.cpp:386:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cfg.open(cfg_filename))
data/svxlink-19.09.1/src/svxlink/remotetrx/remotetrx.cpp:397:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cfg.open(cfg_filename))
data/svxlink-19.09.1/src/svxlink/remotetrx/remotetrx.cpp:400:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cfg.open(cfg_filename))
data/svxlink-19.09.1/src/svxlink/remotetrx/remotetrx.cpp:403:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cfg.open(cfg_filename))
data/svxlink-19.09.1/src/svxlink/remotetrx/remotetrx.cpp:458:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cfg.open(cfg_filename))
data/svxlink-19.09.1/src/svxlink/remotetrx/remotetrx.cpp:489:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int rate = atoi(value.c_str());
data/svxlink-19.09.1/src/svxlink/remotetrx/remotetrx.cpp:684:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/svxlink-19.09.1/src/svxlink/remotetrx/remotetrx.cpp:728:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/svxlink-19.09.1/src/svxlink/remotetrx/remotetrx.cpp:795:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfd = open(logfile_name, O_WRONLY | O_APPEND | O_CREAT, 00644);
data/svxlink-19.09.1/src/svxlink/remotetrx/remotetrx.cpp:841:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstr[256];
data/svxlink-19.09.1/src/svxlink/siglevdetcal/siglevdetcal.cpp:236:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cfg.open(cfg_file))
data/svxlink-19.09.1/src/svxlink/siglevdetcal/siglevdetcal.cpp:245:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int rate = atoi(value.c_str());
data/svxlink-19.09.1/src/svxlink/svxlink/EventHandler.cpp:306:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
self->playSilence(atoi(argv[1]));
data/svxlink-19.09.1/src/svxlink/svxlink/EventHandler.cpp:324:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
self->playTone(atoi(argv[1]), atoi(argv[2]), atoi(argv[3]));
data/svxlink-19.09.1/src/svxlink/svxlink/EventHandler.cpp:324:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
self->playTone(atoi(argv[1]), atoi(argv[2]), atoi(argv[3]));
data/svxlink-19.09.1/src/svxlink/svxlink/EventHandler.cpp:324:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
self->playTone(atoi(argv[1]), atoi(argv[2]), atoi(argv[3]));
data/svxlink-19.09.1/src/svxlink/svxlink/EventHandler.cpp:347:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_time = atoi(argv[2]);
data/svxlink-19.09.1/src/svxlink/svxlink/EventHandler.cpp:415:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
self->playDtmf(argv[1], atoi(argv[2]), atoi(argv[3]));
data/svxlink-19.09.1/src/svxlink/svxlink/EventHandler.cpp:415:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
self->playDtmf(argv[1], atoi(argv[2]), atoi(argv[3]));
data/svxlink-19.09.1/src/svxlink/svxlink/EventHandler.cpp:434:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
duration = atoi(argv[2]);
data/svxlink-19.09.1/src/svxlink/svxlink/LinkManager.cpp:324:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(logic_props.cmd.c_str()) > 0)
data/svxlink-19.09.1/src/svxlink/svxlink/Logic.cpp:268:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!state_pty->open())
data/svxlink-19.09.1/src/svxlink/svxlink/Logic.cpp:283:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dtmf_ctrl_pty->open())
data/svxlink-19.09.1/src/svxlink/svxlink/Logic.cpp:310:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long_cmd_digits = atoi(digits.c_str());
data/svxlink-19.09.1/src/svxlink/svxlink/Logic.cpp:322:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
macros[atoi(mlit->c_str())] = value;
data/svxlink-19.09.1/src/svxlink/svxlink/Logic.cpp:595:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/svxlink-19.09.1/src/svxlink/svxlink/Logic.cpp:596:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%.1f", report_ctcss);
data/svxlink-19.09.1/src/svxlink/svxlink/Logic.cpp:1304:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(event_handler->eventResult().c_str()) != 0)
data/svxlink-19.09.1/src/svxlink/svxlink/Logic.cpp:1383:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
map<int, string>::iterator it = macros.find(atoi(cmd.c_str()));
data/svxlink-19.09.1/src/svxlink/svxlink/Logic.cpp:1533:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(event_handler->eventResult().c_str()) != 0)
data/svxlink-19.09.1/src/svxlink/svxlink/LogicCmds.h:142:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int module_id = atoi(cmdStr().c_str());
data/svxlink-19.09.1/src/svxlink/svxlink/Module.cpp:80:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_tmo_timer = new Timer(1000 * atoi(timeout_str.c_str()));
data/svxlink-19.09.1/src/svxlink/svxlink/MsgHandler.cpp:226:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chunk_id[4];
data/svxlink-19.09.1/src/svxlink/svxlink/MsgHandler.cpp:228:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[4];
data/svxlink-19.09.1/src/svxlink/svxlink/MsgHandler.cpp:229:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subchunk1id[4];
data/svxlink-19.09.1/src/svxlink/svxlink/MsgHandler.cpp:237:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subchunk2id[4];
data/svxlink-19.09.1/src/svxlink/svxlink/MsgHandler.cpp:573:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = ::open(filename.c_str(), O_RDONLY);
data/svxlink-19.09.1/src/svxlink/svxlink/MsgHandler.cpp:645:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = ::open(filename.c_str(), O_RDONLY);
data/svxlink-19.09.1/src/svxlink/svxlink/MsgHandler.cpp:742:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(filename.c_str(), ios::in | ios::binary);
data/svxlink-19.09.1/src/svxlink/svxlink/MsgHandler.cpp:750:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chunk_header[12];
data/svxlink-19.09.1/src/svxlink/svxlink/MsgHandler.cpp:760:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chunk_id, ptr, 4);
data/svxlink-19.09.1/src/svxlink/svxlink/MsgHandler.cpp:771:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(format, ptr, 4);
data/svxlink-19.09.1/src/svxlink/svxlink/MsgHandler.cpp:785:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subchunk_header[8];
data/svxlink-19.09.1/src/svxlink/svxlink/MsgHandler.cpp:797:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subchunk_id[5];
data/svxlink-19.09.1/src/svxlink/svxlink/MsgHandler.cpp:798:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(subchunk_id, ptr, 4);
data/svxlink-19.09.1/src/svxlink/svxlink/MsgHandler.cpp:809:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(subchunk2id, subchunk_id, 4);
data/svxlink-19.09.1/src/svxlink/svxlink/MsgHandler.cpp:834:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(subchunk1id, subchunk_id, 4);
data/svxlink-19.09.1/src/svxlink/svxlink/MsgHandler.cpp:838:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subchunk_data[subchunk_size];
data/svxlink-19.09.1/src/svxlink/svxlink/QsoRecorder.cpp:320:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestamp[256];
data/svxlink-19.09.1/src/svxlink/svxlink/RepeaterLogic.cpp:175:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
required_1750_duration = atoi(str.c_str());
data/svxlink-19.09.1/src/svxlink/svxlink/RepeaterLogic.cpp:190:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
open_on_ctcss_duration = atoi(dur_str.c_str());
data/svxlink-19.09.1/src/svxlink/svxlink/RepeaterLogic.cpp:201:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
open_on_sql_after_rpt_close = atoi(str.c_str());
data/svxlink-19.09.1/src/svxlink/svxlink/RepeaterLogic.cpp:260:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
no_repeat = atoi(str.c_str()) != 0;
data/svxlink-19.09.1/src/svxlink/svxlink/RepeaterLogic.cpp:265:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sql_flap_sup_min_time = atoi(str.c_str());
data/svxlink-19.09.1/src/svxlink/svxlink/RepeaterLogic.cpp:270:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sql_flap_sup_max_cnt = atoi(str.c_str());
data/svxlink-19.09.1/src/svxlink/svxlink/RepeaterLogic.cpp:281:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ident_nag_min_time = atoi(str.c_str());
data/svxlink-19.09.1/src/svxlink/svxlink/svxlink.cpp:251:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int devnull = open("/dev/null", O_RDONLY);
data/svxlink-19.09.1/src/svxlink/svxlink/svxlink.cpp:288:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *pidfile = fopen(pidfile_name, "w");
data/svxlink-19.09.1/src/svxlink/svxlink/svxlink.cpp:291:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[256];
data/svxlink-19.09.1/src/svxlink/svxlink/svxlink.cpp:346:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cfg.open(cfg_filename))
data/svxlink-19.09.1/src/svxlink/svxlink/svxlink.cpp:357:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cfg.open(cfg_filename))
data/svxlink-19.09.1/src/svxlink/svxlink/svxlink.cpp:360:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cfg.open(cfg_filename))
data/svxlink-19.09.1/src/svxlink/svxlink/svxlink.cpp:363:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cfg.open(cfg_filename))
data/svxlink-19.09.1/src/svxlink/svxlink/svxlink.cpp:419:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cfg.open(cfg_filename))
data/svxlink-19.09.1/src/svxlink/svxlink/svxlink.cpp:450:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int rate = atoi(value.c_str());
data/svxlink-19.09.1/src/svxlink/svxlink/svxlink.cpp:649:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/svxlink-19.09.1/src/svxlink/svxlink/svxlink.cpp:700:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/svxlink-19.09.1/src/svxlink/svxlink/svxlink.cpp:843:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfd = open(logfile_name, O_WRONLY | O_APPEND | O_CREAT, 00644);
data/svxlink-19.09.1/src/svxlink/svxlink/svxlink.cpp:887:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstr[256];
data/svxlink-19.09.1/src/svxlink/trx/Dh1dmSwDtmfDecoder.cpp:176:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int cfg_fwd_twist = atoi(value.c_str());
data/svxlink-19.09.1/src/svxlink/trx/Dh1dmSwDtmfDecoder.cpp:183:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int cfg_rev_twist = atoi(value.c_str());
data/svxlink-19.09.1/src/svxlink/trx/DtmfDecoderTest.cpp:26:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofs.open(path.c_str(), ios::out | ios::binary);
data/svxlink-19.09.1/src/svxlink/trx/DtmfDecoderTest.cpp:91:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const string &path)
data/svxlink-19.09.1/src/svxlink/trx/DtmfDecoderTest.cpp:93:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifs.open(path.c_str(), ios::in | ios::binary);
data/svxlink-19.09.1/src/svxlink/trx/DtmfDecoderTest.cpp:255:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!rdr.open("/tmp/output.raw"))
data/svxlink-19.09.1/src/svxlink/trx/LocalRx.cpp:218:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!audio_io->open(AudioIO::MODE_RD))
data/svxlink-19.09.1/src/svxlink/trx/LocalTx.cpp:164:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (audio_io.open(AudioIO::MODE_WR))
data/svxlink-19.09.1/src/svxlink/trx/LocalTx.cpp:303:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int audio_channel = atoi(value.c_str());
data/svxlink-19.09.1/src/svxlink/trx/LocalTx.cpp:322:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tx_timeout = 1000 * atoi(value.c_str());
data/svxlink-19.09.1/src/svxlink/trx/LocalTx.cpp:328:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tx_delay = atoi(value.c_str());
data/svxlink-19.09.1/src/svxlink/trx/LocalTx.cpp:341:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dtmf_tone_length = atoi(value.c_str());
data/svxlink-19.09.1/src/svxlink/trx/LocalTx.cpp:347:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dtmf_tone_spacing = atoi(value.c_str());
data/svxlink-19.09.1/src/svxlink/trx/LocalTx.cpp:376:41: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (audio_dev_keep_open && !audio_io->open(AudioIO::MODE_WR))
data/svxlink-19.09.1/src/svxlink/trx/LocalTx.cpp:393:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int level = atoi(value.c_str());
data/svxlink-19.09.1/src/svxlink/trx/LocalTx.cpp:450:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (cfg.getValue(name(), "PREEMPHASIS", value) && (atoi(value.c_str()) != 0))
data/svxlink-19.09.1/src/svxlink/trx/LocalTx.cpp:880:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!audio_io->open(AudioIO::MODE_WR))
data/svxlink-19.09.1/src/svxlink/trx/NetRx.cpp:218:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tcp_con = NetTrxTcpClient::instance(host, atoi(tcp_port.c_str()));
data/svxlink-19.09.1/src/svxlink/trx/NetTrxMsg.h:213:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_challenge[CHALLENGE_LEN];
data/svxlink-19.09.1/src/svxlink/trx/NetTrxMsg.h:237:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[DIGEST_LEN];
data/svxlink-19.09.1/src/svxlink/trx/NetTrxMsg.h:243:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_digest[DIGEST_LEN];
data/svxlink-19.09.1/src/svxlink/trx/NetTrxMsg.h:256:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, digest_ptr, DIGEST_LEN);
data/svxlink-19.09.1/src/svxlink/trx/NetTrxMsg.h:328:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, name.c_str(), name.size());
data/svxlink-19.09.1/src/svxlink/trx/NetTrxMsg.h:331:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, value.c_str(), value.size());
data/svxlink-19.09.1/src/svxlink/trx/NetTrxMsg.h:380:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_codec_name[32];
data/svxlink-19.09.1/src/svxlink/trx/NetTrxMsg.h:382:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_options[256];
data/svxlink-19.09.1/src/svxlink/trx/NetTrxMsg.h:416:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_buf, buf, size);
data/svxlink-19.09.1/src/svxlink/trx/NetTrxMsg.h:573:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_digits[MAX_DIGITS + 1];
data/svxlink-19.09.1/src/svxlink/trx/NetTrxMsg.h:642:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_digits[MAX_DIGITS+1];
data/svxlink-19.09.1/src/svxlink/trx/NetTrxTcpClient.cpp:287:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(recv_buf+recv_cnt, buf, read_cnt);
data/svxlink-19.09.1/src/svxlink/trx/NetTrxTcpClient.h:206:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recv_buf[RECV_BUF_SIZE];
data/svxlink-19.09.1/src/svxlink/trx/NetTx.cpp:198:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tcp_con = NetTrxTcpClient::instance(host, atoi(tcp_port.c_str()));
data/svxlink-19.09.1/src/svxlink/trx/PttHidraw.cpp:156:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(hidraw_dev.c_str(), O_WRONLY, 0)) < 0)
data/svxlink-19.09.1/src/svxlink/trx/PttHidraw.cpp:218:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[5] = {'\000', '\000',
data/svxlink-19.09.1/src/svxlink/trx/PttSerialPin.cpp:136:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!serial->open())
data/svxlink-19.09.1/src/svxlink/trx/RefCountingPty.h:129:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!pty->open())
data/svxlink-19.09.1/src/svxlink/trx/RtlTcp.cpp:213:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[5];
data/svxlink-19.09.1/src/svxlink/trx/RtlUsb.cpp:184:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + buf_cnt, samples, cpy_cnt);
data/svxlink-19.09.1/src/svxlink/trx/RtlUsb.cpp:241:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_buf[64];
data/svxlink-19.09.1/src/svxlink/trx/RtlUsb.cpp:540:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[buf_len];
data/svxlink-19.09.1/src/svxlink/trx/RtlUsb.cpp:686:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[256], product[256], serial[256];
data/svxlink-19.09.1/src/svxlink/trx/RtlUsb.cpp:761:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[256], product[256], serial[256];
data/svxlink-19.09.1/src/svxlink/trx/S54sDtmfDecoder.cpp:108:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char digit_map[16] =
data/svxlink-19.09.1/src/svxlink/trx/S54sDtmfDecoder.cpp:151:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!serial->open(true))
data/svxlink-19.09.1/src/svxlink/trx/SpanDtmfDecoder.cpp:153:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_fwd_twist = atoi(value.c_str());
data/svxlink-19.09.1/src/svxlink/trx/SpanDtmfDecoder.cpp:159:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_rev_twist = atoi(value.c_str());
data/svxlink-19.09.1/src/svxlink/trx/SquelchEvDev.cpp:190:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(devname.c_str(), O_RDONLY)) == -1)
data/svxlink-19.09.1/src/svxlink/trx/SquelchEvDev.cpp:203:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256] = "Unknown";
data/svxlink-19.09.1/src/svxlink/trx/SquelchGpio.cpp:164:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(ss.str().c_str(), O_RDONLY);
data/svxlink-19.09.1/src/svxlink/trx/SquelchHidraw.cpp:190:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(devicename.c_str(), O_RDWR, 0)) < 0)
data/svxlink-19.09.1/src/svxlink/trx/SquelchHidraw.cpp:260:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/svxlink-19.09.1/src/svxlink/trx/SquelchSerial.h:221:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!serial->open())
data/svxlink-19.09.1/src/svxlink/trx/SquelchSigLev.h:152:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
open_thresh = atoi(value.c_str());
data/svxlink-19.09.1/src/svxlink/trx/SquelchSigLev.h:160:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
close_thresh = atoi(value.c_str());
data/svxlink-19.09.1/src/svxlink/trx/SquelchVox.cpp:145:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buf_size = INTERNAL_SAMPLE_RATE * atoi(value.c_str()) / 1000;
data/svxlink-19.09.1/src/svxlink/trx/SvxSwDtmfDecoder.cpp:107:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char digit_map[4][4] =
data/svxlink-19.09.1/src/svxlink/trx/SwSel5Decoder.cpp:227:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tones, zvei1, sizeof(zvei1));
data/svxlink-19.09.1/src/svxlink/trx/SwSel5Decoder.cpp:232:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tones, zvei2, sizeof(zvei2));
data/svxlink-19.09.1/src/svxlink/trx/SwSel5Decoder.cpp:237:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tones, zvei3, sizeof(zvei3));
data/svxlink-19.09.1/src/svxlink/trx/SwSel5Decoder.cpp:242:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tones, pzvei, sizeof(pzvei));
data/svxlink-19.09.1/src/svxlink/trx/SwSel5Decoder.cpp:247:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tones, dzvei, sizeof(dzvei));
data/svxlink-19.09.1/src/svxlink/trx/SwSel5Decoder.cpp:252:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tones, pdzvei, sizeof(pdzvei));
data/svxlink-19.09.1/src/svxlink/trx/SwSel5Decoder.cpp:257:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tones, eea, sizeof(eea));
data/svxlink-19.09.1/src/svxlink/trx/SwSel5Decoder.cpp:262:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tones, eia, sizeof(eia));
data/svxlink-19.09.1/src/svxlink/trx/SwSel5Decoder.cpp:267:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tones, vdew, sizeof(vdew));
data/svxlink-19.09.1/src/svxlink/trx/SwSel5Decoder.cpp:273:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tones, ccir, sizeof(ccir));
data/svxlink-19.09.1/src/svxlink/trx/SwSel5Decoder.cpp:278:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tones, pccir, sizeof(pccir));
data/svxlink-19.09.1/src/svxlink/trx/SwSel5Decoder.cpp:283:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tones, ccitt, sizeof(ccitt));
data/svxlink-19.09.1/src/svxlink/trx/SwSel5Decoder.cpp:288:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tones, natel, sizeof(natel));
data/svxlink-19.09.1/src/svxlink/trx/SwSel5Decoder.cpp:293:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tones, euro, sizeof(euro));
data/svxlink-19.09.1/src/svxlink/trx/SwSel5Decoder.cpp:298:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tones, modat, sizeof(modat));
data/svxlink-19.09.1/src/svxlink/trx/SwSel5Decoder.cpp:303:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tones, autoa, sizeof(autoa));
data/svxlink-19.09.1/src/svxlink/trx/SwSel5Decoder.cpp:310:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tones, zvei1, sizeof(zvei1));
data/svxlink-19.09.1/src/svxlink/trx/Voter.cpp:415:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!command_pty->open())
data/svxlink-19.09.1/src/async/audio/AsyncAudioDeviceOSS.cpp:428:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cnt = read(fd, buf, bytes_to_read);
data/svxlink-19.09.1/src/async/audio/AsyncAudioFilter.cpp:167:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(spec_buf, filter_spec.c_str(), sizeof(spec_buf));
data/svxlink-19.09.1/src/async/audio/fidlib.c:1390:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int max= strlen(fmt) + 60 + sp.n_arg * 20;
data/svxlink-19.09.1/src/async/audio/fidlib.c:1961:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len= strlen(buf);
data/svxlink-19.09.1/src/async/core/AsyncConfig.cpp:382:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *end = begin + strlen(begin);
data/svxlink-19.09.1/src/async/core/AsyncConfig.cpp:406:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *end = str + strlen(str) - 1;
data/svxlink-19.09.1/src/async/core/AsyncExec.cpp:437:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cnt = read(w->fd(), buf, sizeof(buf)-1);
data/svxlink-19.09.1/src/async/core/AsyncExec.cpp:458:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cnt = read(w->fd(), buf, sizeof(buf)-1);
data/svxlink-19.09.1/src/async/core/AsyncExec.cpp:529:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int err = read(sigchld_pipe[0], buf, 1);
data/svxlink-19.09.1/src/async/core/AsyncFileReader.cpp:175:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int FileReader::read(void *buf, int len)
data/svxlink-19.09.1/src/async/core/AsyncFileReader.cpp:230:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cnt = ::read(fd, buffer + head, to_end_of_buffer);
data/svxlink-19.09.1/src/async/core/AsyncFileReader.h:159:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(void *buf, int len);
data/svxlink-19.09.1/src/async/core/AsyncMsg.h:278:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read(&val, 1);
data/svxlink-19.09.1/src/async/core/AsyncMsg.h:300:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read(o.buf, sizeof(T));
data/svxlink-19.09.1/src/async/core/AsyncMsg.h:334:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read(o.buf, sizeof(T));
data/svxlink-19.09.1/src/async/core/AsyncMsg.h:368:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read(o.buf, sizeof(T));
data/svxlink-19.09.1/src/async/core/AsyncMsg.h:397:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read(reinterpret_cast<char*>(&val), sizeof(T));
data/svxlink-19.09.1/src/async/core/AsyncMsg.h:434:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (is.read(buf, str_len))
data/svxlink-19.09.1/src/async/core/AsyncPty.cpp:293:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int rd = read(master, buf, sizeof(buf));
data/svxlink-19.09.1/src/async/core/AsyncSerialDevice.cpp:305:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cnt = ::read(fd, buf, sizeof(buf)-1);
data/svxlink-19.09.1/src/async/core/AsyncTcpConnection.cpp:355:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cnt = read(sock, recv_buf+recv_buf_cnt, recv_buf_len-recv_buf_cnt);
data/svxlink-19.09.1/src/async/cpp/AsyncCppApplication.cpp:549:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cnt = read(sighandler_pipe[0], ptr,
data/svxlink-19.09.1/src/async/demo/AsyncFdWatch_demo.cpp:30:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cnt = read(watch->fd(), buf, sizeof(buf)-1);
data/svxlink-19.09.1/src/echolib/EchoLinkQsoTest.cpp:240:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ch = getchar();
data/svxlink-19.09.1/src/echolib/EchoLinkQsoTest.cpp:286:22: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char cmd = toupper(getchar());
data/svxlink-19.09.1/src/echolib/EchoLinkStationData.cpp:207:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str, space+1, 5);
data/svxlink-19.09.1/src/echolib/EchoLinkStationData.cpp:214:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end_desc = data + strlen(data);
data/svxlink-19.09.1/src/echolib/EchoLinkStationData.cpp:217:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str, data, end_desc-data);
data/svxlink-19.09.1/src/echolib/echolib_test.cpp:205:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
my_callsign[strlen(my_callsign)-1] = 0;
data/svxlink-19.09.1/src/echolib/echolib_test.cpp:209:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
my_password[strlen(my_password)-1] = 0;
data/svxlink-19.09.1/src/echolib/echolib_test.cpp:213:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
my_name[strlen(my_name)-1] = 0;
data/svxlink-19.09.1/src/echolib/echolib_test.cpp:217:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
my_location[strlen(my_location)-1] = 0;
data/svxlink-19.09.1/src/echolib/echolib_test.cpp:221:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
my_info[strlen(my_info)-1] = 0;
data/svxlink-19.09.1/src/echolib/rtpacket.cpp:10:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define addText(block, text) { int sl = strlen(text); *block++ = sl; \
data/svxlink-19.09.1/src/locationinfo/AprsTcpClient.cpp:293:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int written = con->write(aprsmsg, strlen(aprsmsg));
data/svxlink-19.09.1/src/locationinfo/AprsTcpClient.cpp:298:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((size_t)written != strlen(aprsmsg))
data/svxlink-19.09.1/src/locationinfo/AprsUdpClient.cpp:252:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sl = strlen(text); \
data/svxlink-19.09.1/src/qtel/MsgHandler.cpp:533:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read_cnt = read(file, buf, len * sizeof(*buf));
data/svxlink-19.09.1/src/qtel/MsgHandler.cpp:615:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cnt = read(file, gsm_data, sizeof(gsm_data));
data/svxlink-19.09.1/src/qtel/MsgHandler.cpp:695:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read_cnt = read(file, buf, sizeof(buf));
data/svxlink-19.09.1/src/qtel/MsgHandler.cpp:809:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read_cnt = read(file, buf, len * sizeof(*buf));
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/svxserver.cpp:586:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cnt = ::read(STDIN_FILENO, buf, 1);
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/svxserver.cpp:666:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t reopen_txt_len = strlen(reopen_txt);
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/svxserver.cpp:685:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write_len = strlen(ptr);
data/svxlink-19.09.1/src/svxlink/contrib/svxserver/svxserver.cpp:697:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(w->fd(), buf, sizeof(buf)-1);
data/svxlink-19.09.1/src/svxlink/devcal/devcal.cpp:836:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cnt = ::read(STDIN_FILENO, buf, 1);
data/svxlink-19.09.1/src/svxlink/digital/afsk_test.cpp:252:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t cnt = read(STDIN_FILENO, buf+bufpos, bufspace);
data/svxlink-19.09.1/src/svxlink/reflector/svxreflector.cpp:552:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cnt = ::read(STDIN_FILENO, buf, 1);
data/svxlink-19.09.1/src/svxlink/reflector/svxreflector.cpp:589:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(w->fd(), buf, sizeof(buf)-1);
data/svxlink-19.09.1/src/svxlink/reflector/svxreflector.cpp:751:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write_len = strlen(ptr);
data/svxlink-19.09.1/src/svxlink/remotetrx/remotetrx.cpp:685:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cnt = ::read(STDIN_FILENO, buf, 1);
data/svxlink-19.09.1/src/svxlink/remotetrx/remotetrx.cpp:729:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(w->fd(), buf, sizeof(buf)-1);
data/svxlink-19.09.1/src/svxlink/remotetrx/remotetrx.cpp:891:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write_len = strlen(ptr);
data/svxlink-19.09.1/src/svxlink/siglevdetcal/siglevdetcal.cpp:136:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ch = getchar();
data/svxlink-19.09.1/src/svxlink/siglevdetcal/siglevdetcal.cpp:192:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ch = getchar();
data/svxlink-19.09.1/src/svxlink/svxlink/MsgHandler.cpp:589:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read_cnt = read(file, buf, len * sizeof(*buf));
data/svxlink-19.09.1/src/svxlink/svxlink/MsgHandler.cpp:671:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cnt = read(file, gsm_data, sizeof(gsm_data));
data/svxlink-19.09.1/src/svxlink/svxlink/MsgHandler.cpp:751:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read(chunk_header, sizeof(chunk_header));
data/svxlink-19.09.1/src/svxlink/svxlink/MsgHandler.cpp:786:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read(subchunk_header, sizeof(subchunk_header));
data/svxlink-19.09.1/src/svxlink/svxlink/MsgHandler.cpp:839:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read(subchunk_data, subchunk_size);
data/svxlink-19.09.1/src/svxlink/svxlink/MsgHandler.cpp:951:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read(reinterpret_cast<char*>(buf), to_read);
data/svxlink-19.09.1/src/svxlink/svxlink/svxlink.cpp:650:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cnt = ::read(STDIN_FILENO, buf, 1);
data/svxlink-19.09.1/src/svxlink/svxlink/svxlink.cpp:701:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(w->fd(), buf, sizeof(buf)-1);
data/svxlink-19.09.1/src/svxlink/svxlink/svxlink.cpp:937:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write_len = strlen(ptr);
data/svxlink-19.09.1/src/svxlink/trx/DtmfDecoderTest.cpp:128:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ifs.read(reinterpret_cast<char*>(buf), sizeof(buf));
data/svxlink-19.09.1/src/svxlink/trx/NetTrxMsg.h:295:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(m_codec_name, codec_name, sizeof(m_codec_name)-1);
data/svxlink-19.09.1/src/svxlink/trx/NetTrxMsg.h:566:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(m_digits, digits.c_str(), MAX_DIGITS);
data/svxlink-19.09.1/src/svxlink/trx/NetTrxMsg.h:568:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
setSize(size() - MAX_DIGITS + strlen(m_digits));
data/svxlink-19.09.1/src/svxlink/trx/NetTrxMsg.h:633:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(m_digits, digits.c_str(), MAX_DIGITS);
data/svxlink-19.09.1/src/svxlink/trx/NetTrxMsg.h:635:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
setSize(size() - MAX_DIGITS + strlen(m_digits));
data/svxlink-19.09.1/src/svxlink/trx/RtlUsb.cpp:242:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int r = read(signal_pipe[0], read_buf, sizeof(read_buf));
data/svxlink-19.09.1/src/svxlink/trx/RtlUsb.cpp:800:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(s, serial, strlen(s)) != 0)
data/svxlink-19.09.1/src/svxlink/trx/RtlUsb.cpp:816:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = strlen(serial) - strlen(s);
data/svxlink-19.09.1/src/svxlink/trx/RtlUsb.cpp:816:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = strlen(serial) - strlen(s);
data/svxlink-19.09.1/src/svxlink/trx/RtlUsb.cpp:821:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(s, serial+offset, strlen(s)) != 0)
data/svxlink-19.09.1/src/svxlink/trx/SquelchEvDev.cpp:237:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int rd = read(fd, ev, sizeof(ev));
data/svxlink-19.09.1/src/svxlink/trx/SquelchGpio.cpp:217:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t cnt = read(fd, &value, 1);
data/svxlink-19.09.1/src/svxlink/trx/SquelchHidraw.cpp:261:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int rd = read(fd, buf, sizeof(buf));
ANALYSIS SUMMARY:
Hits = 578
Lines analyzed = 138576 in approximately 3.43 seconds (40410 lines/second)
Physical Source Lines of Code (SLOC) = 63091
Hits@level = [0] 51 [1] 78 [2] 454 [3] 13 [4] 33 [5] 0
Hits@level+ = [0+] 629 [1+] 578 [2+] 500 [3+] 46 [4+] 33 [5+] 0
Hits/KSLOC@level+ = [0+] 9.96973 [1+] 9.16137 [2+] 7.92506 [3+] 0.729106 [4+] 0.523054 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.